Merge branch 'master' into warden-server-2.2

src/warden-server/doc/warden20to21.patch

 ALTER TABLE  `clients` CHANGE  `registered`  `registered` TIMESTAMP NOT NULL DEFAULT  '0000-00-00 00:00:00';
-ALTER TABLE  `events` CHANGE  `detected`  `detected` TIMESTAMP NOT NULL DEFAULT  '0000-00-00 00:00:00';
+
+ALTER TABLE  `events` 
+CHANGE  `detected`  `detected` TIMESTAMP NOT NULL DEFAULT  '0000-00-00 00:00:00',
+CHANGE  `target_port`  `target_port` INT( 2 ) UNSIGNED DEFAULT NULL ,
+CHANGE  `attack_scale`  `attack_scale` INT( 4 ) UNSIGNED DEFAULT NULL ,
+CHANGE  `priority`  `priority` INT( 1 ) UNSIGNED DEFAULT NULL ,
+CHANGE  `timeout`  `timeout` INT( 2 ) UNSIGNED DEFAULT NULL;

src/warden-server/etc/warden-apache.conf

@@ -11,11 +11,11 @@ SSLOptions +StdEnvVars +ExportCertData
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 
 SSLCertificateFile    /etc/ssl/certs/warden-dev.cesnet.cz.pem
-SSLCertificateKeyFile /opt/warden-client/etc/warden-dev.cesnet.cz.key
+SSLCertificateKeyFile /etc/ssl/private/warden-dev.cesnet.cz.key
 SSLCACertificateFile  /etc/ssl/certs/tcs-ca-bundle.pem
 
 PerlOptions +Parent
-PerlSwitches -I/opt/warden-server/lib
+PerlSwitches -I /opt/warden-server/lib
 
 <Location /Warden>
 	SetHandler perl-script

src/warden-server/sh/install.sh

@@ -168,8 +168,7 @@ make_client_conf()
 #-------------------------------------------------------------------------------
 # SSL_CA_FILE - path to CA certificate file
 #-------------------------------------------------------------------------------
-\$SSL_CA_FILE = \"${ca_file}\";
-" > $client_conf 2> $err; ret_val=`echo $?`
+\$SSL_CA_FILE = \"${ca_file}\";" > $client_conf 2> $err; ret_val=`echo $?`
 
 	if [ $ret_val -eq 0 ]; then
 		echo "OK"
@@ -189,7 +188,7 @@ make_server_conf()
 #-------------------------------------------------------------------------------
 # BASEDIR - base directory of Warden server
 #-------------------------------------------------------------------------------
-\$BASEDIR = \'${server_path}\';
+\$BASEDIR = \"${server_path}\";
 
 #-------------------------------------------------------------------------------
 # SYSLOG - enable/disable syslog logging
@@ -204,42 +203,77 @@ make_server_conf()
 #-------------------------------------------------------------------------------
 # SYSLOG_FACILITY - syslog facility
 #-------------------------------------------------------------------------------
-\$YSLOG_FACILITY = \'local7\';
+\$SYSLOG_FACILITY = \"local7\";
 
 #-------------------------------------------------------------------------------
 # DB_NAME - MySQL database name of Warden server
 #-------------------------------------------------------------------------------
-\$DB_NAME = \'warden\';
+\$DB_NAME = \"warden\";
 
 #-------------------------------------------------------------------------------
 # DB_USER - MySQL database user of Warden server
 #-------------------------------------------------------------------------------
-\$DB_USER = \'username\';
+\$DB_USER = \"warden\";
 
 #-------------------------------------------------------------------------------
 # DB_PASS - MySQL database password of Warden server
 #-------------------------------------------------------------------------------
-\$DB_PASS = \'\';
+\$DB_PASS = \"\";
 
 #-------------------------------------------------------------------------------
 # DB_HOST - MySQL database host
 #-------------------------------------------------------------------------------
-\$DB_HOST = \'localhost\';
+\$DB_HOST = \"localhost\";
 
 #-------------------------------------------------------------------------------
 # MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
 #                    delivered to one client in one batch
 #-------------------------------------------------------------------------------
-\$MAX_EVENTS_LIMIT = \'1000000\';
+\$MAX_EVENTS_LIMIT = 1000000;
 
 #-------------------------------------------------------------------------------
 # VALID_STRINGS - validation hash containing allowed event attributes
 #-------------------------------------------------------------------------------
-\%VALID_STRINGS = ( 
-  \'type\' => [\'portscan\', \'bruteforce\', \'probe\', \'spam\', \'phishing\', \'botnet_c_c\', \'dos\', \'malware\', \'copyright\', \'webattack\', \'test\', \'other\', \'_any_\'],
-  \'source_type' => ['IP', 'URL', 'Reply-To:']
-);
-" > $server_conf 2> $err; ret_val=`echo $?`
+%VALID_STRINGS = (
+  \"type\" => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
+  \"source_type\" => [\"IP\", \"URL\", \"Reply-To:\"]
+);" > $server_conf 2> $err; ret_val=`echo $?`
+
+	if [ $ret_val -eq 0 ]; then
+		echo "OK"
+	else
+		err_clean
+	fi
+}
+
+make_apache_conf()
+{
+	echo -n "Creating Apache configuration file ... "
+	echo "#
+#
+# warden-apache.conf - configuration file for the Apache server
+#
+
+SSLEngine on
+
+SSLVerifyDepth 3
+SSLVerifyClient require
+SSLOptions +StdEnvVars +ExportCertData
+
+SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+SSLCertificateFile    $cert
+SSLCertificateKeyFile $key
+SSLCACertificateFile  $ca_file
+
+PerlOptions +Parent
+PerlSwitches -I $lib
+
+<Location /Warden>
+        SetHandler perl-script
+        PerlHandler Warden::ApacheDispatch
+        SSLOptions +StdEnvVars
+</Location>" > $apache_conf 2> $err; ret_val=`echo $?`
 
 	if [ $ret_val -eq 0 ]; then
 		echo "OK"
@@ -258,25 +292,12 @@ changeServerPath()
 		perl -pi -e "s#/opt#${prefix}#" ${bin}/$file
 	done
 
-	echo "- update server path: $apache_conf"
-	perl -pi -e "s#/opt#${prefix}#" $apache_conf
-
 	echo "- update server path: ${lib}/Warden.pm"
 	perl -pi -e "s#/opt#${prefix}#" ${lib}/Warden.pm
 	
 }
 
 
-updateCertsPath()
-{
-
-	echo "- update certs path: $apache_conf"
-	perl -pi -e "s#server-cert.pem#${cert}#" $apache_conf
-	perl -pi -e "s#server-key.pem#${key}#" $apache_conf
-	perl -pi -e "s#ca-cert.pem#${ca_file}#" $apache_conf
-}
-
-
 create_symlinks()
 {
 	echo "Creating symbolic links ..."
@@ -316,7 +337,7 @@ params_chck
 
 # create variables
 dirname=`dirname $0`
-hostname=`hostname`
+hostname=`hostname -f`
 key_file=`basename $key`
 cert_file=`basename $cert`
 package_version=`cat ${dirname}/warden-server/etc/package_version`
@@ -331,6 +352,7 @@ server_conf="${etc}/warden-server.conf"
 apache_conf="${etc}/warden-apache.conf"
 var="${server_path}/var"
 lib="${server_path}/lib"
+doc="${server_path}/doc"
 err="/tmp/warden-err"
 
 # check if warden-server is installed
@@ -357,26 +379,27 @@ make_client_conf
 # create server configuration file
 make_server_conf
 
+# create Apache configuration file
+make_apache_conf
+
 #update paths in utilities
 changeServerPath
 
-#update paths in apachefile
-updateCertsPath
-
 # crate symlinks from warden server bin directory to /usr/local/bin
 create_symlinks
 
 echo
-echo "Please check client configuration file in ${client_conf}!"
-echo "Please check server configuration file in ${server_conf}!"
-echo "Please check Apache configuration file in ${apache_conf}!"
+echo "Please check configuration files:"
+echo " - ${client_conf}"
+echo " - ${server_conf}"
+echo " - ${apache_conf}"
 echo
 echo "Warden server directory: $server_path"
 echo
+echo "Please follow post-installation steps in ${doc}/INSTALL!"
+echo
 echo "Installation of $package_version package was SUCCESSFUL!!!"
 echo
-echo "Please follow post-installation steps in ${dirname}/doc/INSTALL!"
-
 # cleanup section
 rm -rf $err
 

src/warden-server/sh/uninstall.sh

@@ -54,7 +54,6 @@ err_clean()
 	do  
 		ln -s ${bin}/$file ${local_bin}/$file	# create symlinks to /usr/local/bin
 	done
-	$init start					# start server
 	cat $err
 	rm -rf $err $backup_dir
 	echo
@@ -104,13 +103,6 @@ warden_dir_chck()
 }
 
 
-stop_warden_server()
-{
-	echo "Stopping Warden server ... "
-	${init} stop 1>/dev/null 2>&1
-}
-
-
 backup()
 {
 	echo -n "Backing-up Warden server directory ... "
@@ -175,11 +167,10 @@ bin="${server_path}/bin"
 local_bin="/usr/local/bin"
 etc="${server_path}/etc"
 doc="${server_path}/doc"
-uninstall_file="/tmp/UNINSTALL"
+uninstall_file="/tmp/UNINSTALL.warden"
 old_package_version_file="${etc}/package_version"
 err="/tmp/warden-err"
 backup_dir="/tmp/warden-backup"
-init="/etc/init.d/apache2"
 
 # obtain version of installed warden-server package
 obtain_package_version
@@ -190,9 +181,6 @@ echo "------------------------- Uninstallation process -------------------------
 # check if $prefix/warden-server directory exist
 warden_dir_chck
 
-# stop running warden server
-stop_warden_server
-
 # make backup of currently installed warden-server package
 backup
 
@@ -202,11 +190,11 @@ delete_symlinks
 # do uninstallation
 uninstall_warden_server
 
+echo
+echo "Please follow post-uninstallation steps in $uninstall_file!"
 echo
 echo "Uninstallation of $package_version package was SUCCESSFUL!"
 echo
-echo "Please follow post-uninstallation steps in $uninstall_file!"
-
 # cleanup section
 rm -rf $err $backup_dir
 

src/warden-server/sh/update.sh

@@ -173,7 +173,7 @@ update_warden_dir()
 
 update_conf_files()
 {
-        echo "Updating $apache_conf_file ... "
+        echo -n "Updating $apache_conf_file ... "
 
         ssl_certificate_file=`cat $apache_conf_file | grep 'SSLCertificateFile'`
         ssl_certificate_key_file=`cat $apache_conf_file | grep 'SSLCertificateKeyFile'`
@@ -203,8 +203,7 @@ $perl_switches
         SetHandler perl-script
         PerlHandler Warden::ApacheDispatch
         SSLOptions +StdEnvVars
-</Location>
-" > $apache_conf_file 2> $err; ret_val=`echo $?`
+</Location>" > $apache_conf_file 2> $err; ret_val=`echo $?`
 
 	if [ $ret_val -eq 0 ]; then
 		echo "OK"
@@ -214,7 +213,7 @@ $perl_switches
 
 #-------------------------------------------------------------------------------
 
-        echo "Updating $client_conf_file ... "
+        echo -n "Updating $client_conf_file ... "
 
         uri=`cat $client_conf_file | grep '$URI'`
         ssl_key_file=`cat $client_conf_file | grep '$SSL_KEY_FILE'`
@@ -243,8 +242,7 @@ $ssl_cert_file
 #-------------------------------------------------------------------------------
 # SSL_CA_FILE - path to CA certificate file
 #-------------------------------------------------------------------------------
-$ssl_ca_file
-" > $client_conf_file 2> $err; ret_val=`echo $?`
+$ssl_ca_file" > $client_conf_file 2> $err; ret_val=`echo $?`
 
         if [ $ret_val -eq 0 ]; then
                 echo "OK"
@@ -254,7 +252,7 @@ $ssl_ca_file
 
 #-------------------------------------------------------------------------------
 
-        echo "Updating $server_conf_file ... "
+        echo -n "Updating $server_conf_file ... "
 
         basedir=`cat $server_conf_file | grep '$BASEDIR'`
         syslog=`cat $server_conf_file | grep '$SYSLOG' | head -n1`
@@ -269,7 +267,7 @@ $ssl_ca_file
         if [ -z "$syslog_facility" ]; then
                 syslog_facility=`cat $server_conf_file | grep '$FACILITY'`
         else
-                syslog_facility='$SYSLOG_FACILITY = local7;'
+                syslog_facility='$SYSLOG_FACILITY = "local7";'
         fi
         db_name=`cat $server_conf_file | grep '$DB_NAME'`
         db_user=`cat $server_conf_file | grep '$DB_USER'`
@@ -281,9 +279,9 @@ $ssl_ca_file
         fi
         valid_strings=`cat $server_conf_file | grep -A 3 '%VALID_STRINGS'`
         if [ -z "$valid_strings" ]; then
-                valid_strings="\%VALID_STRINGS = (
-  \'type\'        => [\'portscan\', \'bruteforce\', \'probe\', \'spam\', \'phishing\', \'botnet_c_c\', \'dos\', \'malware\', \'copyright\', \'webattack\', \'test\', \'other\'],
-  \'source_type\' => [\'IP\', \'URL\', \'Reply-To:\']
+                valid_strings="%VALID_STRINGS = (
+  \"type\"        => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\"],
+  \"source_type\" => [\"IP\", \"URL\", \"Reply-To:\"]
 );"
         fi
 
@@ -340,8 +338,7 @@ $max_events_limit
 #-------------------------------------------------------------------------------
 # VALID_STRINGS - validation hash containing allowed event attributes
 #-------------------------------------------------------------------------------
-$valid_strings
-" > $server_conf_file 2> $err; ret_val=`echo $?`
+$valid_strings" > $server_conf_file 2> $err; ret_val=`echo $?`
 
         if [ $ret_val -eq 0 ]; then
                 echo "OK"
@@ -381,6 +378,7 @@ package_version=`cat ${dirname}/warden-server/etc/package_version`
 [[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
 server_path="${prefix}/warden-server"
 etc="${server_path}/etc"
+doc="${server_path}/doc"
 old_package_version_file="${etc}/package_version"
 apache_conf_file="${etc}/warden-apache.conf"
 client_conf_file="${etc}/warden-client.conf"
@@ -419,13 +417,16 @@ update_warden_dir
 update_conf_files
 
 echo
-echo "Please check configuration file in ${conf_file}!"
+echo "Please check updated configuration files:"
+echo " - $apache_conf_file"
+echo " - $server_conf_file"
+echo " - $client_conf_file"
 echo
 echo "Warden server directory: $server_path"
 echo
 echo "Update from $old_package_version to $package_version package was SUCCESSFUL!!!"
 echo
-echo "Please follow post-update steps in ${dirname}/doc/UPDATE!"
+echo "Please follow post-update steps in ${doc}/UPDATE!"
 echo
 
 # cleanup section