WardenWatchdog uvodni komit

Uvodni komit skriptu hlidajiciho dabazi serveru Warden. Je pripraven jeden ukazkovy SELECT. Informace zatim tiskne. Neposila emaily.

src/warden-server/bin/wardenWatchdog.pl

+#!/usr/bin/perl
+#
+# WardenWatchdog.pl
+#
+# Copyright (C) 2011-2012 Cesnet z.s.p.o
+#
+# Use of this source is governed by a BSD-style license, see LICENSE file.
+
+
+use WardenConf;
+use strict;
+use warnings;
+use DBI;
+use DBD::mysql;
+use DateTime;
+#use Email::Simple;
+use Sys::Hostname;
+use Text::Wrap;
+use Data::Dumper;
+
+sub sendmailWrapper{
+  my $message = shift;
+
+  if(open(my $sendmail, '|/usr/sbin/sendmail -oi -t')){
+    print $sendmail $message;
+    close $sendmail;
+    return 1;
+  } else {
+    return (0, "Sending email failed: $!");
+  }
+}
+
+# Array of hashes
+#{query => ; text => ; contact => }
+
+# Get clients admins
+sub sendReport{
+
+  my $input_data  = shift;
+  my $contact    = $$input_data{'contact'};
+  my $domain     = $$input_data{'domain'};
+  my $text       = $$input_data{'text'};
+
+  my $from_hostname;
+  my $message;
+
+  if(!($contact)){
+    return (0, "Empty 'To' email header!\n");
+  }
+
+  $domain =~ s/\./\./;
+
+  eval{
+    $from_hostname = hostname();
+    if(!($from_hostname =~ m/$domain/gi)){
+      $from_hostname .= $domain;
+    }
+  };
+  if($@){
+    return (0, "Can't retrive hostname for 'From' header!\n");
+  }
+
+  eval{
+  #$message = Email::Simple->create(
+    #header => [
+      #To                    => $contact,
+      #From                  => 'warden_watchdog@'.$from_hostname,
+      #Subject               => 'Kotrola stavu udalosti na Wardenu'],
+      #body => fill('','',$text));
+  };
+  if($@){
+    return (0, "Can't create email message\n");
+  }
+
+  print "== $contact ==\n$text\n";
+  my ($rc, $err) = 1;#sendmailWrapper($message->as_string);
+  if(!$rc){
+    return (0, $err);
+  }
+  return 1;
+}
+
+sub connect_to_DB {
+
+  my $dbPlatform = 'mysql';
+  my $dbName     = 'warden';
+  my $dbHostname = 'localhost';
+  my $dbUser     = 'root';
+  my $dbPasswd   = 'w4rd3n&r00t';
+
+  my $dbhRef = shift;
+  my $dbh;
+
+  if($dbh = DBI->connect( "dbi:$dbPlatform:database=$dbName;host=$dbHostname", $dbUser, $dbPasswd, {RaiseError => 1, mysql_auto_reconnect => 1})){
+    $$dbhRef = $dbh;
+    return 1;
+  }
+  else{
+    return (0,"Cannot connect to database! ".DBI->errstr);
+  }
+}
+
+sub sendQuery{
+
+  my $configRef = shift;
+  my $eventsRef = shift;
+
+  my @config = @{$configRef};
+  my %bad_events;
+  my ($rc,$err);
+  my $dbh;
+
+  my $i = 0;
+  # connect to DB
+  ($rc,$err) = connect_to_DB(\$dbh);
+  if (!$rc){
+    return (0, $err);
+  }
+
+  while ($i < scalar(@config)) {
+    my $contact;
+
+    # run DB query -> requestor, client name
+    my $sth;
+    if (defined($config[$i]{query})){
+      $sth = $dbh->prepare($config[$i]{query});
+    }
+    else{
+      return (0, "No query availble\n");
+    }
+
+    if (!($sth->execute)){
+      return (0, "Couldn't get data from my database: $sth->errstr\n");
+    };
+
+    my @result;
+    while(@result = $sth->fetchrow()){
+      if (defined($config[$i]{contact})){
+        $contact = $config[$i]{contact};
+      }
+      else{
+        $contact = "from_db\@$result[0]";
+      }
+      $bad_events{$contact} .= $config[$i]{text} . "DB INFO: ". join(', ',@result) ."\n";
+    }
+    $sth->finish;
+    $i++;
+  }
+  # disconnect to DB
+  $dbh->disconnect;
+
+  %$eventsRef = %bad_events;
+
+  return 1;
+}
+
+
+sub run{
+
+  my $domain = shift;
+  my $period = shift;
+
+  my $date;
+
+  eval{
+    my $dt = DateTime->now();
+    $dt = DateTime->now()->subtract(days => $period);
+    $date = $dt->date();
+  };
+  if($@){
+    print "Warden watchdog - can't work with date\n";
+    #syslog("err|Warden watchdog - can't work with date\n");
+  }
+
+  my @configuration = (
+  {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "Hey, this is test of warning for admin!\n"},
+  {query => "SELECT requestor FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '$date' AND type NOT IN ('portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other') AND valid = 't' GROUP BY service) GROUP BY requestor;", text => "Hey, this is test of warning!\n", contact => 'warden-administrator@cesnet.cz'});
+
+  $Text::Wrap::columns = 80;
+
+
+  my %bad_events;
+
+  my $i = 0;
+  while ($i < scalar(@configuration)) {
+    my ($rc,$err) = sendQuery(\@configuration,\%bad_events);
+    if (!$rc){
+      print "Warden watchdog - $err\n";
+      #syslog("err|Warden watchdog - $err\n");
+    }
+    $i++;
+  }
+
+  while (my ($contact, $text) = each(%bad_events)){
+    my %input = (contact => $contact, domain => $domain, text => $text);
+    my ($rc,$err) = sendReport(\%input);
+    if (!$rc){
+      # TODO syslog
+      print $err;
+      #syslog("err|Warden client - networkReporter $err\n");
+    }
+    print "\n\n";
+  }
+}
+
+run('warden-dev.cesnet.cz',7);
+1;