spojeni watchdogu a serveru

* zapojeni wardenWatchdog do adresarove struktury serveru
* uprava cest
* pridani odkazu do dokumentace

src/contrib/wardenWatchdog/wardenWatchdog.pl

-#!/usr/bin/perl
-#
-# wardenWatchdog.pl
-#
-# Copyright (C) 2011-2012 Cesnet z.s.p.o
-#
-# Use of this source is governed by a BSD-style license, see LICENSE file.
-
-use strict;
-use warnings;
-
-use Getopt::Long;
-use FindBin;
-FindBin::again();
-
-use lib "$FindBin::Bin";
-use WardenWatchdog;
-
-#-------------------------------------------------------------------------------
-# help
-#
-# Just print help and exit.
-#
-# Input: -
-#
-# Output: -
-#
-# Return:
-#   On Success (1)
-#-------------------------------------------------------------------------------
-sub help
-{
-  my $help ="  USAGE: ./wardenWatchdog.pl -c '/path/WardenWatchdog.conf' -i 7
-
-  OPTIONS
-  -c conf           configuration file name and path
-  -i interval       interval in days from now back to the past
-";
-  print $help;
-  return 1;
-}
-
-my ($help, $config, $interval);
-if (@ARGV < 3  || defined($help) || !GetOptions('help|?|h' => \$help, 'c|conf=s' => \$config, 'i|interval=i' => \$interval)) {
-  help();
-}
-else {
-  my ($rc,$err) = WardenWatchdog::run($config,$interval);
-  if(!$rc) {
-    print "WardenWatchdog error: $err";
-  }
-}
-
-1;

src/warden-server/bin/wardenWatchdog.pl

 #!/usr/bin/perl
 #
-# WardenWatchdog.pl
+# wardenWatchdog.pl
 #
-# Copyright (C) 2011-2013 Cesnet z.s.p.o
+# Copyright (C) 2011-2012 Cesnet z.s.p.o
 #
 # Use of this source is governed by a BSD-style license, see LICENSE file.
 
-
-use WardenConf;
 use strict;
 use warnings;
-use DBI;
-use DBD::mysql;
-use DateTime;
-#use Email::Simple;
-use Sys::Hostname;
-use Text::Wrap;
-use Data::Dumper;
-
-sub sendmailWrapper{
-  my $message = shift;
-
-  if(open(my $sendmail, '|/usr/sbin/sendmail -oi -t')){
-    print $sendmail $message;
-    close $sendmail;
-    return 1;
-  } else {
-    return (0, "Sending email failed: $!");
-  }
-}
-
-# Array of hashes
-#{query => ; text => ; contact => }
-
-# Get clients admins
-sub sendReport{
 
-  my $input_data  = shift;
-  my $contact    = $$input_data{'contact'};
-  my $domain     = $$input_data{'domain'};
-  my $text       = $$input_data{'text'};
-
-  my $from_hostname;
-  my $message;
-
-  if(!($contact)){
-    return (0, "Empty 'To' email header!\n");
-  }
-
-  $domain =~ s/\./\./;
-
-  eval{
-    $from_hostname = hostname();
-    if(!($from_hostname =~ m/$domain/gi)){
-      $from_hostname .= $domain;
-    }
-  };
-  if($@){
-    return (0, "Can't retrive hostname for 'From' header!\n");
-  }
+use Getopt::Long;
+use FindBin qw($RealBin);
+FindBin::again();
+use lib "$RealBin/../lib";
+use WardenWatchdog;
 
-  eval{
-  #$message = Email::Simple->create(
-    #header => [
-      #To                    => $contact,
-      #From                  => 'warden_watchdog@'.$from_hostname,
-      #Subject               => 'Kotrola stavu udalosti na Wardenu'],
-      #body => fill('','',$text));
-  };
-  if($@){
-    return (0, "Can't create email message\n");
-  }
 
-  print "== $contact ==\n$text\n";
-  my ($rc, $err) = 1;#sendmailWrapper($message->as_string);
-  if(!$rc){
-    return (0, $err);
-  }
+#-------------------------------------------------------------------------------
+# help
+#
+# Just print help and exit.
+#
+# Input: -
+#
+# Output: -
+#
+# Return:
+#   On Success (1)
+#-------------------------------------------------------------------------------
+sub help
+{
+  my $help ="  USAGE: ./wardenWatchdog.pl -c /path/WardenWatchdog.conf -i 7
+
+  OPTIONS
+  -c conf           configuration file name and path
+  -i interval       interval in days from now back to the past
+";
+  print $help;
   return 1;
 }
 
-sub connect_to_DB {
-
-  my $dbPlatform = 'mysql';
-  my $dbName     = 'warden';
-  my $dbHostname = 'localhost';
-  my $dbUser     = 'root';
-  my $dbPasswd   = 'w4rd3n&r00t';
-
-  my $dbhRef = shift;
-  my $dbh;
-
-  if($dbh = DBI->connect( "dbi:$dbPlatform:database=$dbName;host=$dbHostname", $dbUser, $dbPasswd, {RaiseError => 1, mysql_auto_reconnect => 1})){
-    $$dbhRef = $dbh;
-    return 1;
-  }
-  else{
-    return (0,"Cannot connect to database! ".DBI->errstr);
-  }
+my ($help, $config, $interval);
+if (@ARGV < 3  || defined($help) || !GetOptions('help|?|h' => \$help, 'c|conf=s' => \$config, 'i|interval=i' => \$interval)) {
+  help();
 }
-
-sub sendQuery{
-
-  my $configRef = shift;
-  my $eventsRef = shift;
-
-  my @config = @{$configRef};
-  my %bad_events;
-  my ($rc,$err);
-  my $dbh;
-
-  my $i = 0;
-  # connect to DB
-  ($rc,$err) = connect_to_DB(\$dbh);
-  if (!$rc){
-    return (0, $err);
-  }
-
-  while ($i < scalar(@config)) {
-    my $contact;
-
-    # run DB query -> requestor, client name
-    my $sth;
-    if (defined($config[$i]{query})){
-      $sth = $dbh->prepare($config[$i]{query});
-    }
-    else{
-      return (0, "No query availble\n");
-    }
-
-    if (!($sth->execute)){
-      return (0, "Couldn't get data from my database: $sth->errstr\n");
-    };
-
-    my @result;
-    while(@result = $sth->fetchrow()){
-      if (defined($config[$i]{contact})){
-        $contact = $config[$i]{contact};
-      }
-      else{
-        $contact = "from_db\@$result[0]";
-      }
-      $bad_events{$contact} .= $config[$i]{text} . "DB INFO: ". join(', ',@result) ."\n";
-    }
-    $sth->finish;
-    $i++;
-  }
-  # disconnect to DB
-  $dbh->disconnect;
-
-  %$eventsRef = %bad_events;
-
-  return 1;
-}
-
-
-sub run{
-
-  my $domain = shift;
-  my $period = shift;
-
-  my $date;
-
-  eval{
-    my $dt = DateTime->now();
-    $dt = DateTime->now()->subtract(days => $period);
-    $date = $dt->date();
-  };
-  if($@){
-    print "Warden watchdog - can't work with date\n";
-    #syslog("err|Warden watchdog - can't work with date\n");
-  }
-
-  my @configuration = (
-  {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "Hey, this is test of warning for admin!\n"},
-  {query => "SELECT requestor FROM clients WHERE service IN (SELECT service FROM events WHERE detected > '$date' AND type NOT IN ('portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other') AND valid = 't' GROUP BY service) GROUP BY requestor;", text => "Hey, this is test of warning!\n", contact => 'warden-administrator@cesnet.cz'});
-
-  $Text::Wrap::columns = 80;
-
-
-  my %bad_events;
-
-  my $i = 0;
-  while ($i < scalar(@configuration)) {
-    my ($rc,$err) = sendQuery(\@configuration,\%bad_events);
-    if (!$rc){
-      print "Warden watchdog - $err\n";
-      #syslog("err|Warden watchdog - $err\n");
-    }
-    $i++;
-  }
-
-  while (my ($contact, $text) = each(%bad_events)){
-    my %input = (contact => $contact, domain => $domain, text => $text);
-    my ($rc,$err) = sendReport(\%input);
-    if (!$rc){
-      # TODO syslog
-      print $err;
-      #syslog("err|Warden client - networkReporter $err\n");
-    }
-    print "\n\n";
+else {
+  my ($rc,$err) = WardenWatchdog::run($config,$interval);
+  if(!$rc) {
+    print "WardenWatchdog error: $err";
   }
 }
 
-run('warden-dev.cesnet.cz',7);
 1;

src/warden-server/doc/README

@@ -17,73 +17,73 @@ Content
 A. Overall Information
 
  1. About Warden System
- 
+
     Warden is a client-server architecture service designed to share detected
     security events (issues) among CSIRT and CERT teams in a simple and fast way.
-    
+
     This package contains the Warden server.
 
  2. Version
-  
+
     2.2 (2013-??-??)
-    
+
  3. Package structure
- 
+
     warden-server/
       bin/
-	getClients.pl
-	getStatus.pl
-	registerReceiver.pl
-	registerSender.pl
-	unregisterClients.pl
+  getClients.pl
+  getStatus.pl
+  registerReceiver.pl
+  registerSender.pl
+  unregisterClients.pl
       doc/
-	AUTHORS
+  AUTHORS
         CHANGELOG
-	INSTALL
-	LICENSE
-	README
-	UNINSTALL
-	UPDATE
-	warden.mysql
-	warden21to22.patch
+  INSTALL
+  LICENSE
+  README
+  UNINSTALL
+  UPDATE
+  warden.mysql
+  warden21to22.patch
       etc/
-	package_version
+  package_version
         warden-apache.conf
-	warden-server.conf
+  warden-server.conf
       lib/
-	Warden.pm
-	WardenCommon.pm
-	Warden/
-	  ApacheDispatch.pm
+  Warden.pm
+  WardenCommon.pm
+  Warden/
+    ApacheDispatch.pm
       uninstall.sh
 
 
 --------------------------------------------------------------------------------
 B. Installation Dependencies
- 
+
  1. Applications:
 
-    Perl	>= 5.10.1
-    MySQL	>= 5.1.63
-    Apache	>= 2.2.14
+    Perl  >= 5.10.1
+    MySQL >= 5.1.63
+    Apache  >= 2.2.14
 
  2. Perl modules:
 
-    SOAP::Lite			>= 0.712
-    SOAP::Transport::HTTP	>= 0.712
-    DBI				>= 1.612
-    DBD::mysql			>= 4.016
-    Format::Human::Bytes	>= 0.05
-    Sys::Syslog			>= 0.27
-    File::Basename		>= 2.77
-    Net::CIDR::Lite		>= 0.21
-    DateTime			>= 0.61
-    Getopt::Std			>= 1.06
-    Switch			>= 2.14
-    IO::Socket::SSL 		>= 1.66
-    MIME::Base64 		>= 3.08
-    Crypt::X509 		>= 0.40
-    Carp 			>= 1.11
+    SOAP::Lite      >= 0.712
+    SOAP::Transport::HTTP >= 0.712
+    DBI       >= 1.612
+    DBD::mysql      >= 4.016
+    Format::Human::Bytes  >= 0.05
+    Sys::Syslog     >= 0.27
+    File::Basename    >= 2.77
+    Net::CIDR::Lite   >= 0.21
+    DateTime      >= 0.61
+    Getopt::Std     >= 1.06
+    Switch      >= 2.14
+    IO::Socket::SSL     >= 1.66
+    MIME::Base64    >= 3.08
+    Crypt::X509     >= 0.40
+    Carp      >= 1.11
 
 
 --------------------------------------------------------------------------------
@@ -97,34 +97,34 @@ C. Installation
 
     $ tar xzvf warden-server-2.2.tar.gz
 
- 3. Run install.sh. 
-  
+ 3. Run install.sh.
+
     Default installation directory is /opt/warden-server/
-    
+
     For more information about install.sh options run install.sh -h
 
     Usage: $ ./install.sh [-d <directory>] [-k <ssl_key_file>]
                           [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
-	-d <directory>            installation directory (default: /opt)
-	-k <ssl_key_file>         SSL certificate key file path
-	-c <ssl_cert_file>        SSL certificate file path
-	-a <ssl_ca_file>          CA certificate file path
-	-h                        print this help
-	-V                        print script version number and exit
-	
+  -d <directory>            installation directory (default: /opt)
+  -k <ssl_key_file>         SSL certificate key file path
+  -c <ssl_cert_file>        SSL certificate file path
+  -a <ssl_ca_file>          CA certificate file path
+  -h                        print this help
+  -V                        print script version number and exit
+
     Example: # ./install.sh -d /opt -k /etc/ssl/private/server.key
-                            -c /etc/ssl/certs/server.pem                            
-			    -a /etc/ssl/certs/bundle.pem
+                            -c /etc/ssl/certs/server.pem
+          -a /etc/ssl/certs/bundle.pem
 
     You must be root for running this script.
 
  4. Configuration files
-  
+
     You are advised to check configuration file warden-apache.conf and
     warden-server.conf in warden-server/etc/ directory after installation.
     For more information about post-installation steps see INSTALL file in
     'doc' directory.
-    
+
     SOAP protocol is used for handling communication between server and clients.
     Therefore, correct URI of Warden server must be set.
 
@@ -138,40 +138,40 @@ C. Installation
 
     The Warden server configuration file contains:
 
-    BASEDIR		- base directory of the Warden server
-			  e.g. /opt/warden-server/
+    BASEDIR   - base directory of the Warden server
+        e.g. /opt/warden-server/
 
-    SYSLOG		- enable/disable syslog logging
-    			  e.g. 1
+    SYSLOG    - enable/disable syslog logging
+            e.g. 1
 
-    SYSLOG_VERBOSE	- enable/disable logging in verbose mode (stack info added)
-    			  e.g. 1
+    SYSLOG_VERBOSE  - enable/disable logging in verbose mode (stack info added)
+            e.g. 1
 
-    SYSLOG_FACILITY	- syslog facility
-			  e.g. local7
+    SYSLOG_FACILITY - syslog facility
+        e.g. local7
 
-    DB_NAME		- MySQL database name of Warden server
-			  e.g. warden
+    DB_NAME   - MySQL database name of Warden server
+        e.g. warden
 
-    DB_USER		- MySQL database user of Warden server
-			  e.g. warden
+    DB_USER   - MySQL database user of Warden server
+        e.g. warden
 
-    DB_PASS		- MySQL database password of Warden server
+    DB_PASS   - MySQL database password of Warden server
 
-    DB_HOST		- MySQL database host
-			  e.g. localhost
+    DB_HOST   - MySQL database host
+        e.g. localhost
 
-    MAX_EVENTS_LIMIT	- server limit of maximum number of events that can be
+    MAX_EVENTS_LIMIT  - server limit of maximum number of events that can be
                           delivered to one client in one batch
-    			  e.g. 1000000
+            e.g. 1000000
 
     VALID_STRINGS       - validation hash containing allowed event attributes
-                          e.g. 
+                          e.g.
 
-			  %VALID_STRINGS = (
- 			    'type'          => ['portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other'],
-			    'source_type'   => ['IP', 'URL', 'Reply-To:']
-			  );
+        %VALID_STRINGS = (
+          'type'          => ['portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other'],
+          'source_type'   => ['IP', 'URL', 'Reply-To:']
+        );
 
 
     b) warden-apache.conf
@@ -194,7 +194,7 @@ C. Installation
     PerlSwitches -I <path_to_warden_server_libs>
 
     <Location /Warden>
-    	SetHandler perl-script
+      SetHandler perl-script
         PerlHandler Warden::ApacheDispatch
         SSLOptions +StdEnvVars
     </Location>
@@ -204,9 +204,9 @@ C. Installation
 D. Update
 
  For update of the Warden server package from local machine use update.sh.
-  
+
  Default destination directory is /opt/warden-server/.
-    
+
  For more information about update.sh options run update.sh -h
 
    Usage: $ ./update.sh [-d <directory>] [-hV]
@@ -226,9 +226,9 @@ D. Update
 E. Uninstallation
 
  For uninstallation of the Warden server package from local machine use uninstall.sh.
-  
+
  Default uninstallation directory is /opt/warden-server/.
-    
+
  For more information about uninstall.sh options run uninstall.sh -h
 
    Usage: $ ./uninstall.sh [-d <directory>] [-hV]
@@ -248,23 +248,29 @@ E. Uninstallation
 F. Miscellaneous
 
  1. Error Messages
-    
+
     Error messages of the server functions are sent via Syslog.
     Default is local7 facility.
 
  2. Firewall Settings
-    
+
     Make sure that the TCP port listed in /etc/apache2/sites-enables/default(-ssl)
     is allowed on your firewall.
 
  3. Privileges
- 
+
     The Warden server runs only under root privileges.
 
  4. Known Issues
 
     No issues are known.
 
+ 5. Database checks
+
+    If you want apply an offline checks to your received data health, you can use
+    the wardenWatchdog.pl script. You can found the documentation in a separate
+    README.wardenWatchdog file.
+
 
 --------------------------------------------------------------------------------
 G. Registration of Clients
@@ -281,14 +287,14 @@ G. Registration of Clients
 
  1. Register Sender
 
-    New sender clients are registered in Warden system via registerSender.pl. 
-    
+    New sender clients are registered in Warden system via registerSender.pl.
+
     Following attributes must be provided in order to register new client
     successfully:
-    
+
     hostname           - hostname of the client,
     requestor          - organization or authorized person who demands new
-                         client registration, 
+                         client registration,
     service            - name of the service of a new registered client,
     description_tags   - tags describing the nature of the service,
     ip_net_client      - CIDR the client is only allowed to communicate from,
@@ -298,17 +304,17 @@ G. Registration of Clients
 
  2. Register Receiver
 
-    New receiver clients are registered in Warden system via 
+    New receiver clients are registered in Warden system via
     registerReceiver.pl.
-    
+
     Following attributes must be provided in order to register new client
     successfully:
-    
+
     hostname           - hostname of the client,
     requestor          - organization or authorized person who demands new
-                         client registration, 
+                         client registration,
     type               - the type of events the client wish to receive or '_any_'
-    			 for receiving of all types of events,
+           for receiving of all types of events,
     receive_own_events - boolean value describing if events originating from
                          the same CIDR will be sent to the client,
     ip_net_client      - CIDR the client is only allowed to communicate from,
@@ -318,7 +324,7 @@ G. Registration of Clients
 
  3. Unregister Client
 
-    In the Warden system, already registered clients can be unregistered 
+    In the Warden system, already registered clients can be unregistered
     via unregisterClient.pl.
 
     Following attribute must be provided in order to unregister existing client
@@ -344,13 +350,13 @@ H. Status Info
 
   1. Get Status
 
-     Function getStatus is accessible via getStatus.pl. Function has no input 
+     Function getStatus is accessible via getStatus.pl. Function has no input
      parameters and returns info about the Warden server, its DB status and
      event's statistics of active registered senders.
 
   2. Get Clients
 
-     Function getClients is accessible via getClients.pl. Function has no input 
+     Function getClients is accessible via getClients.pl. Function has no input
      parameters and returns detailed information about all registered clients.
 
 --------------------------------------------------------------------------------

src/contrib/wardenWatchdog/README.wardenWatchdog → src/warden-server/doc/README.wardenWatchdog

@@ -75,7 +75,11 @@ D. Application run
   from now to the past. Warden database check from config will be then run in
   this defined time interval.
 
-  USAGE: ./wardenWatchdog.pl -c '/path/WardenWatchdog.conf' -i 7
+  USAGE:
+    ./wardenWatchdog.pl -c /path/WardenWatchdog.conf -i 7
+
+  CRON USAGE:
+    33  00  * * * /full/path/watchdog/wardenWatchdog.pl -c /path/WardenWatchdog.conf -i 7 >> err.txt
 
 --------------------------------------------------------------------------------
 

src/contrib/wardenWatchdog/WardenWatchdog.pm → src/warden-server/lib/WardenWatchdog.pm

@@ -140,14 +140,14 @@ sub connectToDB
   my $db_conf = shift;
   my $dbh_ref = shift;
 
-  my $dn_platform = $$db_conf{'platform'};
+  my $db_platform = $$db_conf{'platform'};
   my $db_name     = $$db_conf{'name'};
   my $db_hostname = $$db_conf{'hostname'};
   my $db_user     = $$db_conf{'user'};
   my $db_passwd   = $$db_conf{'passwd'};
 
   my $dbh;
-  if($dbh = DBI->connect( "dbi:$dn_platform:database=$db_name;host=$db_hostname", $db_user, $db_passwd, {mysql_auto_reconnect => 1})) {
+  if($dbh = DBI->connect( "dbi:$db_platform:database=$db_name;host=$db_hostname", $db_user, $db_passwd, {mysql_auto_reconnect => 1})) {
     $$dbh_ref = $dbh;
     return (1);
   }