+------------------------------+
| README - Warden Server 0.1.0 |
+------------------------------+
Content
A. Overall Information
B. Installation Dependencies
C. Installation
D. Miscellaneous
E. Registration of Clients
F. Status Info
G. Authors
--------------------------------------------------------------------------------
A. Overall Information
1. About Warden System
Warden is a client-server architecture service designed to share detected
security issues (events) among CSIRT and CERT teams in a simple and fast way.
This package offers full server functionality to both install and maintain
the Warden server and to register and/or unregister particular clients.
2. Version
0.1.0 (2012-03-02)
3. Package structure
warden-server/
bin/
create_tables.sh
getClients.pl
getStatus.pl
registerReceiver.pl
registerSender.pl
unregisterClients.pl
warden-alive
wardend
warden-server.pl
doc/
CHANGELOG
INSTALL
LICENSE
README
etc/
warden-client.conf
warden-server.conf
package_version
lib/
WardenConf.pm
WardenReg.pm
WardenStatus.pm
var/
warden.db
uninstall.sh
--------------------------------------------------------------------------------
B. Installation Dependencies
1. Applications:
Perl >= 5.10.1
SQLite >= 3.7.3
2. Perl modules:
SOAP::Lite >= 0.712
SOAP::Transport::TCP >= 0.712
File::Pid >= 1.01
POSIX >= 1.17
DBI >= 1.612
DBD::SQLite >= 1.29
Format::Human::Bytes >= 0.05
Sys::Syslog >= 0.27
File::Basename >= 2.77
FindBin >= 1.50
Net::CIDR::Lite >= 0.21
DateTime >= 0.61
Getopt::Std >= 1.06
Switch >= 2.14
IO::Socket::SSL >= 1.33
--------------------------------------------------------------------------------
C. Installation
1. Check SHA1 checksum of corresponding Warden server package archive
$ sha1sum -c warden-server-0.1.0.tar.gz.sig
2. Untar it
$ tar xzvf warden-server-0.1.0.tar.gz
3. Run install.sh
Default destination directory is /opt/warden-server/
For more information about install.sh options run install.sh -h
You must be root for running this script.
5. Configuration files
You are advised to check configuration file warden-server.conf and
warden-client.conf in warden-server/etc/ directory after installation.
Although this is the Warden server package it also contains several
functions (administrators and maintain) that are strictly client-side in
a way the Warden system handles functions. Therefore you have to check both
server and client config files to make sure your installation of the Warden
server was successful and complete.
SOAP protocol is used for handling communication between server and clients.
Therefore, correct URI of Warden server must be set.
Authentication of clients and server is performed using client and server
SSL certificates. Both clients and server must have valid certificate.
Configuration files contain following parameters:
a] warden-client.conf:
URI - URI Warden server
e.g. 'https://warden.server.com:443/Warden'
SSL_KEY_FILE - path to a host key file,
e.g. '/etc/ssl/private/warden.server.com.key'
SSL_CERT_FILE - path to a host certificate file,
e.g. '/etc/ssl/certs/warden.server.com.pem'
SSL_CA_FILE - path to a CA file
e.g. '/etc/ssl/certs/tcs-ca-bundle.pem'
b] warden-server.conf
The Warden server configuration file contains:
ADDRESS - IP address/domain name of the Warden server
e.g. warden.server.com
PORT - used TCP port for the Warden server
e.g. 443
BASEDIR - base directory of the Warden server
e.g. /opt/warden-server/
VARDIR - var directory
e.g. $BASEDIR/var/
LOGDIR - logging directory
e.g. /var/log/
PIDDIR - process ID directory
e.g. /var/run/
SSL_KEY_FILE - path to the server SSL certificate key file
e.g. /etc/ssl/private/warden.server.com.key
SSL_CERT_FILE - path to the server SSL certificate file
e.g. /etc/ssl/certs/warden.server.com.pem
SSL_CA_FILE - path to a CA certificate file
e.g. /etc/ssl/certs/tcs-ca-bundle.pem
FACILITY - syslog facility
e.g. local7
6. Usage of install.sh
Usage: $ ./install.sh [-d <directory>] [-k <ssl_key_file>]
[-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
-d <directory> installation directory (default: /opt)
-k <ssl_key_file> SSL certificate key file path
-c <ssl_cert_file> SSL certificate file path
-a <ssl_ca_file> CA certificate file path
-h print this help
-V print script version number and exit
Example: $ ./install.sh -d /opt -k /etc/ssl/private/server.key
-c /etc/ssl/certs/server.pem
-a /etc/ssl/certs/bundle.pem
7. Usage of uninstall.sh
Usage: $ ./uninstall.sh [-d <directory>] [-hV]
-d <directory> uninstallation directory (default: /opt)
-h print this help
-V print script version number and exit
Example: # ./uninstall.sh -d /opt
--------------------------------------------------------------------------------
D. Miscellaneous
1. Error Messages
Error messages of the server functions are sent via Syslog to log file, in
default to /var/log/messages.
During installation when Syslog reporting is not initiated yet, error
messages may be reported to the standard error output instead.
2. Init Script
Usage: /etc/init.d/wardend [start|stop|status|restart|force-stop]
The PID of the Warden server process is stored in
/var/run/warden-server.pl.pid.
The lock file is placed in /var/lock/warden-server.
To start the Warden server after rebooting set init script
/etc/init.d/wardend into runlevels configuration system.
3. Nagios Integration
Nagios control is available via Nagios plugin located in
/opt/warden-server/bin/warden-alive.
4. Firewall
Make sure to allow TCP port listed in warden-server.conf ($PORT variable)
on your firewall.
5. Privileges
The Warden server runs only under root privileges.
--------------------------------------------------------------------------------
E. Registration of Clients
The Warden server administrator is responsible for registering new clients or
removing those already registered. Both registration or unregistration scripts
are provided in the Warden server package. Those scripts should be run from
localhost (the same machine the Warden server is installed and running on) as
they are meant to be administrator functions that are included in the Warden
server package only.
Members of Warden community who would like to have their client registered must
contact the Warden server administrator with the requirement. This is usually
done via secured e-mail. Requestor should provide all important data to the
Warden server administrator so that the client can be successfully registered.
1. Register Sender
New sender clients are registered in Warden system via registerSender.pl.
Following attributes must be provided in order to register new client
successfully:
hostname - hostname of the client,
requestor - organization or authorized person who demands new
client registration,
service - name of the service of a new registered client,
description_tags - tags describing the nature of the service,
ip_net_client - CIDR the client is only allowed to communicate from.
One can always run registerSender.pl with -h argument to see a help.
2. Register Receiver
New receiver clients are registered in Warden system via
registerReceiver.pl.
Following attributes must be provided in order to register new client
successfully:
hostname - hostname of the client,
requestor - organization or authorized person who demands new
client registration,
type - the type of events the client wish to receive (only
this and nothing else)
receive_own_events - boolean value describing if events originating from
the same CIDR will be sent to the client.
ip_net_client - CIDR the client is only allowed to communicate from.
One can always run registerReceiver.pl with -h argument to see a help.
3. Unregister Client
In the Warden system, already registered clients can be removed
(unregistered) via unregisterClient.pl.
Following attribute must be provided in order to unregister existing client
successfully:
client_id - ID of the client that should be removed (unregistered).
One can always run unregisterClient.pl with -h argument to see a help.
Process of unregistration deletes this client from clients table in DB.
On the other hand, all messages stored by this client (considering "sender"
client) are not deleted, they are merely set 'invalid' in DB table events.
To be more specific: attribute "valid" in events table is set to 'f' (false).
--------------------------------------------------------------------------------
F. Status Info
Functions in this section show status of active (registered) clients or
the Warden server itself to the Warden system administrator.
Similarly to the previous section, these functions should be run from
localhost (e. g. from the same machine the Warden server is installed and
running on) as they are meant to be administrator functions that are included
in the Warden server package only.
1. Get Status
Function getStatus is accessible via getStatus.pl. Function has no input
parameters and returns precise info about the Warden server/db status.
2. Get Clients
Function getClients is accessible via getClients.pl. Function has no input
parameters and returns detailed information about all registered clients.
--------------------------------------------------------------------------------
G. Authors
Development: Tomas PLESNIK <plesnik@ics.muni.cz>
Jan SOUKAL <soukal@ics.muni.cz>
Copyright (C) 2012 Cesnet z.s.p.o
Special thanks go to Martin Drasar from CSIRT-MU for his help and support
in the development of Warden system.
Forked from
713 / Warden / Warden - archive
973 commits behind the upstream repository.
Tomáš Plesník
authored