From 88f7c1e160ec5bb528238f42ea674cee4df877f0 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Thu, 15 Nov 2018 22:59:34 +0100
Subject: [PATCH 01/24] munin: copy host-specific config files

New variables were added:
munin_server_confd: {
  local_dir: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/munin-server/",
  target_dir: /etc/munin/conf.d/
}

If munin-server/ exists in the host's files, the content of the
directory is copied.
---
 ansible/roles/munin/tasks/install.yml | 10 ++++++++++
 ansible/roles/munin/vars/main.yml     |  8 +++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/munin/tasks/install.yml b/ansible/roles/munin/tasks/install.yml
index 7e8f2d3..200981c 100644
--- a/ansible/roles/munin/tasks/install.yml
+++ b/ansible/roles/munin/tasks/install.yml
@@ -37,5 +37,15 @@
     replace: '[{{ hostname }}]'
   when: hostname is defined
 
+- name: Check if munin-server_confd.local_dir
+  local_action: stat path="{{ munin_server_confd.local_dir }}"
+  register: result
+
+- name: Copy list of munin monitored machines
+  copy:
+    src: "{{ munin_server_confd.local_dir }}"
+    dest: "{{ munin_server_confd.target_dir }}"
+  when: result.stat.exists == True
+
 - name: Start & enable Munin-node
   service: name=munin-node state=started enabled=yes
diff --git a/ansible/roles/munin/vars/main.yml b/ansible/roles/munin/vars/main.yml
index 61a6c00..9030b32 100644
--- a/ansible/roles/munin/vars/main.yml
+++ b/ansible/roles/munin/vars/main.yml
@@ -17,4 +17,10 @@ munin_conf: "/etc/munin/munin.conf"
 plugin: {
   src: "/usr/share/munin/plugins/nemea_supervisor",
   dest: "/etc/munin/plugins/nemea_supervisor"
-}
\ No newline at end of file
+}
+
+munin_server_confd: {
+  local_dir: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/munin-server/",
+  target_dir: /etc/munin/conf.d/
+}
+

From c91926173f5a2e1e8a65162c01637ac62d6b836a Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Tue, 19 Feb 2019 18:21:53 +0100
Subject: [PATCH 02/24] ipfixcol: add example (commented out) of multiple odids

---
 .../list-vagrant/ipfixcol/profiles.xml        | 191 ++++++++++++------
 1 file changed, 124 insertions(+), 67 deletions(-)

diff --git a/ansible/inventory/host_files/list-vagrant/ipfixcol/profiles.xml b/ansible/inventory/host_files/list-vagrant/ipfixcol/profiles.xml
index a01db6c..4b8db73 100644
--- a/ansible/inventory/host_files/list-vagrant/ipfixcol/profiles.xml
+++ b/ansible/inventory/host_files/list-vagrant/ipfixcol/profiles.xml
@@ -1,75 +1,132 @@
 <?xml version="1.0"?>
 <!-- Live profile (default - always must exists) -->
 <profile name="live">
-	<!--## Type of a profile -->
-	<type>normal</type>
-	<!--## Directory for data store of valuable data and statistics -->
-	<directory>/data/flow/live/</directory>
+  <!--## Type of a profile -->
+  <type>normal</type>
+  <!--## Directory for data store of valuable data and statistics -->
+  <directory>/data/flow/live/</directory>
+  <!-- List of channels that belong to the profile -->
+  <channelList>
+    <channel name="ipv4">
+      <!--## List of sources from which channel will receive data -->
+      <sourceList>
+        <!--## Live profile always use "*" -->
+        <source>*</source>
+      </sourceList>
+      <!--## Filter applied on records, specifying whether it belongs to the profile -->
+      <filter>ipVersion = 4</filter>
+    </channel>
+    <channel name="ipv6">
+      <sourceList>
+        <source>*</source>
+      </sourceList>
+      <filter>ipv6</filter>
+    </channel>
 
-	<!-- List of channels that belong to the profile -->
-	<channelList>
-		<channel name="ipv4">
-			<!--## List of sources from which channel will receive data -->
-			<sourceList>
-				<!--## Live profile always use "*" -->
-				<source>*</source>
-			</sourceList>
-			<!--## Filter applied on records, specifying whether it belongs to the profile -->
-			<filter>ipVersion = 4</filter>
-		</channel>
-		<channel name="ipv6">
-			<sourceList>
-				<source>*</source>
-			</sourceList>
-			<filter>ipv6</filter>
-		</channel>
-	</channelList>
+    <!-- Channels by Observation Domain ID -->
+    <!--
+    <channel name="mynet1">
+      <sourceList>
+        <source>*</source>
+      </sourceList>
+      <filter>odid = 1</filter>
+    </channel>
+    <channel name="mynet2">
+      <sourceList>
+        <source>*</source>
+      </sourceList>
+      <filter>odid = 2</filter>
+    </channel>
+    -->
 
-	<!--## List of subprofiles that belong to the live profile -->
-	<subprofileList>
-		<!--## Example subprofile for -->
-		<profile name="emails">
-			<type>normal</type>
-			<directory>/data/flow/live/emails/</directory>
+  </channelList>
+  <!--## List of subprofiles that belong to the live profile -->
+  <subprofileList>
+    <!--## Example subprofile for -->
+    <profile name="emails">
+      <type>normal</type>
+      <directory>/data/flow/live/emails/</directory>
+      <channelList>
+        <!-- POP3 flows -->
+        <channel name="pop3">
+          <sourceList>
+            <!--## Sources are channels only from the parent profile -->
+            <source>ipv4</source>
+            <source>ipv6</source>
+          </sourceList>
+          <filter>port in [110 995]</filter>
+        </channel>
+        <!-- IMAP flows -->
+        <channel name="imap">
+          <sourceList>
+            <source>ipv4</source>
+            <source>ipv6</source>
+          </sourceList>
+          <filter>port in [143 993]</filter>
+        </channel>
+        <!-- SMTP flows -->
+        <channel name="smtp">
+          <sourceList>
+            <source>ipv4</source>
+            <source>ipv6</source>
+          </sourceList>
+          <filter>port in [25 465]</filter>
+        </channel>
+      </channelList>
+    </profile>
 
-			<channelList>
-				<!-- POP3 flows -->
-				<channel name="pop3">
-					<sourceList>
-						<!--## Sources are channels only from the parent profile -->
-						<source>ipv4</source>
-						<source>ipv6</source>
-					</sourceList>
-					<filter>
-						port in [110 995 ]
-					</filter>
-				</channel>
+    <!-- Subprofiles by Interface per each Observation Domain ID -->
+    <!--
+    <profile name="mynet1">
+      <type>normal</type>
+      <directory>/data/flow/live/mynet1/</directory>
+      <channelList>
+        <channel name="wan">
+          <sourceList>
+            <source>mynet1</source>
+          </sourceList>
+          <filter>ingressInterface = 0</filter>
+        </channel>
+        <channel name="lan">
+          <sourceList>
+            <source>mynet1</source>
+          </sourceList>
+          <filter>ingressInterface = 1</filter>
+        </channel>
+        <channel name="guest">
+          <sourceList>
+            <source>mynet1</source>
+          </sourceList>
+          <filter>ingressInterface = 2</filter>
+        </channel>
+      </channelList>
+    </profile>
+    <profile name="mynet2">
+      <type>normal</type>
+      <directory>/data/flow/live/mynet2/</directory>
+      <channelList>
+        <channel name="wan">
+          <sourceList>
+            <source>mynet2</source>
+          </sourceList>
+          <filter>ingressInterface = 0</filter>
+        </channel>
+        <channel name="lan">
+          <sourceList>
+            <source>mynet2</source>
+          </sourceList>
+          <filter>ingressInterface = 1</filter>
+        </channel>
+        <channel name="guest">
+          <sourceList>
+            <source>mynet2</source>
+          </sourceList>
+          <filter>ingressInterface = 2</filter>
+        </channel>
+      </channelList>
+    </profile>
+    -->
 
-				<!-- IMAP flows -->
-				<channel name="imap">
-					<sourceList>
-						<source>ipv4</source>
-						<source>ipv6</source>
-					</sourceList>
-					<filter>
-						port in [143 993]
-					</filter>
-				</channel>
-				
-				<!-- SMTP flows -->
-				<channel name="smtp">
-					<sourceList>
-						<source>ipv4</source>
-						<source>ipv6</source>
-					</sourceList>
-					<filter>
-						sourceTransportPort == 25 or
-						destinationTransportPort == 25 or
-						sourceTransportPort == 465 or
-						destinationTransportPort == 465
-					</filter>
-				</channel>
-			</channelList>
-		</profile>
-	</subprofileList>
+  </subprofileList>
 </profile>
+

From 5c14bdf654e840c7fe645af5a74b6596082b303d Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Tue, 19 Feb 2019 18:23:26 +0100
Subject: [PATCH 03/24] apache: disable privatetmp in systemd - scgui needs to
 find its temp files

---
 ansible/roles/apache/tasks/install.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/ansible/roles/apache/tasks/install.yml b/ansible/roles/apache/tasks/install.yml
index 4bfb4d9..28cdb09 100644
--- a/ansible/roles/apache/tasks/install.yml
+++ b/ansible/roles/apache/tasks/install.yml
@@ -1,6 +1,22 @@
 - name: Install Apache
   yum: "name={{ packages }} state=installed"
 
+- name: Create /etc/systemd/system/httpd.service.d
+  file:
+    path: /etc/systemd/system/httpd.service.d
+    state: directory
+
+- name: Install systemd privatetmp override
+  copy:
+    content: <
+        [Service]
+        PrivateTmp=False
+    dest: /etc/systemd/system/httpd.service.d/noprivtemp.conf
+
+- name: Reload systemd
+  systemd:
+    daemon_reload: yes
+
 - name: Redirect HTTP to HTTPs
   copy:
     src: "{{ apache_redirect_conf.src }}"

From eca125bf7f72e7aca5c8ab507cf52bcf1a8a47f9 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Tue, 19 Feb 2019 18:26:06 +0100
Subject: [PATCH 04/24] roles: add fail2ban with enabled ssh

---
 .../list-vagrant/fail2ban/jail.local          |  6 ++++++
 ansible/list.yml                              |  3 ++-
 ansible/roles/fail2ban/tasks/install.yml      | 19 +++++++++++++++++++
 ansible/roles/fail2ban/tasks/main.yml         |  8 ++++++++
 ansible/roles/fail2ban/tasks/update.yml       | 16 ++++++++++++++++
 ansible/roles/fail2ban/vars/main.yml          |  1 +
 6 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 ansible/inventory/host_files/list-vagrant/fail2ban/jail.local
 create mode 100644 ansible/roles/fail2ban/tasks/install.yml
 create mode 100644 ansible/roles/fail2ban/tasks/main.yml
 create mode 100644 ansible/roles/fail2ban/tasks/update.yml
 create mode 100644 ansible/roles/fail2ban/vars/main.yml

diff --git a/ansible/inventory/host_files/list-vagrant/fail2ban/jail.local b/ansible/inventory/host_files/list-vagrant/fail2ban/jail.local
new file mode 100644
index 0000000..d1b920a
--- /dev/null
+++ b/ansible/inventory/host_files/list-vagrant/fail2ban/jail.local
@@ -0,0 +1,6 @@
+[DEFAULT]
+bantime = 3600
+
+[sshd]
+enabled = true
+
diff --git a/ansible/list.yml b/ansible/list.yml
index ec54797..f5127c5 100644
--- a/ansible/list.yml
+++ b/ansible/list.yml
@@ -10,4 +10,5 @@
     - { role: ipfixcol, tags: ipfixcol }
     - { role: nemea-status, tags: nemea-status }
     - { role: main-page, tags: main-page }
-    - { role: warden-client, tags: warden-client }
\ No newline at end of file
+    - { role: warden-client, tags: warden-client }
+    - { role: fail2ban, tags: fail2ban }
diff --git a/ansible/roles/fail2ban/tasks/install.yml b/ansible/roles/fail2ban/tasks/install.yml
new file mode 100644
index 0000000..43bc805
--- /dev/null
+++ b/ansible/roles/fail2ban/tasks/install.yml
@@ -0,0 +1,19 @@
+- name: Install fail2ban
+  yum: "name=fail2ban state=installed"
+
+- name: Check for jail.local configuration
+  local_action: stat path="{{ jaillocal_file }}"
+  become: false
+  register: jail_local_conf
+  ignore_errors: True
+
+- name: Copy jail.local configuration
+  copy:
+    src: "{{ jaillocal_file }}"
+    dest: /etc/fail2ban/jail.local
+  when: jail_local_conf.stat.exists
+
+- name: Enable and start fail2ban
+  service: name=fail2ban enabled=yes state=started
+  when: jail_local_conf.stat.exists
+
diff --git a/ansible/roles/fail2ban/tasks/main.yml b/ansible/roles/fail2ban/tasks/main.yml
new file mode 100644
index 0000000..26c3b6d
--- /dev/null
+++ b/ansible/roles/fail2ban/tasks/main.yml
@@ -0,0 +1,8 @@
+- name: Fail2ban install
+  include: install.yml
+  tags: install
+
+- name: Fail2ban update
+  include: update.yml
+  tags: update
+
diff --git a/ansible/roles/fail2ban/tasks/update.yml b/ansible/roles/fail2ban/tasks/update.yml
new file mode 100644
index 0000000..df7cb25
--- /dev/null
+++ b/ansible/roles/fail2ban/tasks/update.yml
@@ -0,0 +1,16 @@
+- name: Update Fail2ban
+  yum: "name=fail2ban state=latest update_cache=yes"
+
+- name: Check for jail.local configuration
+  local_action: stat path="{{ jaillocal_file }}"
+  become: false
+  register: jail_local_conf
+  ignore_errors: True
+
+- name: Copy jail.local configuration
+  copy:
+    src: "{{ jaillocal_file }}"
+    dest: /etc/fail2ban/jail.local
+    force: yes
+    when: jail_local_conf.stat.exists
+
diff --git a/ansible/roles/fail2ban/vars/main.yml b/ansible/roles/fail2ban/vars/main.yml
new file mode 100644
index 0000000..1d6f2a5
--- /dev/null
+++ b/ansible/roles/fail2ban/vars/main.yml
@@ -0,0 +1 @@
+jaillocal_file: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/fail2ban/jail.local"

From 74ba028bb5f6ff9125700122881571835c8167f2 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Tue, 19 Feb 2019 18:27:57 +0100
Subject: [PATCH 05/24] roles: add easyrsa to build CA and client&server
 certificates

---
 ansible/list.yml                        |  1 +
 ansible/roles/easyrsa/tasks/install.yml | 13 +++++++++++++
 ansible/roles/easyrsa/tasks/main.yml    |  4 ++++
 ansible/roles/easyrsa/vars/main.yml     |  8 ++++++++
 4 files changed, 26 insertions(+)
 create mode 100644 ansible/roles/easyrsa/tasks/install.yml
 create mode 100644 ansible/roles/easyrsa/tasks/main.yml
 create mode 100644 ansible/roles/easyrsa/vars/main.yml

diff --git a/ansible/list.yml b/ansible/list.yml
index f5127c5..c546ec0 100644
--- a/ansible/list.yml
+++ b/ansible/list.yml
@@ -11,4 +11,5 @@
     - { role: nemea-status, tags: nemea-status }
     - { role: main-page, tags: main-page }
     - { role: warden-client, tags: warden-client }
+    - { role: easyrsa, tags: easyrsa }
     - { role: fail2ban, tags: fail2ban }
diff --git a/ansible/roles/easyrsa/tasks/install.yml b/ansible/roles/easyrsa/tasks/install.yml
new file mode 100644
index 0000000..021e829
--- /dev/null
+++ b/ansible/roles/easyrsa/tasks/install.yml
@@ -0,0 +1,13 @@
+- name: Download EasyRSA archive
+  get_url:
+    url: "{{ easyrsa_src.url }}"
+    dest: "{{ easyrsa_src.dest }}"
+
+- name: Extract EasyRSA
+  shell: |
+    mkdir -p "{{ easyrsa_src.creates }}"
+    tar -C "{{ easyrsa_src.creates }}" --strip-components=1 -xzf "{{ easyrsa_src.dest }}"
+    rm "{{ easyrsa_src.dest }}"
+  args:
+    creates: "{{ easyrsa_src.creates }}"
+
diff --git a/ansible/roles/easyrsa/tasks/main.yml b/ansible/roles/easyrsa/tasks/main.yml
new file mode 100644
index 0000000..ab5be72
--- /dev/null
+++ b/ansible/roles/easyrsa/tasks/main.yml
@@ -0,0 +1,4 @@
+- name: EasyRSA install
+  include: install.yml
+  tags: install
+
diff --git a/ansible/roles/easyrsa/vars/main.yml b/ansible/roles/easyrsa/vars/main.yml
new file mode 100644
index 0000000..48dcb2e
--- /dev/null
+++ b/ansible/roles/easyrsa/vars/main.yml
@@ -0,0 +1,8 @@
+easyrsa_tmp: "/tmp"
+
+easyrsa_src: {
+  url: "https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz",
+  dest: "{{ easyrsa_tmp }}/EasyRSA-unix-v3.0.6.tgz",
+  creates: "/opt/easyrsa"
+}
+

From e0183d4df8c7a5a863c02997c2007d068709bd54 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Tue, 19 Feb 2019 18:29:49 +0100
Subject: [PATCH 06/24] roles: add socat as a TLS endpoint

---
 .../list-vagrant/socat/tls-endpoint.service   | 21 ++++++++++
 ansible/list.yml                              |  1 +
 ansible/roles/socat/tasks/install.yml         | 40 +++++++++++++++++++
 ansible/roles/socat/tasks/main.yml            |  4 ++
 ansible/roles/socat/vars/main.yml             |  2 +
 5 files changed, 68 insertions(+)
 create mode 100644 ansible/inventory/host_files/list-vagrant/socat/tls-endpoint.service
 create mode 100644 ansible/roles/socat/tasks/install.yml
 create mode 100644 ansible/roles/socat/tasks/main.yml
 create mode 100644 ansible/roles/socat/vars/main.yml

diff --git a/ansible/inventory/host_files/list-vagrant/socat/tls-endpoint.service b/ansible/inventory/host_files/list-vagrant/socat/tls-endpoint.service
new file mode 100644
index 0000000..88b4db0
--- /dev/null
+++ b/ansible/inventory/host_files/list-vagrant/socat/tls-endpoint.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Create a simple TLS endpoint using socat and keys&certs in /etc/tls-enspoint/ (server.key,server.crt,sa.crt)
+After=network-online.target
+Before=multi-user.target
+DefaultDependencies=no
+
+[Service]
+User=tlsendpoint
+
+ExecStart=/bin/socat openssl-listen:4740,method=TLS1.2,key=/etc/tls-endpoint/server.key,cert=/etc/tls-endpoint/server.crt,cafile=/etc/tls-endpoint/ca.crt,reuseaddr,fork udp-sendto:localhost:4739
+
+# wait 60 seconds before trying to restart the connection
+# if it disconnects
+RestartSec=60
+
+# keep retrying no matter what
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/ansible/list.yml b/ansible/list.yml
index c546ec0..abc8112 100644
--- a/ansible/list.yml
+++ b/ansible/list.yml
@@ -13,3 +13,4 @@
     - { role: warden-client, tags: warden-client }
     - { role: easyrsa, tags: easyrsa }
     - { role: fail2ban, tags: fail2ban }
+    - { role: socat, tags: socat }
diff --git a/ansible/roles/socat/tasks/install.yml b/ansible/roles/socat/tasks/install.yml
new file mode 100644
index 0000000..fc4a854
--- /dev/null
+++ b/ansible/roles/socat/tasks/install.yml
@@ -0,0 +1,40 @@
+- name: Check for TLS endpoint configuration (tls-endpoint.service)
+  local_action: stat path={{ tlsendpoint_service }}
+  become: false
+  register: tlsendpoint_service_file
+  ignore_errors: True
+
+- name: Install socat
+  yum: "name=socat state=installed"
+  when: tlsendpoint_service_file.stat.exists
+
+- name: Copy tls-endpoint.service configuration
+  copy:
+    src: "{{ tlsendpoint_service }}"
+    dest: /etc/systemd/system/tls-endpoint.service
+  when: tlsendpoint_service_file.stat.exists
+
+- name: Create a system user tlsendpoint
+  user:
+    name: tlsendpoint
+    system: yes
+    state: present
+    create_home: no
+  when: tlsendpoint_service_file.stat.exists
+
+- name: Create directory for TLS certificates
+  file:
+    path: /etc/tls-endpoint/
+    state: directory
+    owner: tlsendpoint
+  when: tlsendpoint_service_file.stat.exists
+
+- name: Create README for tlsendpoint
+  copy:
+    content: >
+      Put server.key, server.crt, ca.crt into this directory and execute
+      systemctl enable tlsendpoint
+      service tlsendpoint start
+    dest: /etc/tls-endpoint/README
+  when: tlsendpoint_service_file.stat.exists
+
diff --git a/ansible/roles/socat/tasks/main.yml b/ansible/roles/socat/tasks/main.yml
new file mode 100644
index 0000000..97d6935
--- /dev/null
+++ b/ansible/roles/socat/tasks/main.yml
@@ -0,0 +1,4 @@
+- name: Socat install
+  include: install.yml
+  tags: install
+
diff --git a/ansible/roles/socat/vars/main.yml b/ansible/roles/socat/vars/main.yml
new file mode 100644
index 0000000..bdcb242
--- /dev/null
+++ b/ansible/roles/socat/vars/main.yml
@@ -0,0 +1,2 @@
+tlsendpoint_service: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/socat/tls-endpoint.service"
+

From fbaa3824d9276a4039311d5c20b2a4eb946b62e1 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Sun, 24 Feb 2019 19:18:37 +0100
Subject: [PATCH 07/24] nemea: add missing UniRec templates into ipfixcol
 config

---
 ansible/roles/nemea/tasks/common.yml | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/nemea/tasks/common.yml b/ansible/roles/nemea/tasks/common.yml
index b1a2a55..54db837 100644
--- a/ansible/roles/nemea/tasks/common.yml
+++ b/ansible/roles/nemea/tasks/common.yml
@@ -92,7 +92,25 @@
                                         <bufferSwitch>1</bufferSwitch>
                                         <format>DST_IP,SRC_IP,BYTES,LINK_BIT_FIELD,TIME_FIRST,TIME_LAST,PACKETS,?DST_PORT,?SRC_PORT,DIR_BIT_FIELD,PROTOCOL,?TCP_FLAGS,?TOS,?TTL</format>
                                 </interface>
-                               <!-- VOIP interface -->
+                                <!-- HTTP interface -->
+                                <interface>
+                                        <type>u</type>
+                                        <params>http_data_source</params>
+                                        <ifcTimeout>1000</ifcTimeout>
+                                        <flushTimeout>1000000</flushTimeout>
+                                        <bufferSwitch>1</bufferSwitch>
+                                        <format>DST_IP,SRC_IP,BYTES,LINK_BIT_FIELD,TIME_FIRST,TIME_LAST,?HTTP_REQUEST_AGENT_ID,?HTTP_REQUEST_METHOD_ID,?HTTP_RESPONSE_STATUS_CODE,PACKETS,DST_PORT,SRC_PORT,DIR_BIT_FIELD,PROTOCOL,TCP_FLAGS,?TOS,?TTL,?HTTP_REQUEST_AGENT,?HTTP_REQUEST_HOST,?HTTP_REQUEST_REFERER,?HTTP_REQUEST_URL,?HTTP_RESPONSE_CONTENT_TYPE</format>
+                                </interface>
+                                <!-- DNS interface -->
+                                <interface>
+                                        <type>u</type>
+                                        <params>dns_data_source</params>
+                                        <ifcTimeout>1000</ifcTimeout>
+                                        <flushTimeout>1000000</flushTimeout>
+                                        <bufferSwitch>1</bufferSwitch>
+                                        <format>DST_IP,SRC_IP,BYTES,LINK_BIT_FIELD,TIME_FIRST,TIME_LAST,DNS_RR_TTL,PACKETS,DNS_ANSWERS,DNS_CLASS,DNS_ID,?DNS_PSIZE,DNS_QTYPE,DNS_RLENGTH,?DST_PORT,?SRC_PORT,DIR_BIT_FIELD,?DNS_DO,DNS_RCODE,PROTOCOL,?TCP_FLAGS,?TOS,?TTL,?DNS_NAME,?DNS_RDATA</format>
+                                </interface>
+                                <!-- VOIP interface -->
                                 <interface>
                                         <type>u</type>
                                         <params>voip_data_source</params>

From a3e8509f7198fa6841c4dc361f599b6f9ca0aff6 Mon Sep 17 00:00:00 2001
From: Filip Suster <sustefil@fit.cvut.cz>
Date: Sun, 3 Mar 2019 16:44:21 +0100
Subject: [PATCH 08/24] Blacklistfilter WIP

---
 .../detectors/blacklistfilter_with_af.sup     | 158 ++++++++++++++++++
 .../nemea/detectors/ipblacklistfilter.sup     |  18 --
 .../ipblacklistfilter/bld_userConfigFile.xml  |  56 -------
 .../ipblacklistfilter/userConfigFile.xml      |  68 --------
 .../loggers/ipblacklistfilter_logger.sup      |  13 --
 .../nemea/reporters/reporters.sup             |  27 ++-
 ansible/list.yml                              |  18 +-
 ansible/roles/nemea/meta/main.yml             |   1 +
 ansible/roles/nemea/tasks/common.yml          |  12 +-
 vagrant/Vagrantfile                           |   9 +-
 10 files changed, 199 insertions(+), 181 deletions(-)
 create mode 100644 ansible/inventory/host_files/list-vagrant/nemea/detectors/blacklistfilter_with_af.sup
 delete mode 100644 ansible/inventory/host_files/list-vagrant/nemea/detectors/ipblacklistfilter.sup
 delete mode 100644 ansible/inventory/host_files/list-vagrant/nemea/ipblacklistfilter/bld_userConfigFile.xml
 delete mode 100644 ansible/inventory/host_files/list-vagrant/nemea/ipblacklistfilter/userConfigFile.xml
 delete mode 100644 ansible/inventory/host_files/list-vagrant/nemea/loggers/ipblacklistfilter_logger.sup

diff --git a/ansible/inventory/host_files/list-vagrant/nemea/detectors/blacklistfilter_with_af.sup b/ansible/inventory/host_files/list-vagrant/nemea/detectors/blacklistfilter_with_af.sup
new file mode 100644
index 0000000..18e67f1
--- /dev/null
+++ b/ansible/inventory/host_files/list-vagrant/nemea/detectors/blacklistfilter_with_af.sup
@@ -0,0 +1,158 @@
+<module>
+<name>blacklist_downloader</name>
+<enabled>true</enabled>
+<path>/usr/bin/nemea/bl_downloader.py</path>
+<params>--repo-path /data/blacklistfilter/blacklist_repo</params>
+<trapinterfaces/>
+</module>
+
+<module>
+<name>ipblacklistfilter</name>
+<enabled>true</enabled>
+<path>/usr/bin/nemea/ipblacklistfilter</path>
+<params/>
+<trapinterfaces>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>IN</direction>
+  <params>flow_data_source</params>
+</interface>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>OUT</direction>
+  <params>ipblacklist_aggregator_ur_sock</params>
+</interface>
+</trapinterfaces>
+</module>
+
+<module>
+<name>ipblacklist_aggregator_ur</name>
+<enabled>true</enabled>
+<path>/usr/bin/nemea/agg</path>
+<params>-k SRC_IP -k DST_IP -k PROTOCOL -k DST_PORT -s BYTES -s PACKETS -o SRC_BLACKLIST -o DST_BLACKLIST -t g:60</params>
+<trapinterfaces>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>IN</direction>
+  <params>ipblacklist_aggregator_ur_sock</params>
+</interface>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>OUT</direction>
+  <params>blacklist_aggregator_ip:timeout=1000</params>
+</interface>
+</trapinterfaces>
+</module>
+
+<module>
+<name>blacklist_aggregator_json</name>
+<enabled>true</enabled>
+<path>/usr/bin/nemea/blacklist_aggregator.py</path>
+<params>-t 5</params>
+<trapinterfaces>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>IN</direction>
+  <params>blacklist_aggregator_ip</params>
+</interface>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>IN</direction>
+  <params>blacklist_aggregator_url</params>
+</interface>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>OUT</direction>
+  <params>adaptive_ip_url2:timeout=NO_WAIT</params>
+</interface>
+</trapinterfaces>
+</module>
+
+<module>
+<name>urlblacklistfilter</name>
+<enabled>true</enabled>
+<path>/usr/bin/nemea/urlblacklistfilter</path>
+<params/>
+<trapinterfaces>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>IN</direction>
+  <params>http_data_source</params>
+</interface>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>OUT</direction>
+  <params>blacklist_aggregator_url</params>
+</interface>
+</trapinterfaces>
+</module>
+
+<module>
+<name>dnsblacklistfilter</name>
+<enabled>true</enabled>
+<path>/usr/bin/nemea/dnsblacklistfilter</path>
+<params/>
+<trapinterfaces>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>IN</direction>
+  <params>dns_data_source</params>
+</interface>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>OUT</direction>
+  <params>adaptive_dns</params>
+</interface>
+</trapinterfaces>
+</module>
+
+<module>
+<name>adaptive_ipblacklistfilter</name>
+<enabled>true</enabled>
+<path>/usr/bin/nemea/ipblacklistfilter</path>
+<params>-4 /tmp/blacklistfilter/adaptive.blist</params>
+<trapinterfaces>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>IN</direction>
+  <params>flow_data_source</params>
+</interface>
+<interface>
+  <type>FILE</type>
+  <direction>OUT</direction>
+  <params>/data/blacklistfilter/evidence_adaptive</params>
+</interface>
+</trapinterfaces>
+</module>
+
+<module>
+<name>adaptive_filter</name>
+<enabled>true</enabled>
+<path>/usr/bin/nemea/adaptive_filter</path>
+<params>-p 30 -l 20 -e 300</params>
+<trapinterfaces>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>IN</direction>
+  <params>adaptive_ip_url2</params>
+</interface>
+
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>IN</direction>
+  <params>adaptive_dns</params>
+</interface>
+
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>OUT</direction>
+  <params>blacklist2idea_sock:timeout=NO_WAIT</params>
+</interface>
+
+<interface>
+  <type>FILE</type>
+  <direction>OUT</direction>
+  <params>/data/blacklistfilter/evidence_detection</params>
+</interface>
+</trapinterfaces>
+</module>
\ No newline at end of file
diff --git a/ansible/inventory/host_files/list-vagrant/nemea/detectors/ipblacklistfilter.sup b/ansible/inventory/host_files/list-vagrant/nemea/detectors/ipblacklistfilter.sup
deleted file mode 100644
index a083fee..0000000
--- a/ansible/inventory/host_files/list-vagrant/nemea/detectors/ipblacklistfilter.sup
+++ /dev/null
@@ -1,18 +0,0 @@
-<module>
-<name>ipblacklistfilter</name>
-<enabled>true</enabled>
-<path>/usr/bin/nemea/ipblacklistfilter</path>
-<params>-D</params>
-<trapinterfaces>
-<interface>
-  <type>UNIXSOCKET</type>
-  <direction>IN</direction>
-  <params>flow_data_source</params>
-</interface>
-<interface>
-  <type>TCP</type>
-  <direction>OUT</direction>
-  <params>12006</params>
-</interface>
-</trapinterfaces>
-</module>
diff --git a/ansible/inventory/host_files/list-vagrant/nemea/ipblacklistfilter/bld_userConfigFile.xml b/ansible/inventory/host_files/list-vagrant/nemea/ipblacklistfilter/bld_userConfigFile.xml
deleted file mode 100644
index 0163cfd..0000000
--- a/ansible/inventory/host_files/list-vagrant/nemea/ipblacklistfilter/bld_userConfigFile.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-    <struct name="main struct">
-        <!-- Array with information about public blacklist -->
-        <array name="blacklist_arr">
-            <struct>
-                <!-- ID of the blacklist, blacklisted flows are flagged with corresponding ID of blacklist
-                     BEWARE: Could be number from interval <0, 63> -->
-                <element name="id">1</element>
-                <!-- Method of retrieving blacklist, currently supported is only web via wget tool -->
-                <element name="method">web</element>
-                <!-- Name of the blacklist, module uses this name to choose which blacklist to use -->
-                <element name="name">ZeuS tracker</element>
-                <!-- Address from which the blacklist will be downloaded -->
-                <element name="source">https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist</element>
-                <!-- Type of blacklist, only informational value -->
-                <element name="type">BOTNET</element>
-                <!-- Regular expression to extract needed information (IP for example) from blacklist source -->
-                <element name="regex">\b((2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)\.){3}(2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)((/(3[012]|[12]?[0-9]))?)\b</element>
-            </struct>
-            <struct>
-                <element name="id">2</element>
-                <element name="method">web</element>
-                <element name="source">https://feodotracker.abuse.ch/blocklist.php?download=ipblocklist</element>
-                <element name="name">Feodo tracker</element>
-                <element name="type">BOTNET</element>
-                <element name="regex">\b((2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)\.){3}(2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)((/(3[012]|[12]?[0-9]))?)\b</element>
-            </struct>
-            <struct>
-                <element name="id">3</element>
-                <element name="method">web</element>
-                <element name="source">http://www.spamhaus.org/drop/drop.txt</element>
-                <element name="name">Spamhaus</element>
-                <element name="type">SPAM</element>
-                <element name="regex">\b((2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)\.){3}(2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)((/(3[012]|[12]?[0-9]))?)\b</element>
-            </struct>
-            <struct>
-                <element name="id">4</element>
-                <element name="method">web</element>
-                <element name="source">http://torstatus.blutmagie.de/ip_list_exit.php</element>
-                <element name="name">TOR</element>
-                <element name="type">Proxy</element>
-                <element name="regex">\b((2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)\.){3}(2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)((/(3[012]|[12]?[0-9]))?)\b</element>
-            </struct>
-            <struct>
-                <element name="id">5</element>
-                <element name="method">web</element>
-                <element name="source">https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt</element>
-                <element name="name">Ransomware Tracker</element>
-                <element name="type">Ransomware</element>
-                <element name="regex">\b((2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)\.){3}(2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)((/(3[012]|[12]?[0-9]))?)\b</element>
-            </struct>
-        </array>
-    </struct>
-</configuration>
-
diff --git a/ansible/inventory/host_files/list-vagrant/nemea/ipblacklistfilter/userConfigFile.xml b/ansible/inventory/host_files/list-vagrant/nemea/ipblacklistfilter/userConfigFile.xml
deleted file mode 100644
index 3c48e5d..0000000
--- a/ansible/inventory/host_files/list-vagrant/nemea/ipblacklistfilter/userConfigFile.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-    <struct name="main struct">
-        <!-- Name of the file with blacklisted IP (or prefixes).
-             If static mode is used, this file is edited by user with static
-             entries.
-             If dynamic mode is used, this file will be edited by blacklist
-             downloader, which will store downloaded public blacklist records
-             to it in periodic intervals. -->
-        <element name="file">
-            /data/ipblacklistfilter/bl_records.txt
-        </element>
-        <!-- Could be 'static' or 'dynamic' (see above for explanation). -->
-        <element name="update_mode">
-            dynamic
-        </element>
-        <!-- This value is used only in dynamic mode.
-             This value is optional with default value 300 (seconds).
-             Delay specify time interval (in seconds) between each update done
-             by blacklist downloader. -->
-        <!--
-        <element name="delay">
-            300
-        </element>
-        -->
-        <!-- This array is used only in dynamic mode.
-             It specifies which public blacklist will be used. Names of the
-             blacklists are specified in user configuration XML file for
-             blacklist downloader (default: bld_userConfigurationFile.xml). -->
-        <array name="blacklist_arr">
-            <element>
-                ZeuS tracker
-            </element>
-            <element>
-                TOR
-            </element>
-        </array>
-        <!-- This value is used only in dynamic mode.
-             This value is optional with default value 1024 (characters).
-             Value specify maximum length (in characters) of 1 line in
-             downloaded blacklists record file.
-             Default value is sufficient in most cases. -->
-        <!--
-        <element name="line_max_len">
-            1024
-        </element>
-        -->
-        <!-- This value is used only in dynamic mode.
-             This value is optional with default value 64 (characters).
-             Value specify maximum length (in characters) of 1 blacklist
-             record (in case of IP blacklist, this record is IP address).-->
-        <!--
-        <element name="element_max_len">
-            64
-        </element>
-        -->
-        <!-- This value is used only in dynamic mode.
-             This value is optional with default value 10000 (records).
-             Value specify maximum count of blacklisted records that will
-             blacklist downloader process.
-             Default value is sufficient in most cases. -->
-        <!--
-        <element name="element_max_cnt">
-            10000
-        </element>
-        -->
-    </struct>
-</configuration>
diff --git a/ansible/inventory/host_files/list-vagrant/nemea/loggers/ipblacklistfilter_logger.sup b/ansible/inventory/host_files/list-vagrant/nemea/loggers/ipblacklistfilter_logger.sup
deleted file mode 100644
index dd04f03..0000000
--- a/ansible/inventory/host_files/list-vagrant/nemea/loggers/ipblacklistfilter_logger.sup
+++ /dev/null
@@ -1,13 +0,0 @@
-<module>
-<name>ipblacklistfilter_logger</name>
-<enabled>true</enabled>
-<path>/usr/bin/nemea/logger</path>
-<params>-t -T -a /data/ipblacklistfilter/detected.log</params>
-<trapinterfaces>
-<interface>
-  <type>TCP</type>
-  <direction>IN</direction>
-  <params>12006</params>
-</interface>
-</trapinterfaces>
-</module>
diff --git a/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup b/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup
index 1e1026a..c9a35c6 100644
--- a/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup
+++ b/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup
@@ -26,20 +26,6 @@
   </trapinterfaces>
 </module>
 
-<module>
-  <name>ipblacklist2idea</name>
-  <enabled>true</enabled>
-  <path>/usr/bin/nemea/ipblacklist2idea.py</path>
-  <params>-n cz.cesnet.nemea.ipblacklist --warden=/etc/warden/ipblacklist.cfg -c /etc/nemea/reporters-config.yml</params>
-  <trapinterfaces>
-    <interface>
-      <type>TCP</type>
-      <direction>IN</direction>
-      <params>12006</params>
-    </interface>
-  </trapinterfaces>
-</module>
-
 <module>
   <name>vportscan2idea</name>
   <enabled>true</enabled>
@@ -154,3 +140,16 @@
 </trapinterfaces>
 </module>
 
+<module>
+<name>blacklist2idea</name>
+<enabled>true</enabled>
+<path>/usr/bin/nemea/blacklist2idea.py</path>
+<params>--blacklist-config /etc/nemea/blacklistfilter/bl_downloader_config.xml -c /etc/nemea/reporters-config.yml</params>
+<trapinterfaces>
+<interface>
+  <type>UNIXSOCKET</type>
+  <direction>IN</direction>
+  <params>blacklist2idea_sock</params>
+</interface>
+</trapinterfaces>
+</module>
diff --git a/ansible/list.yml b/ansible/list.yml
index ec54797..b42a287 100644
--- a/ansible/list.yml
+++ b/ansible/list.yml
@@ -1,13 +1,13 @@
 - hosts: list
   force_handlers: true
   roles:
-    - { role: settings, tags: settings }
-    - { role: nemea-dashboard, tags: nemea-dashboard }
-    - { role: liberoutergui, tags: liberoutergui }
-    - { role: scgui, tags: scgui }
+    # - { role: settings, tags: settings }
+    # - { role: nemea-dashboard, tags: nemea-dashboard }
+    # - { role: liberoutergui, tags: liberoutergui }
+    # - { role: scgui, tags: scgui }
     - { role: nemea, tags: nemea }
-    - { role: munin, tags: munin }
-    - { role: ipfixcol, tags: ipfixcol }
-    - { role: nemea-status, tags: nemea-status }
-    - { role: main-page, tags: main-page }
-    - { role: warden-client, tags: warden-client }
\ No newline at end of file
+    # - { role: munin, tags: munin }
+    # - { role: ipfixcol, tags: ipfixcol }
+    # - { role: nemea-status, tags: nemea-status }
+    # - { role: main-page, tags: main-page }
+    # - { role: warden-client, tags: warden-client }
\ No newline at end of file
diff --git a/ansible/roles/nemea/meta/main.yml b/ansible/roles/nemea/meta/main.yml
index a78252e..4fede6c 100644
--- a/ansible/roles/nemea/meta/main.yml
+++ b/ansible/roles/nemea/meta/main.yml
@@ -1,4 +1,5 @@
 dependencies:
   - common
+  - epel
   - { role: warden-client, tags: warden-client }
   - { role: ipfixcol, tags: ipfixcol }
diff --git a/ansible/roles/nemea/tasks/common.yml b/ansible/roles/nemea/tasks/common.yml
index b1a2a55..12ad757 100644
--- a/ansible/roles/nemea/tasks/common.yml
+++ b/ansible/roles/nemea/tasks/common.yml
@@ -5,7 +5,8 @@
     archive: no
     recursive: yes
     times: yes
-    delete: yes
+    delete: no
+    rsync_path: "sudo rsync"
     rsync_opts:
       - "--omit-dir-times"
       - "--exclude=supervisor_config_gener.xml"
@@ -72,6 +73,14 @@
   notify:
     - Restart NEMEA supervisor
 
+# Hotfix for adaptive blacklistfilter
+- name: Init adaptive blacklist
+  file:
+      path: "/tmp/blacklistfilter/adaptive.blist"
+      state: touch
+      mode: 0777
+
+
 - name: Add configuration to startup.xml
   blockinfile:
     dest: "{{ ipfixcol_startup_xml.dest }}"
@@ -111,4 +120,3 @@
     src: "/usr/bin/nemea/link_traff2json.py"
     mode: 0755
     remote_src: yes
-
diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile
index 1a52220..22b73a5 100644
--- a/vagrant/Vagrantfile
+++ b/vagrant/Vagrantfile
@@ -22,9 +22,16 @@ Vagrant.configure(2) do |config|
     list.vm.network "forwarded_port", guest: 4739, host: 4739, protocol: "udp"
 
     list.vm.provision :ansible do |ansible|
-      ansible.playbook = "../ansible/site.yml"
+      ansible.playbook = "../ansible/list.yml"
       ansible.inventory_path = "../ansible/inventory/hosts"
       ansible.tags = "install"
+      ansible.raw_arguments = [
+        "--skip-tags=ipfixcol",
+                     # --skip-tags=liberoutergui,main-page,nemea-dashboard,nemea-status,munin,ipfixcol,scgui,nagios,
+                     # nagios-client,warden-client",
+        "-vvv",
+      ]
+
     end
 
   end

From 73d784c9c1661fd3f7aba157fd6d064d4f0ad1de Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Thu, 8 Aug 2019 10:20:14 +0200
Subject: [PATCH 09/24] revert change that commented list's roles out

---
 ansible/list.yml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/ansible/list.yml b/ansible/list.yml
index b42a287..6886b70 100644
--- a/ansible/list.yml
+++ b/ansible/list.yml
@@ -1,13 +1,13 @@
 - hosts: list
   force_handlers: true
   roles:
-    # - { role: settings, tags: settings }
-    # - { role: nemea-dashboard, tags: nemea-dashboard }
-    # - { role: liberoutergui, tags: liberoutergui }
-    # - { role: scgui, tags: scgui }
+    - { role: settings, tags: settings }
+    - { role: nemea-dashboard, tags: nemea-dashboard }
+    - { role: liberoutergui, tags: liberoutergui }
+    - { role: scgui, tags: scgui }
     - { role: nemea, tags: nemea }
-    # - { role: munin, tags: munin }
-    # - { role: ipfixcol, tags: ipfixcol }
-    # - { role: nemea-status, tags: nemea-status }
-    # - { role: main-page, tags: main-page }
-    # - { role: warden-client, tags: warden-client }
\ No newline at end of file
+    - { role: munin, tags: munin }
+    - { role: ipfixcol, tags: ipfixcol }
+    - { role: nemea-status, tags: nemea-status }
+    - { role: main-page, tags: main-page }
+    - { role: warden-client, tags: warden-client }

From 7bd7cf08ac40dc849c315faf4a6ce7deeb28bb45 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Thu, 8 Aug 2019 10:52:33 +0200
Subject: [PATCH 10/24] moved data.ipfix.bz2 to github (from dior, which
 returned 404)

---
 Readme.md                                | 2 +-
 ansible/inventory/host_vars/list-vagrant | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Readme.md b/Readme.md
index addb519..ca83d14 100644
--- a/Readme.md
+++ b/Readme.md
@@ -80,7 +80,7 @@ hostname: list-demo.liberouter.org
 timezone: Europe/Prague
 scgui_history_minutes: 120
 scgui_branch: devel
-sample_data_src: "https://dior.ics.muni.cz/~velan/dowload/data.ipfix.bz2"
+sample_data_src: "https://github.com/CESNET/LiST/releases/download/v0.1-beta/data.ipfix.bz2"
 mongod_cachesizeGB: 1
 nagios_client_hostgroups: [nemea-collectors, list]
 nagios_client_contacts: []
diff --git a/ansible/inventory/host_vars/list-vagrant b/ansible/inventory/host_vars/list-vagrant
index 24940bb..25e84da 100644
--- a/ansible/inventory/host_vars/list-vagrant
+++ b/ansible/inventory/host_vars/list-vagrant
@@ -2,7 +2,7 @@ hostname: list-vagrant
 timezone: Europe/Prague
 scgui_history_minutes: 120
 scgui_branch: master
-sample_data_src: "https://dior.ics.muni.cz/~velan/dowload/data.ipfix.bz2"
+sample_data_src: "https://github.com/CESNET/LiST/releases/download/v0.1-beta/data.ipfix.bz2"
 mongod_cachesizeGB: 0.25
 
 nagios_client_hostgroups: [nemea-collectors, list]

From 318108a6e5697f076c415119b751f90ac484ab6b Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Thu, 8 Aug 2019 11:04:57 +0200
Subject: [PATCH 11/24] nemea: blacklistfilter - fixed missing directory

---
 ansible/roles/nemea/tasks/common.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ansible/roles/nemea/tasks/common.yml b/ansible/roles/nemea/tasks/common.yml
index 12ad757..aac2bd5 100644
--- a/ansible/roles/nemea/tasks/common.yml
+++ b/ansible/roles/nemea/tasks/common.yml
@@ -74,6 +74,11 @@
     - Restart NEMEA supervisor
 
 # Hotfix for adaptive blacklistfilter
+- name: Init adaptive blacklist dir
+  file:
+      path: "/tmp/blacklistfilter/"
+      state: directory
+      mode: 0777
 - name: Init adaptive blacklist
   file:
       path: "/tmp/blacklistfilter/adaptive.blist"

From bd710d47103ed952619cf4341363208dc8edd548 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Thu, 8 Aug 2019 12:52:47 +0200
Subject: [PATCH 12/24] vagrantfile: partial reverted example of
 ansible.raw_arguments

---
 vagrant/Vagrantfile | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile
index 22b73a5..cc00e00 100644
--- a/vagrant/Vagrantfile
+++ b/vagrant/Vagrantfile
@@ -25,12 +25,10 @@ Vagrant.configure(2) do |config|
       ansible.playbook = "../ansible/list.yml"
       ansible.inventory_path = "../ansible/inventory/hosts"
       ansible.tags = "install"
-      ansible.raw_arguments = [
-        "--skip-tags=ipfixcol",
-                     # --skip-tags=liberoutergui,main-page,nemea-dashboard,nemea-status,munin,ipfixcol,scgui,nagios,
-                     # nagios-client,warden-client",
-        "-vvv",
-      ]
+      #ansible.raw_arguments = [
+      #  "--skip-tags=nagios,warden-client",
+      #  -vvv",
+      #]
 
     end
 

From 438f6219c59927d3310f7a082af213d624adfa9d Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Fri, 9 Aug 2019 20:13:27 +0200
Subject: [PATCH 13/24] migrate to python3

---
 .../list-vagrant/nemea/reporters-config.yml   |  8 +-
 .../nemea/reporters/reporters.sup             | 30 ++++---
 ansible/list.yml                              |  2 +
 .../roles/liberoutergui/files/10-wsgi.conf    |  2 +-
 ansible/roles/liberoutergui/meta/main.yml     |  2 +-
 ansible/roles/liberoutergui/tasks/common.yml  |  4 +-
 ansible/roles/liberoutergui/tasks/install.yml |  2 +-
 ansible/roles/liberoutergui/vars/main.yml     |  2 +-
 ansible/roles/mongodb/meta/main.yml           |  1 +
 ansible/roles/mongodb/tasks/install.yml       |  8 +-
 ansible/roles/mongodb/vars/main.yml           |  5 +-
 ansible/roles/nemea-dashboard/meta/main.yml   |  2 +-
 ansible/roles/nemea-dashboard/vars/main.yml   |  4 +-
 ansible/roles/nemea/tasks/common.yml          |  6 ++
 ansible/roles/pip3.4/tasks/install.yml        | 10 ---
 ansible/roles/pip3.4/vars/main.yml            |  7 --
 .../roles/{pip3.4 => python3}/meta/main.yml   |  0
 ansible/roles/python3/tasks/install.yml       | 10 +++
 .../roles/{pip3.4 => python3}/tasks/main.yml  |  0
 ansible/roles/python3/vars/main.yml           |  2 +
 .../warden-client/files/warden_client.cfg     | 20 +++++
 .../warden-client/files/warden_client.py      |  2 +-
 .../roles/warden-client/files/warden_filer.py |  4 +-
 ansible/roles/warden-client/tasks/common.yml  | 85 +++++++++++++++++++
 ansible/roles/warden-client/vars/main.yml     |  3 +-
 .../httpd/conf.modules.d-warden/10-wsgi.conf  |  3 +-
 .../files/install/generate-warden-cfg.sh      | 17 +---
 .../warden3/warden_server_3/warden_server.py  |  2 +-
 .../warden_server_3/warden_server.wsgi        |  2 +-
 ansible/roles/warden-server/meta/main.yml     |  1 +
 ansible/roles/warden-server/tasks/install.yml | 12 +--
 ansible/roles/warden-server/vars/main.yml     |  5 +-
 ansible/site.yml                              |  2 +-
 vagrant/Vagrantfile                           | 12 +--
 34 files changed, 195 insertions(+), 82 deletions(-)
 delete mode 100644 ansible/roles/pip3.4/tasks/install.yml
 delete mode 100644 ansible/roles/pip3.4/vars/main.yml
 rename ansible/roles/{pip3.4 => python3}/meta/main.yml (100%)
 create mode 100644 ansible/roles/python3/tasks/install.yml
 rename ansible/roles/{pip3.4 => python3}/tasks/main.yml (100%)
 create mode 100644 ansible/roles/python3/vars/main.yml
 create mode 100644 ansible/roles/warden-client/files/warden_client.cfg

diff --git a/ansible/inventory/host_files/list-vagrant/nemea/reporters-config.yml b/ansible/inventory/host_files/list-vagrant/nemea/reporters-config.yml
index 2ad42c3..588d1eb 100644
--- a/ansible/inventory/host_files/list-vagrant/nemea/reporters-config.yml
+++ b/ansible/inventory/host_files/list-vagrant/nemea/reporters-config.yml
@@ -1,3 +1,5 @@
+---
+namespace: com.example.list_vagrant.nemea
 smtp_connections:
   - id: mylocalserver
 custom_actions:
@@ -6,9 +8,13 @@ custom_actions:
        host: localhost
        db: nemeadb
        collection: alerts_new
-  - id: store_warden
+  - id: warden
     warden:
       url: https://localhost/warden/
+  - id: store_warden
+    file:
+      path: /data/warden/incoming/
+      temp_path: /data/warden/temp/
   - id: file
     file:
        path: /dev/stdout
diff --git a/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup b/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup
index 4f3faa8..10627c6 100644
--- a/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup
+++ b/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup
@@ -2,7 +2,7 @@
   <name>hoststats2idea</name>
   <enabled>true</enabled>
   <path>/usr/bin/nemea/hoststats2idea.py</path>
-  <params>-n cz.cesnet.nemea.hoststats --warden=/etc/warden/hoststats.cfg -c /etc/nemea/reporters-config.yml</params>
+  <params>-c /etc/nemea/reporters-config.yml</params>
   <trapinterfaces>
     <interface>
       <type>TCP</type>
@@ -16,7 +16,7 @@
   <name>amplification2idea</name>
   <enabled>true</enabled>
   <path>/usr/bin/nemea/amplification2idea.py</path>
-  <params>-n cz.cesnet.nemea.amplificationdetector --warden=/etc/warden/amplificationdetector.cfg -c /etc/nemea/reporters-config.yml</params>
+  <params>-c /etc/nemea/reporters-config.yml</params>
   <trapinterfaces>
     <interface>
       <type>TCP</type>
@@ -30,7 +30,7 @@
   <name>blacklist2idea</name>
   <enabled>true</enabled>
   <path>/usr/bin/nemea/blacklist2idea.py</path>
-  <params>--name=cz.cesnet.nemea.blacklist --warden=/etc/warden/blacklist.cfg -c /etc/nemea/reporters-config.yml</params>
+  <params>-c /etc/nemea/reporters-config.yml</params>
   <trapinterfaces>
     <interface>
       <type>TCP</type>
@@ -44,7 +44,7 @@
   <name>vportscan2idea</name>
   <enabled>true</enabled>
   <path>/usr/bin/nemea/vportscan2idea.py</path>
-  <params>-n cz.cesnet.nemea.vportscan --warden=/etc/warden/vportscan.cfg -c /etc/nemea/reporters-config.yml</params>
+  <params>-c /etc/nemea/reporters-config.yml</params>
   <trapinterfaces>
     <interface>
       <type>TCP</type>
@@ -58,7 +58,7 @@
   <name>bruteforce2idea</name>
   <enabled>true</enabled>
   <path>/usr/bin/nemea/bruteforce2idea.py</path>
-  <params>-n cz.cesnet.nemea.bruteforce --warden=/etc/warden/bruteforce.cfg -c /etc/nemea/reporters-config.yml</params>
+  <params>-c /etc/nemea/reporters-config.yml</params>
   <trapinterfaces>
     <interface>
       <type>UNIXSOCKET</type>
@@ -72,7 +72,7 @@
   <name>voipfraud2idea</name>
   <enabled>true</enabled>
   <path>/usr/bin/nemea/voipfraud2idea.py</path>
-  <params>-n cz.cesnet.nemea.voipfraud_detection --warden=/etc/warden/voipfraud_detection.cfg -c /etc/nemea/reporters-config.yml</params>
+  <params>-c /etc/nemea/reporters-config.yml</params>
   <trapinterfaces>
     <interface>
       <type>TCP</type>
@@ -86,7 +86,7 @@
   <name>dnstunnel2idea</name>
   <enabled>false</enabled>
   <path>/usr/bin/nemea/dnstunnel2idea.py</path>
-  <params>-n cz.cesnet.nemea.dnstunnel --warden=/etc/warden/dnstunnel.cfg -c /etc/nemea/reporters-config.yml</params>
+  <params>-c /etc/nemea/reporters-config.yml</params>
   <trapinterfaces>
     <interface>
       <type>TCP</type>
@@ -102,7 +102,7 @@
 <name>haddrscan2idea</name>
 <enabled>true</enabled>
 <path>/usr/bin/nemea/haddrscan2idea.py</path>
-<params>-n cz.cesnet.nemea.haddrscan -c /etc/nemea/reporters-config.yml</params>
+<params>-c /etc/nemea/reporters-config.yml</params>
 <trapinterfaces>
 <interface>
   <type>TCP</type>
@@ -116,7 +116,7 @@
   <name>ddos_detector2idea</name>
   <enabled>true</enabled>
   <path>/usr/bin/nemea/ddos_detector2idea.py</path>
-  <params>-n cz.cesnet.nemea.ddos_detector -c /etc/nemea/reporters-config.yml</params>
+  <params>-c /etc/nemea/reporters-config.yml</params>
   <trapinterfaces>
     <interface>
       <type>UNIXSOCKET</type>
@@ -130,7 +130,7 @@
 <name>minerdetector2idea</name>
 <enabled>false</enabled>
 <path>/usr/bin/nemea/minerdetector2idea.py</path>
-<params>-n cz.cesnet.nemea.miner_detector -c /etc/nemea/reporters-config.yml</params>
+<params>-c /etc/nemea/reporters-config.yml</params>
 <trapinterfaces>
 <interface>
   <type>UNIXSOCKET</type>
@@ -144,7 +144,7 @@
 <name>sipbf2idea</name>
 <enabled>true</enabled>
 <path>/usr/bin/nemea/sipbf2idea.py</path>
-<params>-n cz.cesnet.nemea.sip_bf_detector -c /etc/nemea/reporters-config.yml</params>
+<params>-c /etc/nemea/reporters-config.yml</params>
 <trapinterfaces>
 <interface>
   <type>TCP</type>
@@ -154,3 +154,11 @@
 </trapinterfaces>
 </module>
 
+<module>
+  <name>warden_filer</name>
+  <enabled>true</enabled>
+  <path>/usr/bin/nemea/nemea_warden_filer</path>
+  <params>-c /etc/nemea/reporters-config.yml -w /etc/warden/filer/warden_client.cfg</params>
+</module>
+
+
diff --git a/ansible/list.yml b/ansible/list.yml
index 6886b70..a20a869 100644
--- a/ansible/list.yml
+++ b/ansible/list.yml
@@ -1,5 +1,7 @@
 - hosts: list
   force_handlers: true
+  environment:
+    PATH: /usr/local/bin:{{ ansible_env.PATH }}
   roles:
     - { role: settings, tags: settings }
     - { role: nemea-dashboard, tags: nemea-dashboard }
diff --git a/ansible/roles/liberoutergui/files/10-wsgi.conf b/ansible/roles/liberoutergui/files/10-wsgi.conf
index ff5a016..b0f511f 100644
--- a/ansible/roles/liberoutergui/files/10-wsgi.conf
+++ b/ansible/roles/liberoutergui/files/10-wsgi.conf
@@ -1 +1 @@
-LoadModule wsgi_module /usr/lib64/python3.4/site-packages/mod_wsgi/server/mod_wsgi-py34.cpython-34m.so
+LoadModule wsgi_module /usr/local/lib64/python3.6/site-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so
diff --git a/ansible/roles/liberoutergui/meta/main.yml b/ansible/roles/liberoutergui/meta/main.yml
index 05a8193..66e109a 100644
--- a/ansible/roles/liberoutergui/meta/main.yml
+++ b/ansible/roles/liberoutergui/meta/main.yml
@@ -1,7 +1,7 @@
 dependencies:
   - common
   - epel
+  - python3
   - mongodb
-  - pip3.4
   - { role: nemea, tags: nemea }
   - { role: apache, tags: apache }
diff --git a/ansible/roles/liberoutergui/tasks/common.yml b/ansible/roles/liberoutergui/tasks/common.yml
index f92de1d..ee2425c 100644
--- a/ansible/roles/liberoutergui/tasks/common.yml
+++ b/ansible/roles/liberoutergui/tasks/common.yml
@@ -53,7 +53,9 @@
   pip:
     requirements: "{{ liberoutergui_path }}/backend/requirements.txt"
     virtualenv: "{{ liberoutergui_path }}/backend/venv"
-    virtualenv_python: python3.4
+    virtualenv_python: python3.6
     virtualenv_site_packages: yes
+    virtualenv_command: virtualenv-3
     state: latest
   notify: Apache restart
+
diff --git a/ansible/roles/liberoutergui/tasks/install.yml b/ansible/roles/liberoutergui/tasks/install.yml
index 1758e97..a059b51 100644
--- a/ansible/roles/liberoutergui/tasks/install.yml
+++ b/ansible/roles/liberoutergui/tasks/install.yml
@@ -7,7 +7,7 @@
     executable: pip3
   with_items:  "{{ pip_packages }}"
 
-- name: Load python3.4 wsgi module in Apache
+- name: Load python3.6 wsgi module in Apache
   copy:
     src: "{{ liberoutergui.httpdwsgi.src }}"
     dest: "{{ liberoutergui.httpdwsgi.dest }}"
diff --git a/ansible/roles/liberoutergui/vars/main.yml b/ansible/roles/liberoutergui/vars/main.yml
index 2fbf44b..74f8c91 100644
--- a/ansible/roles/liberoutergui/vars/main.yml
+++ b/ansible/roles/liberoutergui/vars/main.yml
@@ -1,4 +1,4 @@
-packages: [unzip, httpd-devel]
+packages: [unzip, httpd-devel, libffi-devel]
 
 pip_packages: [virtualenv, mod_wsgi]
 
diff --git a/ansible/roles/mongodb/meta/main.yml b/ansible/roles/mongodb/meta/main.yml
index 9d17fb7..0f3462d 100644
--- a/ansible/roles/mongodb/meta/main.yml
+++ b/ansible/roles/mongodb/meta/main.yml
@@ -1,2 +1,3 @@
 dependencies:
   - common
+  - python3
diff --git a/ansible/roles/mongodb/tasks/install.yml b/ansible/roles/mongodb/tasks/install.yml
index d21a82e..de47d7d 100644
--- a/ansible/roles/mongodb/tasks/install.yml
+++ b/ansible/roles/mongodb/tasks/install.yml
@@ -3,9 +3,15 @@
     src: "{{ repo.mongo.src }}"
     dest: "{{ repo.mongo.dest }}"
 
-- name: Install Mongo, python, etc
+- name: Install Mongo
   yum: "name={{ packages }} state=installed"
 
+- name: Install pymongo
+  pip:
+    name: "{{ pip3packages }}"
+    executable: pip3
+    state: latest
+
 - include: common.yml
 
 - name: Start & enable Mongo
diff --git a/ansible/roles/mongodb/vars/main.yml b/ansible/roles/mongodb/vars/main.yml
index c8ed08e..a774d08 100644
--- a/ansible/roles/mongodb/vars/main.yml
+++ b/ansible/roles/mongodb/vars/main.yml
@@ -1,4 +1,5 @@
-packages: [mongodb-org, python-pymongo]
+packages: [mongodb-org,]
+pip3packages: [pymongo,]
 
 repo: {
   mongo: {
@@ -10,4 +11,4 @@ repo: {
 mongod_conf: {
   src: "mongod.conf",
   dest: "/etc/mongod.conf"
-}
\ No newline at end of file
+}
diff --git a/ansible/roles/nemea-dashboard/meta/main.yml b/ansible/roles/nemea-dashboard/meta/main.yml
index 97fbffc..1aa5925 100644
--- a/ansible/roles/nemea-dashboard/meta/main.yml
+++ b/ansible/roles/nemea-dashboard/meta/main.yml
@@ -2,6 +2,6 @@ dependencies:
   - common
   - epel
   - apache
+  - python3
   - mongodb
-  - pip3.4
   - { role: nemea, tags: nemea } # needs user nemead
diff --git a/ansible/roles/nemea-dashboard/vars/main.yml b/ansible/roles/nemea-dashboard/vars/main.yml
index bbeddcb..b60375a 100644
--- a/ansible/roles/nemea-dashboard/vars/main.yml
+++ b/ansible/roles/nemea-dashboard/vars/main.yml
@@ -1,4 +1,4 @@
-packages: [python34]
+packages: [python36]
 
 pip: {
   requirements: "/var/www/html/Nemea-Dashboard/requirements.txt"
@@ -26,4 +26,4 @@ nemea_dashboard_conf: {
   local_file_js: "config.js",
   conf_file: "/var/www/html/Nemea-Dashboard/api/config.json",
   conf_file_js: "/var/www/html/Nemea-Dashboard/public/config.js"
-}
\ No newline at end of file
+}
diff --git a/ansible/roles/nemea/tasks/common.yml b/ansible/roles/nemea/tasks/common.yml
index aac2bd5..ce1250c 100644
--- a/ansible/roles/nemea/tasks/common.yml
+++ b/ansible/roles/nemea/tasks/common.yml
@@ -73,6 +73,12 @@
   notify:
     - Restart NEMEA supervisor
 
+- name: Link warden_filer.py to NEMEA
+  file:
+    path: /usr/bin/nemea/warden_filer.py
+    src: /usr/local/bin/warden_filer.py
+    state: link
+
 # Hotfix for adaptive blacklistfilter
 - name: Init adaptive blacklist dir
   file:
diff --git a/ansible/roles/pip3.4/tasks/install.yml b/ansible/roles/pip3.4/tasks/install.yml
deleted file mode 100644
index d508bcd..0000000
--- a/ansible/roles/pip3.4/tasks/install.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-- name: Install dependencies
-  yum: "name={{ packages }} state=installed"
-
-- name: Get python pip
-  get_url:
-    url: "{{ pip.url }}"
-    dest: "{{ pip.tmp }}"
-
-- name: Install python pip
-  command: python3.4 "{{ pip.tmp }}" creates="{{ pip.creates }}"
\ No newline at end of file
diff --git a/ansible/roles/pip3.4/vars/main.yml b/ansible/roles/pip3.4/vars/main.yml
deleted file mode 100644
index 229d753..0000000
--- a/ansible/roles/pip3.4/vars/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-packages: [python34, python34-devel, "@Development tools"]
-
-pip: {
-  url: "https://bootstrap.pypa.io/get-pip.py",
-  tmp: "/tmp/get-pip.py",
-  creates: "/bin/pip",
-}
\ No newline at end of file
diff --git a/ansible/roles/pip3.4/meta/main.yml b/ansible/roles/python3/meta/main.yml
similarity index 100%
rename from ansible/roles/pip3.4/meta/main.yml
rename to ansible/roles/python3/meta/main.yml
diff --git a/ansible/roles/python3/tasks/install.yml b/ansible/roles/python3/tasks/install.yml
new file mode 100644
index 0000000..09f5b75
--- /dev/null
+++ b/ansible/roles/python3/tasks/install.yml
@@ -0,0 +1,10 @@
+- name: Install dependencies
+  yum: "name={{ packages }} state=installed"
+
+- name: Update pip3
+  pip:
+    name:
+      - setuptools
+    executable: pip3
+    state: latest
+
diff --git a/ansible/roles/pip3.4/tasks/main.yml b/ansible/roles/python3/tasks/main.yml
similarity index 100%
rename from ansible/roles/pip3.4/tasks/main.yml
rename to ansible/roles/python3/tasks/main.yml
diff --git a/ansible/roles/python3/vars/main.yml b/ansible/roles/python3/vars/main.yml
new file mode 100644
index 0000000..01f13cd
--- /dev/null
+++ b/ansible/roles/python3/vars/main.yml
@@ -0,0 +1,2 @@
+packages: [python36, python36-devel, python36-pip, python36-virtualenv, "@Development tools"]
+
diff --git a/ansible/roles/warden-client/files/warden_client.cfg b/ansible/roles/warden-client/files/warden_client.cfg
new file mode 100644
index 0000000..f113885
--- /dev/null
+++ b/ansible/roles/warden-client/files/warden_client.cfg
@@ -0,0 +1,20 @@
+{
+        "warden": {
+                "url": "https://warden-hub.cesnet.cz/warden3",
+                "certfile": "/etc/warden/filer/cert.pem",
+                "keyfile": "/etc/warden/filer/key.pem",
+                "timeout": 60,
+                "get_events_limit": 1000,
+                "syslog": {"level": "warning"},
+                "idstore": "warden_client.id",
+                "name": "automatically-generated"
+        },
+        "sender": {
+                "dir": "/data/warden/",
+                "node": {
+                        "Name": "automatically-generated",
+			"Type": ["Relay"]
+                }
+        }
+}
+
diff --git a/ansible/roles/warden-client/files/warden_client.py b/ansible/roles/warden-client/files/warden_client.py
index 3604e56..6f4b3f1 100644
--- a/ansible/roles/warden-client/files/warden_client.py
+++ b/ansible/roles/warden-client/files/warden_client.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 #
 # Copyright (C) 2011-2015 Cesnet z.s.p.o
diff --git a/ansible/roles/warden-client/files/warden_filer.py b/ansible/roles/warden-client/files/warden_filer.py
index c7ef609..2c410d9 100644
--- a/ansible/roles/warden-client/files/warden_filer.py
+++ b/ansible/roles/warden-client/files/warden_filer.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 #
 # Copyright (C) 2011-2015 Cesnet z.s.p.o
@@ -428,7 +428,7 @@ def get_configs():
 
     # Allow inline or external Warden config
     wconfig = config.get("warden", "warden_client.cfg")
-    if isinstance(wconfig, basestring):
+    if isinstance(wconfig, str):
         wconfig = read_cfg(wconfig)
 
     fconfig = config.get(args.func, {})
diff --git a/ansible/roles/warden-client/tasks/common.yml b/ansible/roles/warden-client/tasks/common.yml
index 777f2c8..08db4c2 100644
--- a/ansible/roles/warden-client/tasks/common.yml
+++ b/ansible/roles/warden-client/tasks/common.yml
@@ -12,3 +12,88 @@
     dest: "{{ warden_filer.dest }}"
     mode: "{{ warden_filer.mode }}"
 
+- name: Create config dir for warden_filer sender
+  file:
+    path: "/etc/warden/filer"
+    state: directory
+    mode: '0750'
+    owner: nemead
+    group: nemead
+
+- name: Copy config for warden_filer sender
+  copy:
+    src: "{{ warden_filer.configsrc }}"
+    dest: "/etc/warden/filer/warden_client.cfg"
+    owner: nemead
+    group: nemead
+    mode: "0640"
+
+- name: Check for generated key and cert
+  stat: path=/opt/warden_server_3/keys/client.key
+  register: warden_filer_key
+  ignore_errors: True
+
+- name: Copy warden_filer key
+  copy:
+    remote_src: True
+    src: "/opt/warden_server_3/keys/client.key"
+    dest: "/etc/warden/filer/key.pem"
+    mode: "0640"
+    owner: nemead
+    group: nemead
+  when: warden_filer_key.stat.exists
+
+- name: Copy warden_filer ca cert
+  copy:
+    remote_src: True
+    src: "/opt/warden_server_3/ca/rootCA.pem"
+    dest: "/etc/warden/filer/rootCA.pem"
+    mode: "0640"
+    owner: nemead
+    group: nemead
+  when: warden_filer_key.stat.exists
+  register: warden_ca_cert
+  ignore_errors: True
+
+- name: Copy warden_filer cert
+  copy:
+    remote_src: True
+    src: "/opt/warden_server_3/keys/client.crt"
+    dest: "/etc/warden/filer/cert.pem"
+    mode: "0640"
+    owner: nemead
+    group: nemead
+  when: warden_filer_key.stat.exists
+
+- name: Insert path to CA cert into config
+  blockinfile:
+    dest: "/etc/warden/filer/warden_client.cfg"
+    insertbefore: '"keyfile": "/etc/warden/filer/key.pem",'
+    marker: '"ansiblecafile{mark}": "1",'
+    backup: yes
+    block: '"cafile": "/etc/warden/filer/rootCA.pem",'
+  when: warden_ca_cert is succeeded
+
+- name: Replace Warden server with localhost in config
+  replace:
+    path: "/etc/warden/filer/warden_client.cfg"
+    regexp: "warden-hub.cesnet.cz"
+    replace: 'localhost:8443'
+  when: warden_ca_cert is succeeded
+
+- name: Clean markers
+  replace:
+    path: "/etc/warden/filer/warden_client.cfg"
+    regexp: '.*ansiblecafile.*'
+    replace: ''
+  when: warden_ca_cert is succeeded
+
+
+- name: Create warden dir for NEMEA
+  file:
+    path: /data/warden/
+    state: directory
+    owner: nemead
+    group: nemead
+
+                
diff --git a/ansible/roles/warden-client/vars/main.yml b/ansible/roles/warden-client/vars/main.yml
index 9fe0b39..970ea2e 100644
--- a/ansible/roles/warden-client/vars/main.yml
+++ b/ansible/roles/warden-client/vars/main.yml
@@ -1,12 +1,13 @@
 warden_filer: {
   src: "warden_filer.py",
+  configsrc: "warden_client.cfg",
   dest: "/usr/local/bin/warden_filer.py",
   mode: "0755"
 }
 
 warden_client_file: {
   src: "warden_client.py",
-  dest: "/usr/lib/python2.7/site-packages/warden_client.py",
+  dest: "/usr/lib/python3.6/site-packages/warden_client.py",
   owner: "root",
   group: "root",
   mode: "0664"
diff --git a/ansible/roles/warden-server/files/httpd/conf.modules.d-warden/10-wsgi.conf b/ansible/roles/warden-server/files/httpd/conf.modules.d-warden/10-wsgi.conf
index 7288925..c82a4b9 100644
--- a/ansible/roles/warden-server/files/httpd/conf.modules.d-warden/10-wsgi.conf
+++ b/ansible/roles/warden-server/files/httpd/conf.modules.d-warden/10-wsgi.conf
@@ -1,2 +1,3 @@
-LoadModule wsgi_module modules/mod_wsgi.so
+#LoadModule wsgi_module modules/mod_wsgi.so
 #LoadModule wsgi_module /usr/lib64/python3.4/site-packages/mod_wsgi/server/mod_wsgi-py34.cpython-34m.so
+LoadModule wsgi_module /usr/local/lib64/python3.6/site-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so
diff --git a/ansible/roles/warden-server/files/install/generate-warden-cfg.sh b/ansible/roles/warden-server/files/install/generate-warden-cfg.sh
index 9de07d0..08a612d 100755
--- a/ansible/roles/warden-server/files/install/generate-warden-cfg.sh
+++ b/ansible/roles/warden-server/files/install/generate-warden-cfg.sh
@@ -2,18 +2,5 @@
 
 HOSTNAME=`hostname -f`
 mkdir /etc/warden
-for name in hoststats vportscan amplificationdetector blacklist bruteforce voipfraud_detection dnstunnel; do
-	secret=`tr -dc '[:alnum:]' </dev/urandom | head -c10`
-	/opt/warden_server_3/warden_server.py register -n cz.cesnet.nemea.$name --valid --write --notest --debug -h $HOSTNAME -r list@cesnet.cz -s "$secret"
-	cat > /etc/warden/$name.cfg <<CONF
-{
-    "url": "https://$HOSTNAME:8443/warden3",
-    "certfile": "/opt/warden_server_3/keys/client.crt",
-    "keyfile": "/opt/warden_server_3/keys/client.key",
-    "cafile": "/opt/warden_server_3/ca/rootCA.pem",
-    "syslog": {"level": "debug"},
-    "name": "cz.cesnet.nemea.$name",
-    "secret": "$secret"
-}
-CONF
-done
+python3 /opt/warden_server_3/warden_server.py register -n com.example.list_vagrant.nemea.filer -h "$HOSTNAME" -r list@example.com --write --valid --notest
+
diff --git a/ansible/roles/warden-server/files/warden3/warden_server_3/warden_server.py b/ansible/roles/warden-server/files/warden3/warden_server_3/warden_server.py
index b5ce77a..7b5b1dc 100755
--- a/ansible/roles/warden-server/files/warden3/warden_server_3/warden_server.py
+++ b/ansible/roles/warden-server/files/warden3/warden_server_3/warden_server.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 #
 # Copyright (C) 2011-2015 Cesnet z.s.p.o
diff --git a/ansible/roles/warden-server/files/warden3/warden_server_3/warden_server.wsgi b/ansible/roles/warden-server/files/warden3/warden_server_3/warden_server.wsgi
index 609ab80..c141acc 100755
--- a/ansible/roles/warden-server/files/warden3/warden_server_3/warden_server.wsgi
+++ b/ansible/roles/warden-server/files/warden3/warden_server_3/warden_server.wsgi
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
 # -*- coding: utf-8 -*-
 #
 # Copyright (C) 2011-2013 Cesnet z.s.p.o
diff --git a/ansible/roles/warden-server/meta/main.yml b/ansible/roles/warden-server/meta/main.yml
index f24e291..43e5e0e 100644
--- a/ansible/roles/warden-server/meta/main.yml
+++ b/ansible/roles/warden-server/meta/main.yml
@@ -1,4 +1,5 @@
 dependencies:
   - common
   - epel
+  - python3
   - apache
diff --git a/ansible/roles/warden-server/tasks/install.yml b/ansible/roles/warden-server/tasks/install.yml
index 7746804..58fb38d 100644
--- a/ansible/roles/warden-server/tasks/install.yml
+++ b/ansible/roles/warden-server/tasks/install.yml
@@ -1,18 +1,10 @@
 - name: Install Warden rpm dependencies
   yum: "name={{ packages }} state=installed"
 
-- name: Update pip2
-  pip:
-    name: "{{ item }}"
-    executable: pip2
-    state: latest
-  with_items: "{{ pip_update }}"
-
 - name: Install Warden pip dependencies
   pip:
-    name: "{{ item }}"
-    executable: pip2
-  with_items: "{{ pip_packages }}"
+    name: "{{ pip_packages }}"
+    executable: pip3
 
 - name: Start & enable MariaDB
   service: name=mariadb state=started enabled=yes
diff --git a/ansible/roles/warden-server/vars/main.yml b/ansible/roles/warden-server/vars/main.yml
index aef55f1..b3b30f0 100644
--- a/ansible/roles/warden-server/vars/main.yml
+++ b/ansible/roles/warden-server/vars/main.yml
@@ -1,6 +1,5 @@
-packages: [mariadb-server, mariadb-devel, mod_ssl, mod_wsgi, swig, openssl-devel, gcc, python-pip, python-devel]
-pip_update: [pip, setuptools]
-pip_packages: ["ZEO==4.1.0", zope.security==4.1.0, mysqldbda, mysql, M2Crypto, jsonschema]
+packages: [mariadb-server, mariadb-devel, httpd-devel, mod_ssl, swig, openssl-devel, gcc,]
+pip_packages: ["ZEO==4.1.0", zope.security==4.1.0, mod-wsgi, mysqldbda, mysql, M2Crypto, jsonschema]
 
 warden_install_dir: {
   src: "install/",
diff --git a/ansible/site.yml b/ansible/site.yml
index aa24bf7..fdf8ee0 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -1,4 +1,4 @@
-- include: list.yml
 - include: nagios.yml
 - include: letsencrypt.yml
 - include: warden-server.yml
+- include: list.yml
diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile
index cc00e00..ca7b833 100644
--- a/vagrant/Vagrantfile
+++ b/vagrant/Vagrantfile
@@ -4,7 +4,7 @@ Vagrant.configure(2) do |config|
     list.vm.box = "centos/7"
 
     list.vm.provider :virtualbox do |v|
-        v.customize ["modifyvm", :id, "--memory", 1024]
+        v.customize ["modifyvm", :id, "--memory", 2048]
         v.customize ["modifyvm", :id, "--cpus", 1]
         v.customize ["modifyvm", :id, "--name", "list-vagrant"]
     end
@@ -22,13 +22,13 @@ Vagrant.configure(2) do |config|
     list.vm.network "forwarded_port", guest: 4739, host: 4739, protocol: "udp"
 
     list.vm.provision :ansible do |ansible|
-      ansible.playbook = "../ansible/list.yml"
+      ansible.playbook = "../ansible/site.yml"
       ansible.inventory_path = "../ansible/inventory/hosts"
       ansible.tags = "install"
-      #ansible.raw_arguments = [
-      #  "--skip-tags=nagios,warden-client",
-      #  -vvv",
-      #]
+      ansible.raw_arguments = [
+        "--skip-tags=nagios-client,nagios-server,letsencrypt",
+        "-vv",
+      ]
 
     end
 

From 2b6ad7dc633b05a5d14e390a881dd171234dad6a Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Fri, 9 Aug 2019 20:15:20 +0200
Subject: [PATCH 14/24] update configuration of NEMEA

---
 .../list-vagrant/nemea/detectors/blacklistfilter.sup         | 2 +-
 .../list-vagrant/nemea/detectors/dnstunnel_detection.sup     | 2 +-
 .../list-vagrant/nemea/supervisor_config_template.xml        | 5 +++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/ansible/inventory/host_files/list-vagrant/nemea/detectors/blacklistfilter.sup b/ansible/inventory/host_files/list-vagrant/nemea/detectors/blacklistfilter.sup
index 65a904c..55c448e 100644
--- a/ansible/inventory/host_files/list-vagrant/nemea/detectors/blacklistfilter.sup
+++ b/ansible/inventory/host_files/list-vagrant/nemea/detectors/blacklistfilter.sup
@@ -10,7 +10,7 @@
 <name>ipblacklistfilter</name>
 <enabled>true</enabled>
 <path>/usr/bin/nemea/ipblacklistfilter</path>
-<params> </params>
+<params/>
 <trapinterfaces>
 <interface>
   <type>UNIXSOCKET</type>
diff --git a/ansible/inventory/host_files/list-vagrant/nemea/detectors/dnstunnel_detection.sup b/ansible/inventory/host_files/list-vagrant/nemea/detectors/dnstunnel_detection.sup
index c7e701e..2ab9d6c 100644
--- a/ansible/inventory/host_files/list-vagrant/nemea/detectors/dnstunnel_detection.sup
+++ b/ansible/inventory/host_files/list-vagrant/nemea/detectors/dnstunnel_detection.sup
@@ -6,7 +6,7 @@
 <interface>
   <type>UNIXSOCKET</type>
   <direction>IN</direction>
-  <params>flow_data_source</params>
+  <params>dns_data_source</params>
 </interface>
 <interface>
   <type>TCP</type>
diff --git a/ansible/inventory/host_files/list-vagrant/nemea/supervisor_config_template.xml b/ansible/inventory/host_files/list-vagrant/nemea/supervisor_config_template.xml
index b4f510a..86076d0 100644
--- a/ansible/inventory/host_files/list-vagrant/nemea/supervisor_config_template.xml
+++ b/ansible/inventory/host_files/list-vagrant/nemea/supervisor_config_template.xml
@@ -21,8 +21,9 @@
   </modules>
 
   <modules>
-    <name>Loggers</name>
+    <name>Munin</name>
     <enabled>true</enabled>
-    <!-- include /etc/nemea/loggers -->
+    <!-- include /etc/nemea/munin -->
   </modules>
+
 </nemea-supervisor>

From 6ce7472320147263b03728d0463abb48fb8e68f3 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Fri, 9 Aug 2019 20:15:43 +0200
Subject: [PATCH 15/24] install nemead uid and gid

---
 ansible/roles/common/tasks/main.yml | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index b83d1d2..ed46495 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -20,4 +20,20 @@
   set_fact:
     ansible_ssh_private_key_file: "{{ ansible_ssh_private_key_file | realpath }}"
   when: ansible_ssh_private_key_file is defined
-  tags: always
\ No newline at end of file
+  tags: always
+
+- name: Create nemead group
+  group:
+    name: nemead
+    state: present
+  tags: install
+
+- name: Create nemead user
+  user:
+    name: nemead
+    comment: NEMEA system and related tools
+    group: nemead
+    system: True
+    state: present
+  tags: install
+

From b65af31eae25bd2d5f283aee919f84b10c900427 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Fri, 9 Aug 2019 20:16:41 +0200
Subject: [PATCH 16/24] update warden_server

---
 .../warden3/warden_server_3/warden_server.py  | 83 ++++++++++++-------
 1 file changed, 55 insertions(+), 28 deletions(-)

diff --git a/ansible/roles/warden-server/files/warden3/warden_server_3/warden_server.py b/ansible/roles/warden-server/files/warden3/warden_server_3/warden_server.py
index 7b5b1dc..a679e8c 100755
--- a/ansible/roles/warden-server/files/warden3/warden_server_3/warden_server.py
+++ b/ansible/roles/warden-server/files/warden3/warden_server_3/warden_server.py
@@ -8,12 +8,12 @@
 
 import sys
 import os
+import io
 from os import path
 import logging
 import logging.handlers
 import json
 import re
-import email.utils
 from traceback import format_tb
 from collections import namedtuple
 from time import sleep
@@ -25,10 +25,19 @@
 if sys.version_info[0] >= 3:
     import configparser as ConfigParser
     from urllib.parse import parse_qs
+    unicode = str
+
+    def get_method_params(method):
+        return method.__code__.co_varnames[:method.__code__.co_argcount]
+
 else:
     import ConfigParser
     from urlparse import parse_qs
 
+    def get_method_params(method):
+        return method.func_code.co_varnames[:method.func_code.co_argcount]
+
+
 # for local version of up to date jsonschema
 sys.path.append(path.join(path.dirname(__file__), "..", "lib"))
 
@@ -139,6 +148,7 @@ def get_clean_root_logger(level=logging.INFO):
     logger = logging.getLogger(__name__)
     logger.setLevel(level)
     while logger.handlers:
+        logger.handlers[0].close()
         logger.removeHandler(logger.handlers[0])
     while logger.filters:
         logger.removeFilter(logger.filters[0])
@@ -212,7 +222,7 @@ def SysLogger(req, socket="/dev/log", facility=logging.handlers.SysLogHandler.LO
 class Object(object):
 
     def __str__(self):
-        attrs = self.__init__.func_code.co_varnames[1:self.__init__.func_code.co_argcount]
+        attrs = get_method_params(self.__init__)[1:]
         eq_str = ["%s=%r" % (attr, getattr(self, attr, None)) for attr in attrs]
         return "%s(%s)" % (type(self).__name__, ", ".join(eq_str))
 
@@ -435,7 +445,7 @@ class JSONSchemaValidator(NoValidator):
     def __init__(self, req, log, filename=None):
         NoValidator.__init__(self, req, log)
         self.path = filename or path.join(path.dirname(__file__), "idea.schema")
-        with open(self.path) as f:
+        with io.open(self.path, "r", encoding="utf-8") as f:
             self.schema = json.load(f)
         self.validator = Draft4Validator(self.schema)
 
@@ -477,11 +487,11 @@ def __init__(
         self.catmap_filename = catmap_filename
         self.tagmap_filename = tagmap_filename
 
-        with open(catmap_filename, "r") as catmap_fd:
+        with io.open(catmap_filename, "r", encoding="utf-8") as catmap_fd:
             self.catmap = json.load(catmap_fd)
             self.catmap_other = self.catmap["Other"]    # Catch error soon, avoid lookup later
 
-        with open(tagmap_filename, "r") as tagmap_fd:
+        with io.open(tagmap_filename, "r", encoding="utf-8") as tagmap_fd:
             self.tagmap = json.load(tagmap_fd)
             self.tagmap_other = self.catmap["Other"]    # Catch error soon, avoid lookup later
 
@@ -595,7 +605,7 @@ def get_client_by_name(self, cert_names=None, name=None, secret=None):
             with attempt as db:
                 rows = db.query("".join(query), params).fetchall()
                 if len(rows) > 1:
-                    self.log.warn(
+                    self.log.warning(
                         "get_client_by_name: query returned more than one result (cert_names = %s, name = %s, secret = %s): %s" % (
                             cert_names, name, secret, ", ".join([str(Client(**row)) for row in rows])))
                     return None
@@ -806,10 +816,10 @@ def getLastReceivedId(self, client):
     def load_maps(self):
         with self as db:
             db.query("DELETE FROM tags")
-            for tag, num in self.tagmap.iteritems():
+            for tag, num in self.tagmap.items():
                 db.query("INSERT INTO tags(id, tag) VALUES (%s, %s)", (num, tag))
             db.query("DELETE FROM categories")
-            for cat_subcat, num in self.catmap.iteritems():
+            for cat_subcat, num in self.catmap.items():
                 catsplit = cat_subcat.split(".", 1)
                 category = catsplit[0]
                 subcategory = catsplit[1] if len(catsplit) > 1 else None
@@ -912,8 +922,20 @@ def wsgi_app(self, environ, start_response, exc_info=None):
 
             args = self.sanitize_args(path, method, args)
 
+            # Based on RFC2616, section 4.4 we SHOULD respond with 400 (bad request) or 411
+            # (length required) if content length was not specified. We choose not to, to
+            # preserve compatibility with clients deployed in the wild, which use POST for
+            # all requests (even those without payload, with no specified content length).
+            # According to PEP3333, section "Input and Error Streams", the application SHOULD
+            # NOT attempt to read more data than specified by CONTENT_LENGTH. As stated in
+            # section "environ Variables", CONTENT_LENGTH may be empty (string) or absent.
             try:
-                post_data = environ['wsgi.input'].read()
+                content_length = int(environ.get('CONTENT_LENGTH', 0))
+            except ValueError:
+                content_length = 0
+
+            try:
+                post_data = environ['wsgi.input'].read(content_length)
             except:
                 raise self.req.error(message="Data read error.", error=408, exc=sys.exc_info())
 
@@ -931,10 +953,15 @@ def wsgi_app(self, environ, start_response, exc_info=None):
 
         # Make sure everything is properly encoded - JSON and various function
         # may spit out unicode instead of str and it gets propagated up (str
-        # + unicode = unicode). However, the right thing would be to be unicode
-        # correct among whole source and always decode on input (json module
-        # does that for us) and on output here.
-        if isinstance(status, unicode):
+        # + unicode = unicode).
+        # For Python2 the right thing would be to be unicode correct among whole
+        # source and always decode on input (json module does that for us) and
+        # on output here.
+        # For Python3 strings are internally unicode so no decoding on input is
+        # necessary. For output, "status" must be unicode string, "output" must
+        # be encoded bytes array, what is done here. Important: for Python 3 we
+        # define: unicode = str
+        if isinstance(status, unicode) and sys.version_info[0] < 3:
             status = status.encode("utf-8")
         if isinstance(output, unicode):
             output = output.encode("utf-8")
@@ -947,11 +974,10 @@ def wsgi_app(self, environ, start_response, exc_info=None):
 
 
 def json_wrapper(method):
-
     def meth_deco(self, post, **args):
-        if "events" in method.func_code.co_varnames[0:method.func_code.co_argcount]:
+        if "events" in get_method_params(method):
             try:
-                events = json.loads(post) if post else None
+                events = json.loads(post.decode('utf-8')) if post else None
             except Exception as e:
                 raise self.req.error(
                     message="Deserialization error.", error=400,
@@ -973,7 +999,7 @@ def meth_deco(self, post, **args):
     try:
         meth_deco.arguments = method.arguments
     except AttributeError:
-        meth_deco.arguments = method.func_code.co_varnames[:method.func_code.co_argcount]
+        meth_deco.arguments = get_method_params(method)
     return meth_deco
 
 
@@ -997,13 +1023,14 @@ def __init__(
     def getDebug(self):
         return {
             "environment": self.req.env,
-            "client": self.req.client.__dict__,
+            "client": self.req.client._asdict(),
             "database": self.db.get_debug(),
             "system": {
+                "python": sys.version,
                 "uname": os.uname()
             },
             "process": {
-                "cwd": os.getcwdu(),
+                "cwd": unicode(os.getcwd()),
                 "pid": os.getpid(),
                 "ppid": os.getppid(),
                 "pgrp": os.getpgrp(),
@@ -1177,15 +1204,15 @@ def read_ini(path):
 
 
 def read_cfg(path):
-    with open(path, "r") as f:
+    with io.open(path, "r", encoding="utf-8") as f:
         stripcomments = "\n".join((l for l in f if not l.lstrip().startswith(("#", "//"))))
         conf = json.loads(stripcomments)
 
     # Lowercase keys
     conf = dict((
         sect.lower(), dict(
-            (subkey.lower(), val) for subkey, val in subsect.iteritems())
-    ) for sect, subsect in conf.iteritems())
+            (subkey.lower(), val) for subkey, val in subsect.items())
+    ) for sect, subsect in conf.items())
 
     return conf
 
@@ -1333,7 +1360,7 @@ def obj(name):
     }
 
     def init_obj(sect_name):
-        config = conf.get(sect_name, {})
+        config = dict(conf.get(sect_name, {}))
         sect_name = sect_name.lower()
         sect_def = section_def[sect_name]
 
@@ -1360,7 +1387,7 @@ def init_obj(sect_name):
 
         # Process parameters
         kwargs = {}
-        for name, definition in params.iteritems():
+        for name, definition in params.items():
             raw_val = config.get(name, definition["default"])
             try:
                 type_callable = conv_dict[definition["type"]]
@@ -1451,9 +1478,8 @@ def isValidNSID(nsid):
         return allowed.match(nsid)
 
     def isValidEmail(mail):
-        mails = (email.utils.parseaddr(m) for m in mail.split(","))
-        allowed = re.compile(r"^[a-zA-Z0-9_.%!+-]+@[a-zA-Z0-9-.]+$")  # just basic check
-        valid = (allowed.match(ms[1]) for ms in mails)
+        allowed = re.compile(r"(^[a-zA-Z0-9_ .%!+-]*(?=<.*>))?(^|(<(?=.*(>))))[a-zA-Z0-9_.%!+-]+@[a-zA-Z0-9-.]+\4?$")   # just basic check
+        valid = (allowed.match(ms.strip())for ms in mail.split(','))
         return all(valid)
 
     def isValidID(id):
@@ -1573,7 +1599,8 @@ def get_args():
     argp.add_argument(
         "-c", "--config",
         help="path to configuration file")
-    subargp = argp.add_subparsers(title="commands")
+    subargp = argp.add_subparsers(title="commands", dest="command")
+    subargp.required = True
 
     subargp_check = subargp.add_parser(
         "check", add_help=False,

From 1f97828376b7675a09203a3e97615496ff6dbc87 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Mon, 12 Aug 2019 16:33:48 +0200
Subject: [PATCH 17/24] nemea reporters: explicitly enforce python3 using sup
 config

---
 .../nemea/reporters/reporters.sup             | 253 +++++++++---------
 ansible/roles/nemea-dashboard/vars/main.yml   |   2 -
 ansible/roles/nemea/vars/main.yml             |   2 +-
 3 files changed, 126 insertions(+), 131 deletions(-)

diff --git a/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup b/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup
index 10627c6..600d068 100644
--- a/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup
+++ b/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup
@@ -1,164 +1,161 @@
 <module>
-  <name>hoststats2idea</name>
-  <enabled>true</enabled>
-  <path>/usr/bin/nemea/hoststats2idea.py</path>
-  <params>-c /etc/nemea/reporters-config.yml</params>
-  <trapinterfaces>
-    <interface>
-      <type>TCP</type>
-      <direction>IN</direction>
-      <params>12002</params>
-    </interface>
-  </trapinterfaces>
+ <name>hoststats2idea</name>
+ <enabled>true</enabled>
+ <path>/usr/bin/python3</path>
+ <params>/usr/bin/nemea/hoststats2idea.py -c /etc/nemea/reporters-config.yml</params>
+ <trapinterfaces>
+   <interface>
+     <type>TCP</type>
+     <direction>IN</direction>
+     <params>12002</params>
+   </interface>
+ </trapinterfaces>
 </module>
 
 <module>
-  <name>amplification2idea</name>
-  <enabled>true</enabled>
-  <path>/usr/bin/nemea/amplification2idea.py</path>
-  <params>-c /etc/nemea/reporters-config.yml</params>
-  <trapinterfaces>
-    <interface>
-      <type>TCP</type>
-      <direction>IN</direction>
-      <params>12001</params>
-    </interface>
-  </trapinterfaces>
+ <name>amplification2idea</name>
+ <enabled>true</enabled>
+ <path>/usr/bin/python3</path>
+ <params>/usr/bin/nemea/amplification2idea.py -c /etc/nemea/reporters-config.yml</params>
+ <trapinterfaces>
+   <interface>
+     <type>TCP</type>
+     <direction>IN</direction>
+     <params>12001</params>
+   </interface>
+ </trapinterfaces>
 </module>
 
 <module>
-  <name>blacklist2idea</name>
-  <enabled>true</enabled>
-  <path>/usr/bin/nemea/blacklist2idea.py</path>
-  <params>-c /etc/nemea/reporters-config.yml</params>
-  <trapinterfaces>
-    <interface>
-      <type>TCP</type>
-      <direction>IN</direction>
-      <params>12006</params>
-    </interface>
-  </trapinterfaces>
+ <name>blacklist2idea</name>
+ <enabled>true</enabled>
+ <path>/usr/bin/python3</path>
+ <params>/usr/bin/nemea/blacklist2idea.py -c /etc/nemea/reporters-config.yml</params>
+ <trapinterfaces>
+   <interface>
+     <type>TCP</type>
+     <direction>IN</direction>
+     <params>12006</params>
+   </interface>
+ </trapinterfaces>
 </module>
 
 <module>
-  <name>vportscan2idea</name>
-  <enabled>true</enabled>
-  <path>/usr/bin/nemea/vportscan2idea.py</path>
-  <params>-c /etc/nemea/reporters-config.yml</params>
-  <trapinterfaces>
-    <interface>
-      <type>TCP</type>
-      <direction>IN</direction>
-      <params>12005</params>
-    </interface>
-  </trapinterfaces>
+ <name>vportscan2idea</name>
+ <enabled>true</enabled>
+ <path>/usr/bin/python3</path>
+ <params>/usr/bin/nemea/vportscan2idea.py -c /etc/nemea/reporters-config.yml</params>
+ <trapinterfaces>
+   <interface>
+     <type>TCP</type>
+     <direction>IN</direction>
+     <params>12005</params>
+   </interface>
+ </trapinterfaces>
 </module>
 
 <module>
-  <name>bruteforce2idea</name>
-  <enabled>true</enabled>
-  <path>/usr/bin/nemea/bruteforce2idea.py</path>
-  <params>-c /etc/nemea/reporters-config.yml</params>
-  <trapinterfaces>
-    <interface>
-      <type>UNIXSOCKET</type>
-      <direction>IN</direction>
-      <params>bfd_data_out</params>
-    </interface>
-  </trapinterfaces>
+ <name>bruteforce2idea</name>
+ <enabled>true</enabled>
+ <path>/usr/bin/python3</path>
+ <params>/usr/bin/nemea/bruteforce2idea.py -c /etc/nemea/reporters-config.yml</params>
+ <trapinterfaces>
+   <interface>
+     <type>UNIXSOCKET</type>
+     <direction>IN</direction>
+     <params>bfd_data_out</params>
+   </interface>
+ </trapinterfaces>
 </module>
 
 <module>
-  <name>voipfraud2idea</name>
-  <enabled>true</enabled>
-  <path>/usr/bin/nemea/voipfraud2idea.py</path>
-  <params>-c /etc/nemea/reporters-config.yml</params>
-  <trapinterfaces>
-    <interface>
-      <type>TCP</type>
-      <direction>IN</direction>
-      <params>12003</params>
-    </interface>
-  </trapinterfaces>
+ <name>voipfraud2idea</name>
+ <enabled>true</enabled>
+ <path>/usr/bin/python3</path>
+ <params>/usr/bin/nemea/voipfraud2idea.py -c /etc/nemea/reporters-config.yml</params>
+ <trapinterfaces>
+   <interface>
+     <type>TCP</type>
+     <direction>IN</direction>
+     <params>12003</params>
+   </interface>
+ </trapinterfaces>
 </module>
 
 <module>
-  <name>dnstunnel2idea</name>
-  <enabled>false</enabled>
-  <path>/usr/bin/nemea/dnstunnel2idea.py</path>
-  <params>-c /etc/nemea/reporters-config.yml</params>
-  <trapinterfaces>
-    <interface>
-      <type>TCP</type>
-      <direction>IN</direction>
-      <params>12004</params>
-    </interface>
-  </trapinterfaces>
+ <name>dnstunnel2idea</name>
+ <enabled>false</enabled>
+ <path>/usr/bin/python3</path>
+ <params>/usr/bin/nemea/dnstunnel2idea.py -c /etc/nemea/reporters-config.yml</params>
+ <trapinterfaces>
+   <interface>
+     <type>TCP</type>
+     <direction>IN</direction>
+     <params>12004</params>
+   </interface>
+ </trapinterfaces>
 </module>
 
 <!-- TODO add warden config -->
-
 <module>
-<name>haddrscan2idea</name>
-<enabled>true</enabled>
-<path>/usr/bin/nemea/haddrscan2idea.py</path>
-<params>-c /etc/nemea/reporters-config.yml</params>
-<trapinterfaces>
-<interface>
-  <type>TCP</type>
-  <direction>IN</direction>
-  <params>12008</params>
-</interface>
-</trapinterfaces>
+ <name>haddrscan2idea</name>
+ <enabled>true</enabled>
+ <path>/usr/bin/python3</path>
+ <params>/usr/bin/nemea/haddrscan2idea.py -c /etc/nemea/reporters-config.yml</params>
+ <trapinterfaces>
+   <interface>
+     <type>TCP</type>
+     <direction>IN</direction>
+     <params>12008</params>
+   </interface>
+ </trapinterfaces>
 </module>
 
 <module>
-  <name>ddos_detector2idea</name>
-  <enabled>true</enabled>
-  <path>/usr/bin/nemea/ddos_detector2idea.py</path>
-  <params>-c /etc/nemea/reporters-config.yml</params>
-  <trapinterfaces>
-    <interface>
-      <type>UNIXSOCKET</type>
-      <direction>IN</direction>
-      <params>ddos_detector_alert</params>
-    </interface>
-  </trapinterfaces>
+ <name>ddos_detector2idea</name>
+ <enabled>true</enabled>
+ <path>/usr/bin/python3</path>
+ <params>/usr/bin/nemea/ddos_detector2idea.py -c /etc/nemea/reporters-config.yml</params>
+ <trapinterfaces>
+   <interface>
+     <type>UNIXSOCKET</type>
+     <direction>IN</direction>
+     <params>ddos_detector_alert</params>
+   </interface>
+ </trapinterfaces>
 </module>
 
 <module>
-<name>minerdetector2idea</name>
-<enabled>false</enabled>
-<path>/usr/bin/nemea/minerdetector2idea.py</path>
-<params>-c /etc/nemea/reporters-config.yml</params>
-<trapinterfaces>
-<interface>
-  <type>UNIXSOCKET</type>
-  <direction>IN</direction>
-  <params>miner_detector_data_out</params>
-</interface>
-</trapinterfaces>
+ <name>minerdetector2idea</name>
+ <enabled>false</enabled>
+ <path>/usr/bin/python3</path>
+ <params>/usr/bin/nemea/minerdetector2idea.py -c /etc/nemea/reporters-config.yml</params>
+ <trapinterfaces>
+   <interface>
+     <type>UNIXSOCKET</type>
+     <direction>IN</direction>
+     <params>miner_detector_data_out</params>
+   </interface>
+ </trapinterfaces>
 </module>
 
 <module>
-<name>sipbf2idea</name>
-<enabled>true</enabled>
-<path>/usr/bin/nemea/sipbf2idea.py</path>
-<params>-c /etc/nemea/reporters-config.yml</params>
-<trapinterfaces>
-<interface>
-  <type>TCP</type>
-  <direction>IN</direction>
-  <params>12009</params>
-</interface>
-</trapinterfaces>
+ <name>sipbf2idea</name>
+ <enabled>true</enabled>
+ <path>/usr/bin/python3</path>
+ <params>/usr/bin/nemea/sipbf2idea.py -c /etc/nemea/reporters-config.yml</params>
+ <trapinterfaces>
+   <interface>
+     <type>TCP</type>
+     <direction>IN</direction>
+     <params>12009</params>
+   </interface>
+ </trapinterfaces>
 </module>
 
 <module>
-  <name>warden_filer</name>
-  <enabled>true</enabled>
-  <path>/usr/bin/nemea/nemea_warden_filer</path>
-  <params>-c /etc/nemea/reporters-config.yml -w /etc/warden/filer/warden_client.cfg</params>
+ <name>warden_filer</name>
+ <enabled>true</enabled>
+ <path>/usr/bin/nemea/nemea_warden_filer</path>
+ <params>-c /etc/nemea/reporters-config.yml -w /etc/warden/filer/warden_client.cfg</params>
 </module>
-
-
diff --git a/ansible/roles/nemea-dashboard/vars/main.yml b/ansible/roles/nemea-dashboard/vars/main.yml
index b60375a..88c5bb9 100644
--- a/ansible/roles/nemea-dashboard/vars/main.yml
+++ b/ansible/roles/nemea-dashboard/vars/main.yml
@@ -1,5 +1,3 @@
-packages: [python36]
-
 pip: {
   requirements: "/var/www/html/Nemea-Dashboard/requirements.txt"
 }
diff --git a/ansible/roles/nemea/vars/main.yml b/ansible/roles/nemea/vars/main.yml
index 253524e..9dd9c41 100644
--- a/ansible/roles/nemea/vars/main.yml
+++ b/ansible/roles/nemea/vars/main.yml
@@ -1,4 +1,4 @@
-packages: [nemea, nemea-modules]
+packages: [nemea, python36-nemea-pycommon, python36-nemea-pytrap]
 
 repo: {
   nemea: {

From 042dea732c0e5f35ee8f099974b53652056e4beb Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Mon, 12 Aug 2019 16:49:32 +0200
Subject: [PATCH 18/24] install php7 as a dependency of main-page na scgui

---
 ansible/roles/main-page/meta/main.yml     |  1 +
 ansible/roles/main-page/tasks/install.yml |  6 +-----
 ansible/roles/main-page/tasks/update.yml  |  7 +------
 ansible/roles/main-page/vars/main.yml     |  4 +---
 ansible/roles/php7/tasks/install.yml      | 20 ++++++++++++++++++++
 ansible/roles/php7/tasks/main.yml         |  2 ++
 ansible/roles/php7/vars/main.yml          |  4 ++++
 ansible/roles/scgui/meta/main.yml         |  1 +
 8 files changed, 31 insertions(+), 14 deletions(-)
 create mode 100644 ansible/roles/php7/tasks/install.yml
 create mode 100644 ansible/roles/php7/tasks/main.yml
 create mode 100644 ansible/roles/php7/vars/main.yml

diff --git a/ansible/roles/main-page/meta/main.yml b/ansible/roles/main-page/meta/main.yml
index e289381..e4bdfaa 100644
--- a/ansible/roles/main-page/meta/main.yml
+++ b/ansible/roles/main-page/meta/main.yml
@@ -1,3 +1,4 @@
 dependencies:
   - role: common
   - role: apache
+  - role: php7
diff --git a/ansible/roles/main-page/tasks/install.yml b/ansible/roles/main-page/tasks/install.yml
index 9178dec..14b11ac 100644
--- a/ansible/roles/main-page/tasks/install.yml
+++ b/ansible/roles/main-page/tasks/install.yml
@@ -1,6 +1,2 @@
-- name: Install Dependencies
-  yum: "name={{ packages }} state=installed"
-  notify:
-    - Apache restart
 
-- include: common.yml
\ No newline at end of file
+- include: common.yml
diff --git a/ansible/roles/main-page/tasks/update.yml b/ansible/roles/main-page/tasks/update.yml
index 4e6045c..7d623a5 100644
--- a/ansible/roles/main-page/tasks/update.yml
+++ b/ansible/roles/main-page/tasks/update.yml
@@ -1,6 +1 @@
-- name: Install Dependencies
-  yum: "name={{ packages }} state=latest update_cache=yes"
-  notify:
-    - Apache restart
-
-- include: common.yml
\ No newline at end of file
+- include: common.yml
diff --git a/ansible/roles/main-page/vars/main.yml b/ansible/roles/main-page/vars/main.yml
index ab84d8b..faf5bc1 100644
--- a/ansible/roles/main-page/vars/main.yml
+++ b/ansible/roles/main-page/vars/main.yml
@@ -1,6 +1,4 @@
-packages: [php]
-
 index: {
   src: "index.php",
   dest: "/var/www/html/index.php"
-}
\ No newline at end of file
+}
diff --git a/ansible/roles/php7/tasks/install.yml b/ansible/roles/php7/tasks/install.yml
new file mode 100644
index 0000000..b8c93f8
--- /dev/null
+++ b/ansible/roles/php7/tasks/install.yml
@@ -0,0 +1,20 @@
+- name: Install remirepo with PHP packages
+  yum:
+    name: "{{ repourl }}"
+    state: present
+
+- name: Install yum-utils
+  yum:
+    name: "{{ phprepoconfiger }}"
+    state: installed
+
+- name: Select php73
+  shell: yum-config-manager --enable remi-php73
+
+- name: Install PHP packages
+  yum:
+    name: "{{ phppackages }}"
+    state: installed
+  notify:
+    - Apache restart
+
diff --git a/ansible/roles/php7/tasks/main.yml b/ansible/roles/php7/tasks/main.yml
new file mode 100644
index 0000000..3fe54f9
--- /dev/null
+++ b/ansible/roles/php7/tasks/main.yml
@@ -0,0 +1,2 @@
+- include: install.yml
+  tags: install
\ No newline at end of file
diff --git a/ansible/roles/php7/vars/main.yml b/ansible/roles/php7/vars/main.yml
new file mode 100644
index 0000000..dcceafc
--- /dev/null
+++ b/ansible/roles/php7/vars/main.yml
@@ -0,0 +1,4 @@
+repourl: http://rpms.remirepo.net/enterprise/remi-release-7.rpm
+phprepoconfiger: [yum-utils]
+phppackages: [php, php-xml]
+
diff --git a/ansible/roles/scgui/meta/main.yml b/ansible/roles/scgui/meta/main.yml
index 1dc5100..b2d887e 100644
--- a/ansible/roles/scgui/meta/main.yml
+++ b/ansible/roles/scgui/meta/main.yml
@@ -1,5 +1,6 @@
 dependencies:
   - role: common
   - role: apache
+  - role: php7
   - { role: ipfixcol, tags: ipfixcol }
   - { role: nemea, tags: nemea }

From a99bd708f0e83afe8ecaa389f09ac977e5693239 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Mon, 12 Aug 2019 16:51:50 +0200
Subject: [PATCH 19/24] warden-server: register local warden-client for demo

---
 .../warden-server/files/install/generate-warden-cfg.sh      | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ansible/roles/warden-server/files/install/generate-warden-cfg.sh b/ansible/roles/warden-server/files/install/generate-warden-cfg.sh
index 08a612d..e8e911b 100755
--- a/ansible/roles/warden-server/files/install/generate-warden-cfg.sh
+++ b/ansible/roles/warden-server/files/install/generate-warden-cfg.sh
@@ -2,5 +2,11 @@
 
 HOSTNAME=`hostname -f`
 mkdir /etc/warden
+
+# test if the name is not registered
+/opt/warden_server_3/warden_server.py list | grep -q com.example.list_vagrant.nemea.filer;
+if [ $? -ne 0 ]; then
+# register local warden client
 python3 /opt/warden_server_3/warden_server.py register -n com.example.list_vagrant.nemea.filer -h "$HOSTNAME" -r list@example.com --write --valid --notest
+fi
 

From 72bbc0f22afe3038922c34b94fa987c2ed5efc67 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Mon, 12 Aug 2019 16:53:13 +0200
Subject: [PATCH 20/24] setup nemea-dashboard backend using HTTP proxy

i.e., backend listens on localhost:5555, apache redirects to backend
everything that goes to /Nemea-Dashboard/v2/
---
 ansible/roles/nemea-dashboard/files/config.js            | 4 ++--
 ansible/roles/nemea-dashboard/files/nemea-dashboard.conf | 3 +++
 ansible/roles/nemea-dashboard/tasks/common.yml           | 7 +++++++
 ansible/roles/nemea-dashboard/templates/config.json      | 4 ++--
 4 files changed, 14 insertions(+), 4 deletions(-)
 create mode 100644 ansible/roles/nemea-dashboard/files/nemea-dashboard.conf

diff --git a/ansible/roles/nemea-dashboard/files/config.js b/ansible/roles/nemea-dashboard/files/config.js
index b657700..06584bb 100644
--- a/ansible/roles/nemea-dashboard/files/config.js
+++ b/ansible/roles/nemea-dashboard/files/config.js
@@ -1,6 +1,6 @@
 app.constant('SETUP', true);
 app.constant('CONFIG', {
     "host" : "https://" + window.location.hostname,
-    "port" : "5555",
-    "version" : "v2"
+    "port" : window.location.port,
+    "version" : "Nemea-Dashboard/v2"
 });
diff --git a/ansible/roles/nemea-dashboard/files/nemea-dashboard.conf b/ansible/roles/nemea-dashboard/files/nemea-dashboard.conf
new file mode 100644
index 0000000..ed94caa
--- /dev/null
+++ b/ansible/roles/nemea-dashboard/files/nemea-dashboard.conf
@@ -0,0 +1,3 @@
+ProxyPass "/Nemea-Dashboard/v2/" "http://localhost:5555/v2/"
+ProxyPassReverse "/Nemea-Dashboard/v2/" "http://localhost:5555/v2/"
+
diff --git a/ansible/roles/nemea-dashboard/tasks/common.yml b/ansible/roles/nemea-dashboard/tasks/common.yml
index 5d87b9c..873c3a6 100644
--- a/ansible/roles/nemea-dashboard/tasks/common.yml
+++ b/ansible/roles/nemea-dashboard/tasks/common.yml
@@ -18,3 +18,10 @@
   with_items:
     - "{{ apache_configuration.cert_file }}"
     - "{{ apache_configuration.key_file }}"
+
+- name: Configure proxy HTTP for dashboard backend
+  copy:
+    src: nemea-dashboard.conf
+    dest: /etc/httpd/conf.d/nemea-dashboard.conf
+    mode: 0644
+
diff --git a/ansible/roles/nemea-dashboard/templates/config.json b/ansible/roles/nemea-dashboard/templates/config.json
index cf67fb3..c116499 100644
--- a/ansible/roles/nemea-dashboard/templates/config.json
+++ b/ansible/roles/nemea-dashboard/templates/config.json
@@ -16,8 +16,8 @@
     "port": 5555,
     "host": "0.0.0.0"
   },
-  "ssl": true,
+  "ssl": false,
   "ssl_key": "{{ apache_configuration.key_file }}",
   "ssl_crt": "{{ apache_configuration.cert_file }}",
   "debug": false
-}
\ No newline at end of file
+}

From 43c15e97b9ff9c4d7a2bc15d95f1795ded46fb57 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Mon, 12 Aug 2019 17:29:38 +0200
Subject: [PATCH 21/24] add unused role ipfixcol2

---
 .../ipfixcol2/files/ipfixcol2-startup.xml     | 158 ++++++++++++++++++
 ansible/roles/ipfixcol2/meta/main.yml         |   2 +
 ansible/roles/ipfixcol2/tasks/install.yml     |  25 +++
 ansible/roles/ipfixcol2/tasks/main.yml        |   7 +
 ansible/roles/ipfixcol2/tasks/update.yml      |  20 +++
 ansible/roles/ipfixcol2/vars/main.yml         |  18 ++
 6 files changed, 230 insertions(+)
 create mode 100644 ansible/roles/ipfixcol2/files/ipfixcol2-startup.xml
 create mode 100644 ansible/roles/ipfixcol2/meta/main.yml
 create mode 100644 ansible/roles/ipfixcol2/tasks/install.yml
 create mode 100644 ansible/roles/ipfixcol2/tasks/main.yml
 create mode 100644 ansible/roles/ipfixcol2/tasks/update.yml
 create mode 100644 ansible/roles/ipfixcol2/vars/main.yml

diff --git a/ansible/roles/ipfixcol2/files/ipfixcol2-startup.xml b/ansible/roles/ipfixcol2/files/ipfixcol2-startup.xml
new file mode 100644
index 0000000..93953e1
--- /dev/null
+++ b/ansible/roles/ipfixcol2/files/ipfixcol2-startup.xml
@@ -0,0 +1,158 @@
+<?xml version="1.0"?>
+<ipfixcol2>
+  <!-- Input plugins -->
+  <inputPlugins>
+    <input>
+      <name>UDP collector</name>
+      <plugin>udp</plugin>
+      <params>
+        <localPort>4741</localPort>
+        <!-- Bind to all local adresses -->
+        <localIPAddress/>
+      </params>
+    </input>
+  </inputPlugins>
+  <!-- Output plugins -->
+  <outputPlugins>
+    <output>
+      <name>UniRec basic</name>
+      <plugin>unirec</plugin>
+      <params>
+        <uniRecFormat>DST_IP,SRC_IP,BYTES,LINK_BIT_FIELD,TIME_FIRST,TIME_LAST,PACKETS,?DST_PORT,?SRC_PORT,DIR_BIT_FIELD,PROTOCOL,?TCP_FLAGS,?TOS,?TTL</uniRecFormat>
+        <trapIfcCommon>
+          <timeout>10000</timeout>
+          <buffer>true</buffer>
+          <autoflush>1000000</autoflush>
+        </trapIfcCommon>
+        <trapIfcSpec>
+          <unix>
+            <name>basic_flowdata</name>
+            <maxClients>64</maxClients>
+          </unix>
+        </trapIfcSpec>
+      </params>
+    </output>
+    <!--
+<output>
+    <name>UniRec SIP</name>
+    <plugin>unirec</plugin>
+    <params>
+        <uniRecFormat>DST_IP,SRC_IP,BYTES,LINK_BIT_FIELD,TIME_FIRST,TIME_LAST,PACKETS,?DST_PORT,SIP_MSG_TYPE,?SIP_STATUS_CODE,?SRC_PORT,DIR_BIT_FIELD,PROTOCOL,?TCP_FLAGS,?TOS,?TTL,SIP_CALLED_PARTY,SIP_CALLING_PARTY,?SIP_CALL_ID,?SIP_CSEQ,?SIP_REQUEST_URI,?SIP_USER_AGENT,?SIP_VIA</uniRecFormat>
+        <trapIfcCommon>
+            <timeout>10000</timeout>
+            <buffer>true</buffer>
+            <autoflush>1000000</autoflush>
+        </trapIfcCommon>
+
+        <trapIfcSpec>
+            <unix>
+                <name>sip_flowdata</name>
+                <maxClients>64</maxClients>
+            </unix>
+        </trapIfcSpec>
+    </params>
+</output>
+<output>
+    <name>UniRec HTTP</name>
+    <plugin>unirec</plugin>
+    <params>
+        <uniRecFormat>DST_IP,SRC_IP,BYTES,LINK_BIT_FIELD,TIME_FIRST,TIME_LAST,?HTTP_REQUEST_AGENT_ID,?HTTP_REQUEST_METHOD_ID,?HTTP_RESPONSE_STATUS_CODE,PACKETS,DST_PORT,SRC_PORT,DIR_BIT_FIELD,PROTOCOL,TCP_FLAGS,?TOS,?TTL,?HTTP_REQUEST_AGENT,?HTTP_REQUEST_HOST,?HTTP_REQUEST_REFERER,?HTTP_REQUEST_URL,?HTTP_RESPONSE_CONTENT_TYPE</uniRecFormat>
+        <trapIfcCommon>
+            <timeout>1000</timeout>
+            <buffer>true</buffer>
+            <autoflush>1000000</autoflush>
+        </trapIfcCommon>
+
+        <trapIfcSpec>
+            <unix>
+                <name>http_flowdata</name>
+                <maxClients>64</maxClients>
+            </unix>
+        </trapIfcSpec>
+    </params>
+</output>
+<output>
+    <name>UniRec IP6tunnel</name>
+    <plugin>unirec</plugin>
+    <params>
+        <uniRecFormat>DST_IP,SRC_IP,BYTES,LINK_BIT_FIELD,TIME_FIRST,TIME_LAST,PACKETS,?DST_PORT,?SRC_PORT,DIR_BIT_FIELD,?IPV6_TUN_TYPE,PROTOCOL,?TCP_FLAGS,?TOS,?TTL</uniRecFormat>
+        <trapIfcCommon>
+            <timeout>1000</timeout>
+            <buffer>true</buffer>
+            <autoflush>1000000</autoflush>
+        </trapIfcCommon>
+
+        <trapIfcSpec>
+            <unix>
+                <name>ipv6tunnel_flowdata</name>
+                <maxClients>64</maxClients>
+            </unix>
+        </trapIfcSpec>
+    </params>
+</output>
+<output>
+    <name>UniRec DNS</name>
+    <plugin>unirec</plugin>
+    <params>
+        <uniRecFormat>DST_IP,SRC_IP,BYTES,LINK_BIT_FIELD,TIME_FIRST,TIME_LAST,DNS_RR_TTL,PACKETS,DNS_ANSWERS,DNS_CLASS,DNS_ID,?DNS_PSIZE,DNS_QTYPE,DNS_RLENGTH,?DST_PORT,?SRC_PORT,DIR_BIT_FIELD,?DNS_DO,DNS_RCODE,PROTOCOL,?TCP_FLAGS,?TOS,?TTL,?DNS_NAME,?DNS_RDATA</uniRecFormat>
+        <trapIfcCommon>
+            <timeout>1000</timeout>
+            <buffer>true</buffer>
+            <autoflush>1000000</autoflush>
+        </trapIfcCommon>
+
+        <trapIfcSpec>
+            <unix>
+                <name>dns_flowdata</name>
+                <maxClients>64</maxClients>
+            </unix>
+        </trapIfcSpec>
+    </params>
+</output>
+<output>
+    <name>UniRec TLS</name>
+    <plugin>unirec</plugin>
+    <params>
+        <uniRecFormat>TIME_FIRST,TIME_LAST,SRC_IP,DST_IP,PROTOCOL,SRC_PORT,DST_PORT,TLS_CONTENT_TYPE,TLS_HANDSHAKE_TYPE,?TLS_SETUP_TIME,TLS_SERVER_VERSION,TLS_SERVER_RANDOM,TLS_SERVER_SESSIONID,TLS_CIPHER_SUITE,TLS_ALPN,TLS_SNI,TLS_SNI_LENGTH,TLS_CLIENT_VERSION,TLS_CIPHER_SUITES,TLS_CLIENT_RANDOM,TLS_CLIENT_SESSIONID,TLS_EXTENSION_TYPES,TLS_EXTENSION_LENGTHS,TLS_ELLIPTIC_CURVES,TLS_EC_POINTFORMATS,TLS_CLIENT_KEYLENGTH,TLS_ISSUER_CN,TLS_SUBJECT_CN,TLS_SUBJECT_ON,TLS_VALIDITY_NOTBEFORE,TLS_VALIDITY_NOTAFTER,TLS_SIGNATURE_ALG,TLS_PUBLIC_KEYALG,TLS_PUBLIC_KEYLENGTH,TLS_JA_3FINGERPRINT,?TCP_FLAGS,PACKETS,BYTES</uniRecFormat>
+        <trapIfcCommon>
+            <timeout>1000</timeout>
+            <buffer>true</buffer>
+            <autoflush>1000000</autoflush>
+        </trapIfcCommon>
+
+        <trapIfcSpec>
+            <unix>
+                <name>tls_flowdata</name>
+                <maxClients>64</maxClients>
+            </unix>
+        </trapIfcSpec>
+    </params>
+<verbosity>debug</verbosity>
+</output>
+-->
+    <!--
+    <output>
+      <name>JSON output</name>
+      <plugin>json</plugin>
+      <params>
+        <tcpFlags>formatted</tcpFlags>
+        <timestamp>formatted</timestamp>
+        <protocol>formatted</protocol>
+        <ignoreUnknown>false</ignoreUnknown>
+        <ignoreOptions>true</ignoreOptions>
+        <nonPrintableChar>true</nonPrintableChar>
+        <outputs>
+          <file>
+              <name>Store to files</name>
+              <path>/data/ipfixcol2/flow/%Y/%m/%d/</path>
+              <prefix>json.</prefix>
+              <timeWindow>300</timeWindow>
+              <timeAlignment>yes</timeAlignment>
+          </file>
+        </outputs>
+      </params>
+    </output>
+-->
+  </outputPlugins>
+</ipfixcol2>
+
diff --git a/ansible/roles/ipfixcol2/meta/main.yml b/ansible/roles/ipfixcol2/meta/main.yml
new file mode 100644
index 0000000..9711b33
--- /dev/null
+++ b/ansible/roles/ipfixcol2/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - role: common
diff --git a/ansible/roles/ipfixcol2/tasks/install.yml b/ansible/roles/ipfixcol2/tasks/install.yml
new file mode 100644
index 0000000..198623b
--- /dev/null
+++ b/ansible/roles/ipfixcol2/tasks/install.yml
@@ -0,0 +1,25 @@
+- name: Add IPFIXcol2 repo
+  get_url:
+    url: "{{ repo.ipfixcol.url }}"
+    dest: "{{ repo.ipfixcol.dest }}"
+    mode: "{{ repo.mode }}"
+
+- name: Install IPFIXcol2
+  yum: "name={{ packages }} state=installed"
+
+- name: Check for host specific startup.xml
+  local_action: stat path={{ ipfixcol2_startup_xml.host }}
+  become: false
+  register: host_startup_xml
+  ignore_errors: True
+
+- name: Select host specific ipfixcol2-startup.xml
+  set_fact:
+    ipfixcol2_startup_xml_src: "{{ ipfixcol2_startup_xml.host }}"
+  when: host_startup_xml.stat.exists
+
+- name: Copy startup.xml configuration template
+  copy:
+    src: "{{ ipfixcol2_startup_xml_src }}"
+    dest: "{{ ipfixcol2_startup_xml.dest }}"
+    force: no
diff --git a/ansible/roles/ipfixcol2/tasks/main.yml b/ansible/roles/ipfixcol2/tasks/main.yml
new file mode 100644
index 0000000..834df78
--- /dev/null
+++ b/ansible/roles/ipfixcol2/tasks/main.yml
@@ -0,0 +1,7 @@
+- name: IPFIXcol install
+  include: install.yml
+  tags: install
+
+- name: IPFIXcol update
+  include: update.yml
+  tags: update
diff --git a/ansible/roles/ipfixcol2/tasks/update.yml b/ansible/roles/ipfixcol2/tasks/update.yml
new file mode 100644
index 0000000..bd1314b
--- /dev/null
+++ b/ansible/roles/ipfixcol2/tasks/update.yml
@@ -0,0 +1,20 @@
+- name: Update IPFIXcol
+  yum: "name={{ packages }} state=latest update_cache=yes"
+
+- name: Check for host specific startup.xml
+  local_action: stat path={{ ipfixcol_startup_xml.host }}
+  become: false
+  register: host_startup_xml
+  ignore_errors: True
+
+- name: Select host specific startup.xml
+  set_fact:
+    ipfixcol_startup_xml_src: "{{ ipfixcol_startup_xml.host }}"
+  when: host_startup_xml.stat.exists
+
+
+- name: Copy startup.xml configuration template
+  copy:
+    src: "{{ ipfixcol_startup_xml_src }}"
+    dest: "{{ ipfixcol_startup_xml.dest }}"
+    force: yes
diff --git a/ansible/roles/ipfixcol2/vars/main.yml b/ansible/roles/ipfixcol2/vars/main.yml
new file mode 100644
index 0000000..6532b1f
--- /dev/null
+++ b/ansible/roles/ipfixcol2/vars/main.yml
@@ -0,0 +1,18 @@
+packages: [ipfixcol2, ipfixcol2-unirec-output]
+
+repo: {
+  ipfixcol: {
+    url: "https://copr.fedorainfracloud.org/coprs/g/CESNET/IPFIXcol/repo/epel-7/group_CESNET-IPFIXcol-epel-7.repo",
+    dest: "/etc/yum.repos.d/COPR-IPFIXcol.repo"
+  },
+  mode: 664
+}
+
+ipfixcol2_startup_xml: {
+  src: "ipfixcol2-startup.xml",
+  dest: "/etc/ipfixcol2/ipfixcol2-startup.xml",
+  host: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/ipfixcol2/ipfixcol-startup.xml"
+}
+
+# This is just a copy that can be set in the set_fact task
+ipfixcol2_startup_xml_src: "{{ ipfixcol2_startup_xml.src }}"

From 1d69bd24ba48c5ef792c3c44038ce96ba8ecbd5d Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Mon, 12 Aug 2019 17:59:33 +0200
Subject: [PATCH 22/24] fail2ban: export events to warden (/data/warden/*)

---
 .../list-vagrant/fail2ban/jail.local          |   2 +
 ansible/roles/fail2ban/files/f2b-warden.conf  |  19 +++
 ansible/roles/fail2ban/files/f2ban_ssh.sh     | 150 ++++++++++++++++++
 ansible/roles/fail2ban/tasks/install.yml      |  16 +-
 4 files changed, 186 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/fail2ban/files/f2b-warden.conf
 create mode 100644 ansible/roles/fail2ban/files/f2ban_ssh.sh

diff --git a/ansible/inventory/host_files/list-vagrant/fail2ban/jail.local b/ansible/inventory/host_files/list-vagrant/fail2ban/jail.local
index d1b920a..2c47637 100644
--- a/ansible/inventory/host_files/list-vagrant/fail2ban/jail.local
+++ b/ansible/inventory/host_files/list-vagrant/fail2ban/jail.local
@@ -3,4 +3,6 @@ bantime = 3600
 
 [sshd]
 enabled = true
+action  = iptables[name=SSH, port=ssh, protocol=tcp]
+          f2b-warden[name=SSH, port=ssh, protocol=tcp, wardenpath=/data/warden/]
 
diff --git a/ansible/roles/fail2ban/files/f2b-warden.conf b/ansible/roles/fail2ban/files/f2b-warden.conf
new file mode 100644
index 0000000..c3133e9
--- /dev/null
+++ b/ansible/roles/fail2ban/files/f2b-warden.conf
@@ -0,0 +1,19 @@
+[Definition]
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = /usr/bin/nemea/f2ban_ssh.sh -i "<ip>" -f "<failures>" -t "<time>" -p "<wardenpath>" -P "<sshport>" -n "<ideanodename>" -d "<detectorip>"
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+wardenpath = "/tmp/warden"
+sshport = 22
+ideanodename = ""
+detectorip = ""
diff --git a/ansible/roles/fail2ban/files/f2ban_ssh.sh b/ansible/roles/fail2ban/files/f2ban_ssh.sh
new file mode 100644
index 0000000..342c088
--- /dev/null
+++ b/ansible/roles/fail2ban/files/f2ban_ssh.sh
@@ -0,0 +1,150 @@
+#!/bin/bash
+# Debug purposes:
+#exec >> /tmp/f2ban 2>> /tmp/f2ban.err
+
+export TZ=UTC
+
+filer_dir="/home/shared/warden/"
+node_name=""
+src_ip=""
+failures=""
+port_ssh="22"
+
+printhelp()
+{
+   echo "$0 -i <attacker IP> -f <failures count> [-p PATH -P PORT -n NAME -d DETECTORIP]
+
+-i IP address of the attacker (from Fail2Ban)
+-f Number of failures (from Fail2Ban)
+-p PATH Path to Warden client directory, /home/shared/warden by default
+-P PORT Port of SSH server, 22 by default
+-n NAME Node name to fill in into IDEA message, name of connector, taken from /etc/nemea/reporters-config.yml by default
+-d DETECTORIP IP address of the server running Fail2Ban, taken from 'hostname -i' by default
+-t TIMESTAMP Detection time in UNIX time, taken from Fil2Ban
+-h Show this help
+"
+}
+
+while getopts p:P:n:i:f:d:t:h optname; do
+   case "$optname" in
+   "p")
+      if [ -n "$OPTARG" ]; then
+      filer_dir="$OPTARG"
+      fi
+      ;;
+   "P")
+      if [ -n "$OPTARG" ]; then
+      port_ssh="$OPTARG"
+      fi
+      ;;
+   "n")
+      if [ -n "$OPTARG" ]; then
+      node_name="$OPTARG"
+      fi
+      ;;
+   "i")
+      if [ -n "$OPTARG" ]; then
+      src_ip="$OPTARG"
+      fi
+      ;;
+   "f")
+      if [ -n "$OPTARG" ]; then
+      failures="$OPTARG"
+      fi
+      ;;
+   "t")
+      if [ -n "$OPTARG" ]; then
+      timestamp="$OPTARG"
+      fi
+      ;;
+   "d")
+      if [ -n "$OPTARG" ]; then
+      target_ip4="$OPTARG"
+      fi
+      ;;
+   *)
+      printhelp
+      exit 1
+      ;;
+   esac
+done
+
+if [ -z "$node_name" ]; then
+   node_name="$(sed -n '/^namespace:/ s/namespace:\s*\(.*\)/\1.fail2ban/p' /etc/nemea/reporters-config.yml)"
+   if [ -z "$node_name" ]; then
+      echo Missing /etc/nemea/reporters-config.yml or -n parameter
+      printhelp
+      exit 1
+   fi
+fi
+
+if [ -z "$target_ip4" ]; then
+   target_ip4=$(/bin/hostname -i)
+   if [ -z "$node_name" ]; then
+      echo Missing detector\'s IP by hostname or -d parameter
+      exit 1
+   fi
+fi
+
+if [ -z "$src_ip" -o -z "$failures" -o -z "$timestamp" ]; then
+   echo "Missing required information -i -f -t"
+   exit 1
+fi
+
+detect_time=$(date --date="@$timestamp" --rfc-3339=seconds | sed 's/ /T/; s/+00:00/Z/;')
+create_time=$(date --rfc-3339=seconds | sed 's/ /T/; s/+00:00/Z/;')
+
+test -e "$filer_dir" || mkdir "$filer_dir"
+test -e "$filer_dir"/temp ||  mkdir -p "$filer_dir/"temp
+test -e "$filer_dir"/incoming ||  mkdir -p "$filer_dir/"incoming
+test -e "$filer_dir"/errors ||  mkdir -p "$filer_dir/"errors
+
+localuuid() {
+        for ((n=0; n<16; n++)); do
+                read -n1 c < /dev/urandom
+                LC_CTYPE=C d=$(printf '%u' "'$c")
+                s=''
+                case $n in
+                        6) ((d = d & 79 | 64));;
+                        8) ((d = d & 191 | 128));;
+                        3|5|9|7) s='-';;
+                esac
+                printf '%02x%s' $d "$s"
+        done
+}
+
+event_id="$(uuidgen 2> /dev/null)"
+[ -z "$event_id" ] && event_id="$(uuid 2> /dev/null)"
+[ -z "$event_id" ] && event_id="$(localuuid 2> /dev/null)"
+
+umask 0111
+
+cat >"$filer_dir/temp/$event_id.idea" <<EOF
+{
+   "Format": "IDEA0",
+   "ID": "$event_id",
+   "DetectTime": "$detect_time",
+   "CreateTime": "$create_time",
+   "Category": ["Attempt.Login"],
+   "Description": "SSH dictionary/bruteforce attack",
+   "ConnCount": $failures,
+   "Note": "IP attempted $failures logins to SSH service",
+   "Source": [{
+      "IP4": ["$src_ip"],
+      "Proto": ["tcp", "ssh"]
+   }],
+   "Target": [{
+       "IP4": ["$target_ip4"],
+       "Proto": ["tcp", "ssh"],
+       "Port": [$port_ssh]
+   }],
+   "Node": [{
+         "Name": "$node_name",
+         "SW": ["Fail2Ban"],
+         "Type": ["Log", "Statistical"]
+   }]
+}
+EOF
+
+mv "$filer_dir/temp/$event_id.idea" "$filer_dir/incoming/"
+
diff --git a/ansible/roles/fail2ban/tasks/install.yml b/ansible/roles/fail2ban/tasks/install.yml
index 43bc805..df6d603 100644
--- a/ansible/roles/fail2ban/tasks/install.yml
+++ b/ansible/roles/fail2ban/tasks/install.yml
@@ -1,8 +1,22 @@
 - name: Install fail2ban
   yum: "name=fail2ban state=installed"
 
+- name: Install f2b-warden action config
+  copy:
+    src: f2b-warden.conf
+    dest: /etc/fail2ban/action.d/f2b-warden.conf
+    mode: 0644
+
+- name: Install Warden connector script
+  copy:
+    src: f2ban_ssh.sh
+    dest: /usr/bin/nemea/f2ban_ssh.sh
+    mode: 0755
+    owner: nemead
+    group: nemead
+
 - name: Check for jail.local configuration
-  local_action: stat path="{{ jaillocal_file }}"
+  local_action: "stat path={{ jaillocal_file }}"
   become: false
   register: jail_local_conf
   ignore_errors: True

From bd992418de3eaab53da66d2f78275dd25da486b5 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Tue, 13 Aug 2019 17:02:09 +0200
Subject: [PATCH 23/24] cleanup

---
 .../host_files/list-vagrant/nemea/reporters/reporters.sup        | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup b/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup
index 600d068..d155ee3 100644
--- a/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup
+++ b/ansible/inventory/host_files/list-vagrant/nemea/reporters/reporters.sup
@@ -96,7 +96,6 @@
  </trapinterfaces>
 </module>
 
-<!-- TODO add warden config -->
 <module>
  <name>haddrscan2idea</name>
  <enabled>true</enabled>

From 3756c732bf054982ce34c06c650114e7ba0a3430 Mon Sep 17 00:00:00 2001
From: Tomas Cejka <cejkat@cesnet.cz>
Date: Tue, 13 Aug 2019 17:10:52 +0200
Subject: [PATCH 24/24] mongodb: automatically clean content older than 3
 months

---
 ansible/roles/nemea-dashboard/files/mongo-cleanup.js   |  5 +++++
 ansible/roles/nemea-dashboard/files/mongo_cleanup.cron |  3 +++
 ansible/roles/nemea-dashboard/tasks/common.yml         | 10 ++++++++++
 ansible/roles/nemea-dashboard/vars/main.yml            |  4 +++-
 4 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/nemea-dashboard/files/mongo-cleanup.js
 create mode 100644 ansible/roles/nemea-dashboard/files/mongo_cleanup.cron

diff --git a/ansible/roles/nemea-dashboard/files/mongo-cleanup.js b/ansible/roles/nemea-dashboard/files/mongo-cleanup.js
new file mode 100644
index 0000000..f21764f
--- /dev/null
+++ b/ansible/roles/nemea-dashboard/files/mongo-cleanup.js
@@ -0,0 +1,5 @@
+var lastday = new Date()
+lastday.setMonth(lastday.getMonth() - 3);
+lastday.setHours(0, 0, 0)
+db.alerts_new.deleteMany({DetectTime: {$lt: lastday}});
+db.alerts_whitelisted.deleteMany({DetectTime: {$lt: lastday}});
diff --git a/ansible/roles/nemea-dashboard/files/mongo_cleanup.cron b/ansible/roles/nemea-dashboard/files/mongo_cleanup.cron
new file mode 100644
index 0000000..4e44f65
--- /dev/null
+++ b/ansible/roles/nemea-dashboard/files/mongo_cleanup.cron
@@ -0,0 +1,3 @@
+MAILTO=root
+
+0 0 * * *     root mongo nemeadb /usr/bin/nemea/mongo-cleanup.js 2>/dev/null >/dev/null
diff --git a/ansible/roles/nemea-dashboard/tasks/common.yml b/ansible/roles/nemea-dashboard/tasks/common.yml
index 873c3a6..45eb2c0 100644
--- a/ansible/roles/nemea-dashboard/tasks/common.yml
+++ b/ansible/roles/nemea-dashboard/tasks/common.yml
@@ -25,3 +25,13 @@
     dest: /etc/httpd/conf.d/nemea-dashboard.conf
     mode: 0644
 
+- name: Install MongoDB cleanup script
+  copy:
+    src: mongo-cleanup.js
+    dest: "{{ nemea_dashboard_conf.cleanup_js }}"
+
+- name: Setup MongoDB cleanup cron
+  copy:
+    src: "mongo_cleanup.cron"
+    dest: "/etc/cron.d/mongo_cleanup"
+
diff --git a/ansible/roles/nemea-dashboard/vars/main.yml b/ansible/roles/nemea-dashboard/vars/main.yml
index 88c5bb9..b940b42 100644
--- a/ansible/roles/nemea-dashboard/vars/main.yml
+++ b/ansible/roles/nemea-dashboard/vars/main.yml
@@ -23,5 +23,7 @@ nemea_dashboard_conf: {
   template_file: "config.json",
   local_file_js: "config.js",
   conf_file: "/var/www/html/Nemea-Dashboard/api/config.json",
-  conf_file_js: "/var/www/html/Nemea-Dashboard/public/config.js"
+  conf_file_js: "/var/www/html/Nemea-Dashboard/public/config.js",
+  cleanup_js: "/usr/bin/nemea/mongo-cleanup.js"
 }
+