samhain 4.1.4-2 / usr / share / doc / samhain / manual.html / preludedetails.html

This file is indexed.

/usr/share/doc/samhain/manual.html/preludedetails.html is in samhain 4.1.4-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>9. Prelude</title><link rel="stylesheet" type="text/css" href="docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="The Samhain Host Integrity Monitoring System"><link rel="up" href="basic-configuration.html" title="Chapter 4. Configuration of logging facilities"><link rel="prev" href="consoledetails.html" title="8. Console"><link rel="next" href="nagios.html" title="10. Using samhain with nagios"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><!--#if expr="! ($HTTP_USER_AGENT = /MSIE/)"--><!--#include virtual="/resources/ssi/header.html"--><!--#endif--><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">9. Prelude</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="consoledetails.html">Prev</a> </td><th width="60%" align="center">Chapter 4. Configuration of logging facilities</th><td width="20%" align="right"> <a accesskey="n" href="nagios.html">Next</a></td></tr></table><hr></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="preludedetails"></a>9. Prelude</h2></div></div></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note: REQUIREMENTS"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="stylesheet-images/note.png"></td><th align="left">REQUIREMENTS</th></tr><tr><td align="left" valign="top"><p>This facility requires that you have compiled with
        the 
        <span class="emphasis"><em>--with-prelude</em></span> option to include
        support for prelude. Of course you need the libprelude
        client library for this to work.</p></td></tr></table></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note: Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="stylesheet-images/note.png"></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>The following configuration options can only be used.
        They should be placed the [Misc] section of the
        configuration file, if you use them. The 'PreludeMapTo...'
        options do not affect in any way whether a message is
        reported by samhain to the prelude manager (for this there
        is 'PreludeSeverity' in the [Log] section); they only
        affect the 'Impact severity' shown on the prelude
        side.</p></td></tr></table></div><p>
        </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">PreludeProfile</span></dt><dd><p>
                <span class="command"><strong>PreludeProfile=
                <em class="replaceable"><code>profile_name</code></em></strong></span> 
              </p><p>Specify the profile to use. The default is
              'samhain'.</p></dd><dt><span class="term">PreludeMapToInfo</span></dt><dd><p>
                <span class="command"><strong>PreludeMapToInfo=
                <em class="replaceable"><code>list of samhain
                severities</code></em></strong></span> 
              </p><p>The severities that should be mapped to impact
              severity 'info' for prelude. (default: none).</p></dd><dt><span class="term">PreludeMapToLow</span></dt><dd><p>
                <span class="command"><strong>PreludeMapToInfo=
                <em class="replaceable"><code>list of samhain
                severities</code></em></strong></span> 
              </p><p>The severities that should be mapped to impact
              severity 'low' for prelude. (default: debug,
              info).</p></dd><dt><span class="term">PreludeMapToMedium</span></dt><dd><p>
                <span class="command"><strong>PreludeMapToMedium=
                <em class="replaceable"><code>list of samhain
                severities</code></em></strong></span> 
              </p><p>The severities that should be mapped to impact
              severity 'medium' for prelude. (default: notice,
              warn, err).</p></dd><dt><span class="term">PreludeMapToHigh</span></dt><dd><p>
                <span class="command"><strong>PreludeMapToHigh=
                <em class="replaceable"><code>list of samhain
                severities</code></em></strong></span> 
              </p><p>The severities that should be mapped to impact
              severity 'high' for prelude. (default: crit,
              alert).</p></dd></dl></div><p>
      </p><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="preludecl"></a>9.1. Prelude-specific command-line options</h3></div></div></div><p>The following prelude-specific command-line options
        are accepted:</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
            <span class="emphasis"><em>--prelude</em></span> Prelude generic options
            are following. This option must be given before the
            following options are used.</p></li><li class="listitem"><p>
            <span class="emphasis"><em>--profile &lt;arg&gt;</em></span> Profile to
            use for this analyzer</p></li><li class="listitem"><p>
            <span class="emphasis"><em>--heartbeat-interval &lt;arg&gt;</em></span> Number of seconds between two
            heartbeats</p></li><li class="listitem"><p>
            <span class="emphasis"><em>--server-addr &lt;arg&gt;</em></span> Address
            where this sensor should report to (addr:port)</p></li><li class="listitem"><p>
            <span class="emphasis"><em>--analyzer-name &lt;arg&gt;</em></span> Name
            for this analyzer</p></li></ol></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="prelude9"></a>9.2. Registering to a Prelude manager</h3></div></div></div><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Tip: Sensor name/profile"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Tip]" src="stylesheet-images/tip.png"></td><th align="left">Sensor name/profile</th></tr><tr><td align="left" valign="top"><p>The default sensor name/profile is 'samhain'.
          However, version 2.0.6 of 
          <span class="application">samhain</span> still
          had 'Samhain' For versions of 
          <span class="application">samhain</span> later
          than 2.0.6, there is an option 
          <span class="command"><strong>PreludeProfile=
          <em class="replaceable"><code>profile</code></em></strong></span> (in the
          [Misc] section) to set a user-defined
          name/profile.</p></td></tr></table></div><p>In order to register 
        <span class="application">samhain</span> as a 
        <span class="application">Prelude</span> sensor,
        you need to run on the sensor host and on the manager host
        the 
        <span class="command"><strong>
        prelude-admin</strong></span> command.</p><pre class="screen">
	  <code class="prompt">sensor # </code><strong class="userinput"><code>prelude-admin register samhain "idmef:w admin:r" &lt;manager host&gt; \
	  --uid=prelude --gid=prelude</code></strong>

	  You now need to start "prelude-admin" registration-server on 127.0.0.1:
	  example: "prelude-admin registration-server prelude-manager"

	  Enter the one-shot password provided on 127.0.0.1:
	</pre><pre class="screen">
	  <code class="prompt">manager # </code><strong class="userinput"><code>prelude-admin registration-server prelude-manager</code></strong>

	  The "76g4h8au" password will be requested by "prelude-admin register"
	  in order to connect. Please remove the quotes before using it.

	  Generating 1024 bits Diffie-Hellman key for anonymous authentication...
	  Waiting for peers install request on 0.0.0.0:5553...
	  Waiting for peers install request on :::5553...

	</pre><p>You now have to type in the 
        <span class="emphasis"><em>one-shot password</em></span> generated 
	on "manager" at the password prompt 
	on "sensor", (twice, for confirmation). 
	Then on "manager" you will be asked to approve the
        registration. Type 'y', and you are finished.</p><p>The configuration file for the samhain sensor is 
        <code class="filename">
        /etc/prelude/profile/samhain/config</code></p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="consoledetails.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="basic-configuration.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="nagios.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">8. Console </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 10. Using samhain with nagios</td></tr></table></div><!--#if expr="! ($HTTP_USER_AGENT = /MSIE/)"--><!--#include virtual="/resources/ssi/footer.html"--><!--#endif--></body></html>

APT Browse - Built by Thomas Orozco.