-
Jan Soukal authoredJan Soukal authored
README 6.16 KiB
+------------------------------+
| README - Warden Server 1.0.0 |
+------------------------------+
Content
A. Overall Information
B. Installation Dependencies
C. Installation
D. Configuration
E. Update
F. Init Scripts
G. Registration of Clients
H. Status Info
I. Nagios Integration
J. Authors
--------------------------------------------------------------------------------
A. Overall Information
1. About Warden Client
Warden is a client-based architecture service designed to share detected
security issues (events) among CSIRT and CERT teams in a simple and fast way.
This package offers full server functionality to both install and maintain
Warden server and to register and/or unregister particular clients.
2. Version
1.0.0 (2012-01-31)
3. Package structure
warden-server/
bin/
getClients.pl
getStatus.pl
registerReceiver.pl
registerSender.pl
unregisterClients.pl
warden-alive
wardend
warden-server.pl
doc/
CHANGELOG
INSTALL
LICENSE
README
etc/
warden-client.conf
warden-server.conf
lib/
WardenConf.pm
WardenReg.pm
WardenStatus.pm
sh/
create_table
install
update
--------------------------------------------------------------------------------
B. Installation Dependencies
/*TODO*/Zkontrolovat, zdali plati...
Perl 5.10.1
SOAP::Lite
IO::Socket::SSL
SOAP::Transport::TCP
FindBin
--------------------------------------------------------------------------------
C. Installation
/*TODO*/Zkontrolovat, co z klienta plati i pro server a doplnit chybejici...
1. Check SHA1 checksum of corresponding Warden client package archive
$ sha1sum -c warden-client-1.0.0.tar.gz.sig
2. Untar it
$ tar xzvf warden-client-1.0.0.tar.gz
3. Run install.sh
Default destination directory is /opt/warden-client/
For more information about install.sh options run install.sh -h
You must be root for running this script.
4. Installation Privileges
Warden-client is designed to be run under standard privileges. It should be
part of other applications run under usual user privileges. However
warden-client uses SSL certificates for security purposes which are often
not accessible by standard users.
To solve this issue warden-client should be install under root privileges.
It copyies local SSL key and certificate files into warden-client/etc
folder where those are accessible even with standard privileges.
Should any user want to preserve standard location of certificate files,
he or she is advised to remove key and certificate files after installation
from /warden-client/etc/ and manually edit paths to certificate files in
warden-client/etc/warden-client.conf. In most cases, this change will force
warden-client to be run under root privileges though.
5. Configuration file
You are advised to check configuration file
warden-client/etc/warden-client.conf. After installation.
SOAP protocol is used for handling communication between server and clients.
Therefore, correct URI of Warden server must be set.
Authentication of clients and server is performed using client and server
SSL certificates. Both clients and server must have valid certificate.
Configuration file contains following parameters:
URI - URI Warden server
e.g. 'https://warden-dev.cesnet.cz:443/Warden'
SSL_KEY_FILE - path to a host key file,
e.g. '/opt/warden-client/etc/warden-dev.cesnet.cz.key'
SSL_CERT_FILE - path to a host certificate file,
e.g. '/opt/warden-client/etc/warden-dev.cesnet.cz.pem'
SSL_CA_FILE - path to a CA file
e.g. '/etc/ssl/certs/tcs-ca-bundle.pem'
6. Usage of install.sh
Usage: $ ./install.sh [-d <directory>] [-u <user>] [-k <ssl_key_file>]
[-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
-d <directory> installation directory (default: /opt)
-u <user> owner of warden client package (user for
running detection scripts)
-k <ssl_key_file> SSL certificate key file path
-c <ssl_cert_file> SSL certificate file path
-a <ssl_ca_file> CA certificate file path
-h print this help
-V print script version number and exit
Example: $ ./install.sh -d /opt -u detector -k /etc/ssl/private/client.key
--------------------------------------------------------------------------------
D. Configuration
/*TODO*/Doplnit konfiguraci (warden.conf) - mozna to v klientske verzi
zasahuje do predchozi sekce, zkontrolovat
--------------------------------------------------------------------------------
E. Update
/*TODO*/Doplnit, jak se dela update...
To upgrade a client, install a new version.
--------------------------------------------------------------------------------
F. Init Scripts
/*TODO*/Doplnit init scripty
1. Start
/*TODO*/Doplnit...
2. Stop
/*TODO*/Doplnit...
3. Restart
/*TODO*/Doplnit...
4. Status
/*TODO*/Doplnit...
5. Force-stop
/*TODO*/Doplnit...
--------------------------------------------------------------------------------
G. Registration of Clients
/*TODO*/Popsat registraci klientu
1. Register Sender
/*TODO*/Doplnit...
2. Register Receiver
/*TODO*/Doplnit...
3. Unregister Client
/*TODO*/Doplnit...
--------------------------------------------------------------------------------
H. Status Info
/*TODO*/Popsat praci s administrativnimi/dohledovymi funkcemi
1. Get Status
/*TODO*/Doplnit...
2. Get Clients
/*TODO*/Doplnit...
--------------------------------------------------------------------------------
I. Nagios Integration
/*TODO*/Doplnit...
Is available via Nagios plugin /opt/warden-server/bin/warden-alive.
--------------------------------------------------------------------------------
J. Authors
Development: Tomas PLESNIK <plesnik@ics.muni.cz>
Jan SOUKAL <soukal@ics.muni.cz>
Copyright (C) 2012 Cesnet z.s.p.o
Special thanks go to Martin Drasar from CSIRT-MU for his help and support
in the development of Warden system.