From 33642609d1c1c50a10db1289ee0714de1a75c399 Mon Sep 17 00:00:00 2001
From: Tomas Plesnik <plesnik@ics.muni.cz>
Date: Wed, 1 Feb 2012 18:12:34 +0100
Subject: [PATCH] chyby doplneni sekce Update a Uninstallation; celkova
kontrola dokumentu
---
src/warden-client/doc/README | 123 ++++++++++++++++++++++-------------
1 file changed, 79 insertions(+), 44 deletions(-)
diff --git a/src/warden-client/doc/README b/src/warden-client/doc/README
index 33d8595..f06db11 100644
--- a/src/warden-client/doc/README
+++ b/src/warden-client/doc/README
@@ -8,10 +8,12 @@ Content
B. Installation Dependencies
C. Registration
D. Installation
- E. Integration with Local Applications
- F. Client Upgrade
- G. Functions, Arguments and Calls
- H. Authors
+ E. Update
+ F. Uninstallation
+ G. Configuration
+ H. Integration with Local Applications
+ I. Functions, Arguments and Calls
+ J. Authors
--------------------------------------------------------------------------------
A. Overall Information
@@ -30,19 +32,25 @@ A. Overall Information
1.1.0 (2012-02-16) - DOPLNIT
- 3. Package structure - DOPLNIT
+ 3. Package structure
warden-client/
doc/
+ CHANGELOG
example-sender.pl.txt
example-receiver.pl.txt
+ INSTALL
+ LICENSE
+ README
+ README.cesnet
etc/
+ package_version.txt
warden-client.conf
- var/
lib/
+ WardenClientConf.pm
WardenClientSend.pm
- WardenClientReceive.pm
- WardenConf.pm
+ WardenClientReceive.pm
+ var/
--------------------------------------------------------------------------------
B. Installation Dependencies
@@ -70,20 +78,39 @@ C. Registration
Each client is defined by its hostname, service name, type of client, type
of requested events and CIDR the client is allowed to communicate from only.
- Hostname - hostname of client to be registered
- Service name - Text string. Unique name of the service
+ Hostname hostname of client to be registered
+
+ Service name Text string. Unique name of the service
the client is integrated in.
E.g. 'ScanDetector_1.0'. This is mandatory for
'Sender' client. Default value null is used for
'Receiver' client.
- Type of client - Either 'Sender' or 'Receiver'.
- Type of requested events - Type of events the client only accepts from
+
+ Type of client Either 'Sender' or 'Receiver'.
+
+ Type of requested events Type of events the client only accepts from
Warden server. This is mandatory only for
'Receiver' client. Default value null is used
for 'Sender' client. Brief information about
event types is provided in section G. Functions
- arguments and calls.
- CIDR - CIDR stands for IP address or IP (sub)net
+ arguments and calls.
+
+ Receiving of own events Receiving of sent events from my
+ organization = yes/no (organizations are
+ separated based on the top-level and
+ second-level domain). This is mandatory only
+ for 'Receiver' client.
+
+ Description tags Tags are case insensitive alphanumeric strings,
+ designed to allow event receivers to do more
+ general filtering according to event source.
+ Receiver can for example decide to use only
+ events originating at honeypots, or filter out
+ events, generated by human conclusions or
+ correlation engines. This is mandatory only
+ for 'Sender' client.
+
+ CIDR CIDR stands for IP address or IP (sub)net
the client is going to communicate from. Any
communications between the client and Warden
Server must be performed from IP address from
@@ -131,9 +158,39 @@ D. Installation
warden-client to be run under root privileges though.
5. Configuration file
-
- You are advised to check configuration file
- warden-client/etc/warden-client.conf. After installation.
+
+ After successful installation process you are advised to check configuration
+ file warden-client/etc/warden-client.conf. For more information see section
+ G. Configuration below.
+
+ 6. Usage of install.sh
+
+ Usage: $ ./install.sh [-d <directory>] [-u <user>] [-k <ssl_key_file>]
+ [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
+ -d <directory> installation directory (default: /opt)
+ -u <user> owner of warden client package (user for
+ running detection scripts)
+ -k <ssl_key_file> SSL certificate key file path
+ -c <ssl_cert_file> SSL certificate file path
+ -a <ssl_ca_file> CA certificate file path
+ -h print this help
+ -V print script version number and exit
+
+ Example: $ ./install.sh -d /opt -u detector -k /etc/ssl/private/client.key
+ -c /etc/ssl/certs/client.pem -a /etc/ssl/certs"
+
+--------------------------------------------------------------------------------
+E. Update - DOPLNIT
+
+ To upgrade a client, install a new version.
+
+--------------------------------------------------------------------------------
+F. Uninstallation - DOPLNIT
+
+ To upgrade a client, install a new version.
+
+--------------------------------------------------------------------------------
+G. Configuration
SOAP protocol is used for handling communication between server and clients.
Therefore, correct URI of Warden server must be set.
@@ -155,24 +212,8 @@ D. Installation
SSL_CA_FILE - path to a CA file
e.g. '/etc/ssl/certs/tcs-ca-bundle.pem'
- 6. Usage of install.sh
-
- Usage: $ ./install.sh [-d <directory>] [-u <user>] [-k <ssl_key_file>]
- [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
- -d <directory> installation directory (default: /opt)
- -u <user> owner of warden client package (user for
- running detection scripts)
- -k <ssl_key_file> SSL certificate key file path
- -c <ssl_cert_file> SSL certificate file path
- -a <ssl_ca_file> CA certificate file path
- -h print this help
- -V print script version number and exit
-
- Example: $ ./install.sh -d /opt -u detector -k /etc/ssl/private/client.key
- -c /etc/ssl/certs/client.pem -a /etc/ssl/certs"
-
--------------------------------------------------------------------------------
-E. Integration with Local Applications
+H. Integration with Local Applications
(Note: Clients need to be registered on server to be able to communicate with
server properly. See section C. Registration for more information about
@@ -187,7 +228,7 @@ E. Integration with Local Applications
warden-client sender functionality.
Brief information about syntax of sending functions and functionality is
- provided in section G. Functions arguments and calls.
+ provided in section I. Functions arguments and calls.
2. Client receiver (this type of clients uploads events from Warden server)
@@ -201,13 +242,9 @@ E. Integration with Local Applications
Brief information about syntax of receiving functions and functionality is
provided in section G. Functions arguments and calls.
---------------------------------------------------------------------------------
-F. Client Upgrade
-
- To upgrade a client, install a new version.
--------------------------------------------------------------------------------
-G. Functions, Arguments and Calls
+I. Functions, Arguments and Calls
1. WardenClientSend::saveNewEvent
@@ -327,14 +364,12 @@ G. Functions, Arguments and Calls
attribute ID - unique id of this particular event (BIGINT).
--------------------------------------------------------------------------------
-H. Authors
+J. Authors
Development: Tomas PLESNIK <plesnik@ics.muni.cz>
Jan SOUKAL <soukal@ics.muni.cz>
-Copyright (C) 2012 Cesnet z.s.p.o
+Copyright (C) 2011-2012 Cesnet z.s.p.o
Special thanks go to Martin Drasar from CSIRT-MU for his help and support
in the development of Warden system.
-
-
--
GitLab