Skip to content
Snippets Groups Projects
Commit b34469f8 authored by Jan Soukal's avatar Jan Soukal
Browse files

upravy v klientskych AUTHORS a README souborech podle... 

upravy v klientskych AUTHORS a README souborech podle https://homeproj.cesnet.cz/projects/warden/wiki/Testovani_apache#1-Syst%C3%A9mov%C3%A9-a-akcepta%C4%8Dn%C3%AD-testy
parent ea1a402c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/warden-client/doc/README
+ 84
82
View file @ b34469f8
......@@ -6,11 +6,11 @@ Content
A. Overall Information
B. Installation Dependencies
C. Registration
D. Installation
E. Update
F. Uninstallation
G. Configuration
C. Installation
D. Update
E. Uninstallation
F. Configuration
G. Registration
H. Integration with Local Applications
I. Functions, Arguments and Calls
......@@ -21,7 +21,8 @@ A. Overall Information
1. About Warden Client
Warden is a client-based architecture service designed to share detected
security events (issues) among CSIRT and CERT teams in a simple and fast way.
security events (issues) among CSIRT and CERT teams in a simple and fast
way.
This package offers a client capable of both reporting events to server and
retreiving batch of new events from server. It consists of several Perl
......@@ -55,76 +56,16 @@ A. Overall Information
--------------------------------------------------------------------------------
B. Installation Dependencies
Perl >= 5.10.1
SOAP::Lite >= 0.712
IO::Socket::SSL >= 1.33
SOAP::Transport::HTTP >= 0.712
FindBin >= 1.50
DateTime >= 0.61
Perl >= 5.10.1
SOAP::Lite >= 0.712
IO::Socket::SSL >= 1.33
SOAP::Transport::HTTP >= 0.712
FindBin >= 1.50
DateTime >= 0.61
--------------------------------------------------------------------------------
C. Registration
Any client attempting to communicate with the Warden server must be
registered on this server. Unknown (not registered) clients are not allowed
to exchange any data with server.
Registration of your client is provided by the Warden server administrator.
Usually via e-mail.
Clients also need to have valid client SSL certificates to prove their
identity to the Warden server.
Each client is defined by its hostname, service name, type of client, type
of requested events, receiving of own events, description tags and CIDR
this client is allowed to communicate from.
Hostname hostname of client to be registered
Service name Text string. Unique name of the service
the client is integrated in.
E.g. 'ScanDetector_1.0'. This is mandatory for
'Sender' client. Default value null is used for
'Receiver' client.
Type of client Either 'Sender' or 'Receiver'.
Type of requested events Type of events the client only accepts from
the Warden server. This is mandatory only for
'Receiver' client. Default value null is used
for 'Sender' client. Brief information about
event types is provided in section G. Functions
arguments and calls.
Receiving of own events Enables receiving of events sent from your
organization domain = yes/no (organizations are
separated based on the top-level and
second-level domain). This is mandatory only
for 'Receiver' client.
Description tags Tags are case insensitive alphanumeric strings
designed to allow event receivers to filter
according to event source. For example,
receiver can decide to use only events
originating from honeypots or filter out events
generated manually by users. This is mandatory
for 'Sender' client.
CIDR CIDR stands for IP (sub)net the client is going
to communicate from (see examples below!). Any
communications between the client and the Warden
server must be performed from IP address from
a range stated in CIDR.
Examples: '123.123.0.0/16', '123.123.123.123/32'
For complete information about client attributes and/or event types you will
have to contact particular Warden server administrator/provider.
--------------------------------------------------------------------------------
D. Installation (First installation of the Warden client package)
C. Installation (First installation of the Warden client package)
1. Check SHA1 checksum of corresponding Warden client package archive
......@@ -164,7 +105,7 @@ D. Installation (First installation of the Warden client package)
After successful installation process you are advised to check configuration
file warden-client/etc/warden-client.conf. For more information see section
below G. Configuration.
below F. Configuration.
6. Usage of install.sh
......@@ -172,7 +113,7 @@ D. Installation (First installation of the Warden client package)
[-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]
-d <directory> installation directory (default: /opt)
-u <user> owner of warden client package (user for
running detection scripts)
running detection scripts)
-k <ssl_key_file> SSL certificate key file path
-c <ssl_cert_file> SSL certificate file path
-a <ssl_ca_file> CA certificate file path
......@@ -184,7 +125,7 @@ D. Installation (First installation of the Warden client package)
--------------------------------------------------------------------------------
E. Update (Update of previously installed the Warden client package)
D. Update (Update of previously installed the Warden client package)
1. Check SHA1 checksum of corresponding the Warden client package archive
......@@ -206,7 +147,7 @@ E. Update (Update of previously installed the Warden client package)
After successful update process you are advised to check configuration
file warden-client/etc/warden-client.conf. For more information see section
G. Configuration.
F. Configuration.
5. Usage of update.sh
......@@ -221,7 +162,7 @@ E. Update (Update of previously installed the Warden client package)
--------------------------------------------------------------------------------
F. Uninstallation
E. Uninstallation
1. Run uninstall.sh
......@@ -246,7 +187,7 @@ F. Uninstallation
--------------------------------------------------------------------------------
G. Configuration
F. Configuration
SOAP protocol is used for handling communication between server and clients.
Therefore, correct URI of the Warden server must be set.
......@@ -269,11 +210,71 @@ G. Configuration
e.g. '/etc/ssl/certs/tcs-ca-bundle.pem'
--------------------------------------------------------------------------------
G. Registration
Any client attempting to communicate with the Warden server must be
registered on this server. Unknown (not registered) clients are not allowed
to exchange any data with server.
Registration of your client is provided by the Warden server administrator.
Usually via e-mail.
Clients also need to have valid client SSL certificates to prove their
identity to the Warden server.
Each client is defined by its hostname, service name, type of client, type
of requested events, receiving of own events, description tags and CIDR
this client is allowed to communicate from.
Hostname hostname of client to be registered
Service name Text string. Unique name of the service the client
is integrated in.
E.g. 'ScanDetector_1.0'. This is mandatory for
'Sender' client. Default value null is used for
'Receiver' client.
Type of client Either 'Sender' or 'Receiver'.
Type of requested events Type of events the client only accepts from
the Warden server. This is mandatory only for
'Receiver' client. Default value null is used
for 'Sender' client. Brief information about
event types is provided in section I. Functions
arguments and calls.
Receiving of own events Enables receiving of events sent from your
organization domain = yes/no (organizations are
separated based on the top-level and
second-level domain). This is mandatory only
for 'Receiver' client.
Description tags Tags are case insensitive alphanumeric strings
designed to allow event receivers to filter
according to event source. For example,
receiver can decide to use only events
originating from honeypots or filter out events
generated manually by users. This is mandatory
for 'Sender' client.
CIDR CIDR stands for IP (sub)net the client is going
to communicate from (see examples below!). Any
communications between the client and the Warden
server must be performed from IP address from
a range stated in CIDR.
Examples: '123.123.0.0/16', '123.123.123.123/32'
For complete information about client attributes and/or event types you will
have to contact particular Warden server administrator/provider.
--------------------------------------------------------------------------------
H. Integration with Local Applications
(Note: Clients need to be registered on server to be able to communicate with
server properly. See section C. Registration for more information about
server properly. See section G. Registration for more information about
client registration.)
1. Client sender (this type of client reports events to the Warden server)
......@@ -331,7 +332,7 @@ I. Functions, Arguments and Calls
# SERVICE - VARCHAR (64)
# Name of a service detecting this event. Service must be the same with this
# provided in 'Sender' client registration. See more about this issue in
# section C. Registration.
# section G. Registration.
$service = "ScanDetector";
# DETECTED - TIMESTAMP in UTC, ISO 8601
......@@ -413,7 +414,7 @@ I. Functions, Arguments and Calls
# Definition of requested event type. Type must be the same with this
# provided in 'Receiver' client registration. See more about this issue in
# section C. Registration. See more about event types in section
# section G. Registration. See more about event types in section
# I. 1. WardenClientSend::saveNewEvent
$requested_type = "botnet_c_c";
......@@ -428,3 +429,4 @@ I. Functions, Arguments and Calls
--------------------------------------------------------------------------------
Copyright (C) 2011-2012 Cesnet z.s.p.o
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment