diff --git a/src/warden-client/doc/README b/src/warden-client/doc/README
index a18fdf0cc36b20a5a97af4798198c52f9474308b..07bcef1b199f20b5ac1b824e5db911231cbd38e6 100644
--- a/src/warden-client/doc/README
+++ b/src/warden-client/doc/README
@@ -6,11 +6,11 @@ Content
A. Overall Information
B. Installation Dependencies
- C. Registration
- D. Installation
- E. Update
- F. Uninstallation
- G. Configuration
+ C. Installation
+ D. Update
+ E. Uninstallation
+ F. Configuration
+ G. Registration
H. Integration with Local Applications
I. Functions, Arguments and Calls
@@ -21,7 +21,8 @@ A. Overall Information
1. About Warden Client
Warden is a client-based architecture service designed to share detected
- security events (issues) among CSIRT and CERT teams in a simple and fast way.
+ security events (issues) among CSIRT and CERT teams in a simple and fast
+ way.
This package offers a client capable of both reporting events to server and
retreiving batch of new events from server. It consists of several Perl
@@ -55,76 +56,16 @@ A. Overall Information
--------------------------------------------------------------------------------
B. Installation Dependencies
- Perl >= 5.10.1
- SOAP::Lite >= 0.712
- IO::Socket::SSL >= 1.33
- SOAP::Transport::HTTP >= 0.712
- FindBin >= 1.50
- DateTime >= 0.61
+ Perl >= 5.10.1
+ SOAP::Lite >= 0.712
+ IO::Socket::SSL >= 1.33
+ SOAP::Transport::HTTP >= 0.712
+ FindBin >= 1.50
+ DateTime >= 0.61
--------------------------------------------------------------------------------
-C. Registration
-
- Any client attempting to communicate with the Warden server must be
- registered on this server. Unknown (not registered) clients are not allowed
- to exchange any data with server.
-
- Registration of your client is provided by the Warden server administrator.
- Usually via e-mail.
-
- Clients also need to have valid client SSL certificates to prove their
- identity to the Warden server.
-
- Each client is defined by its hostname, service name, type of client, type
- of requested events, receiving of own events, description tags and CIDR
- this client is allowed to communicate from.
-
- Hostname hostname of client to be registered
-
- Service name Text string. Unique name of the service
- the client is integrated in.
- E.g. 'ScanDetector_1.0'. This is mandatory for
- 'Sender' client. Default value null is used for
- 'Receiver' client.
-
- Type of client Either 'Sender' or 'Receiver'.
-
- Type of requested events Type of events the client only accepts from
- the Warden server. This is mandatory only for
- 'Receiver' client. Default value null is used
- for 'Sender' client. Brief information about
- event types is provided in section G. Functions
- arguments and calls.
-
- Receiving of own events Enables receiving of events sent from your
- organization domain = yes/no (organizations are
- separated based on the top-level and
- second-level domain). This is mandatory only
- for 'Receiver' client.
-
- Description tags Tags are case insensitive alphanumeric strings
- designed to allow event receivers to filter
- according to event source. For example,
- receiver can decide to use only events
- originating from honeypots or filter out events
- generated manually by users. This is mandatory
- for 'Sender' client.
-
- CIDR CIDR stands for IP (sub)net the client is going
- to communicate from (see examples below!). Any
- communications between the client and the Warden
- server must be performed from IP address from
- a range stated in CIDR.
- Examples: '123.123.0.0/16', '123.123.123.123/32'
-
-
- For complete information about client attributes and/or event types you will
- have to contact particular Warden server administrator/provider.
-
-
---------------------------------------------------------------------------------
-D. Installation (First installation of the Warden client package)
+C. Installation (First installation of the Warden client package)
1. Check SHA1 checksum of corresponding Warden client package archive
@@ -164,7 +105,7 @@ D. Installation (First installation of the Warden client package)
After successful installation process you are advised to check configuration
file warden-client/etc/warden-client.conf. For more information see section
- below G. Configuration.
+ below F. Configuration.
6. Usage of install.sh
@@ -172,7 +113,7 @@ D. Installation (First installation of the Warden client package)
[-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]
-d <directory> installation directory (default: /opt)
-u <user> owner of warden client package (user for
- running detection scripts)
+ running detection scripts)
-k <ssl_key_file> SSL certificate key file path
-c <ssl_cert_file> SSL certificate file path
-a <ssl_ca_file> CA certificate file path
@@ -184,7 +125,7 @@ D. Installation (First installation of the Warden client package)
--------------------------------------------------------------------------------
-E. Update (Update of previously installed the Warden client package)
+D. Update (Update of previously installed the Warden client package)
1. Check SHA1 checksum of corresponding the Warden client package archive
@@ -206,7 +147,7 @@ E. Update (Update of previously installed the Warden client package)
After successful update process you are advised to check configuration
file warden-client/etc/warden-client.conf. For more information see section
- G. Configuration.
+ F. Configuration.
5. Usage of update.sh
@@ -221,7 +162,7 @@ E. Update (Update of previously installed the Warden client package)
--------------------------------------------------------------------------------
-F. Uninstallation
+E. Uninstallation
1. Run uninstall.sh
@@ -246,7 +187,7 @@ F. Uninstallation
--------------------------------------------------------------------------------
-G. Configuration
+F. Configuration
SOAP protocol is used for handling communication between server and clients.
Therefore, correct URI of the Warden server must be set.
@@ -269,11 +210,71 @@ G. Configuration
e.g. '/etc/ssl/certs/tcs-ca-bundle.pem'
+--------------------------------------------------------------------------------
+G. Registration
+
+ Any client attempting to communicate with the Warden server must be
+ registered on this server. Unknown (not registered) clients are not allowed
+ to exchange any data with server.
+
+ Registration of your client is provided by the Warden server administrator.
+ Usually via e-mail.
+
+ Clients also need to have valid client SSL certificates to prove their
+ identity to the Warden server.
+
+ Each client is defined by its hostname, service name, type of client, type
+ of requested events, receiving of own events, description tags and CIDR
+ this client is allowed to communicate from.
+
+ Hostname hostname of client to be registered
+
+ Service name Text string. Unique name of the service the client
+ is integrated in.
+ E.g. 'ScanDetector_1.0'. This is mandatory for
+ 'Sender' client. Default value null is used for
+ 'Receiver' client.
+
+ Type of client Either 'Sender' or 'Receiver'.
+
+ Type of requested events Type of events the client only accepts from
+ the Warden server. This is mandatory only for
+ 'Receiver' client. Default value null is used
+ for 'Sender' client. Brief information about
+ event types is provided in section I. Functions
+ arguments and calls.
+
+ Receiving of own events Enables receiving of events sent from your
+ organization domain = yes/no (organizations are
+ separated based on the top-level and
+ second-level domain). This is mandatory only
+ for 'Receiver' client.
+
+ Description tags Tags are case insensitive alphanumeric strings
+ designed to allow event receivers to filter
+ according to event source. For example,
+ receiver can decide to use only events
+ originating from honeypots or filter out events
+ generated manually by users. This is mandatory
+ for 'Sender' client.
+
+ CIDR CIDR stands for IP (sub)net the client is going
+ to communicate from (see examples below!). Any
+ communications between the client and the Warden
+ server must be performed from IP address from
+ a range stated in CIDR.
+ Examples: '123.123.0.0/16', '123.123.123.123/32'
+
+
+ For complete information about client attributes and/or event types you will
+ have to contact particular Warden server administrator/provider.
+
+
--------------------------------------------------------------------------------
H. Integration with Local Applications
(Note: Clients need to be registered on server to be able to communicate with
- server properly. See section C. Registration for more information about
+ server properly. See section G. Registration for more information about
client registration.)
1. Client sender (this type of client reports events to the Warden server)
@@ -331,7 +332,7 @@ I. Functions, Arguments and Calls
# SERVICE - VARCHAR (64)
# Name of a service detecting this event. Service must be the same with this
# provided in 'Sender' client registration. See more about this issue in
- # section C. Registration.
+ # section G. Registration.
$service = "ScanDetector";
# DETECTED - TIMESTAMP in UTC, ISO 8601
@@ -413,7 +414,7 @@ I. Functions, Arguments and Calls
# Definition of requested event type. Type must be the same with this
# provided in 'Receiver' client registration. See more about this issue in
- # section C. Registration. See more about event types in section
+ # section G. Registration. See more about event types in section
# I. 1. WardenClientSend::saveNewEvent
$requested_type = "botnet_c_c";
@@ -428,3 +429,4 @@ I. Functions, Arguments and Calls
--------------------------------------------------------------------------------
Copyright (C) 2011-2012 Cesnet z.s.p.o
+