diff --git a/src/warden-server/doc/README b/src/warden-server/doc/README
index b964138930e6669d31ef2e6f51515bffda328a6d..344b64a729033e7a84b5f7df33b594dce71204e0 100644
--- a/src/warden-server/doc/README
+++ b/src/warden-server/doc/README
@@ -7,9 +7,11 @@ Content
A. Overall Information
B. Installation Dependencies
C. Installation
- D. Miscellaneous
- E. Registration of Clients
- F. Status Info
+ D. Update
+ E. Uninstallation
+ F. Miscellaneous
+ G. Registration of Clients
+ H. Status Info
--------------------------------------------------------------------------------
A. Overall Information
@@ -56,6 +58,7 @@ A. Overall Information
ApacheDispatch.pm
uninstall.sh
+
--------------------------------------------------------------------------------
B. Installation Dependencies
@@ -78,9 +81,11 @@ B. Installation Dependencies
DateTime >= 0.61
Getopt::Std >= 1.06
Switch >= 2.14
- IO::Socket::SSL >= 1.74
- MIME::Base64 >= 3.08
- Crypt::X509 >= 0.40
+ IO::Socket::SSL >= 1.66
+ MIME::Base64 >= 3.08
+ Crypt::X509 >= 0.40
+ Carp >= 1.11
+
--------------------------------------------------------------------------------
C. Installation
@@ -95,10 +100,23 @@ C. Installation
3. Run install.sh.
- Default destination directory is /opt/warden-server/
+ Default installation directory is /opt/warden-server/
For more information about install.sh options run install.sh -h
+ Usage: $ ./install.sh [-d <directory>] [-k <ssl_key_file>]
+ [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
+ -d <directory> installation directory (default: /opt)
+ -k <ssl_key_file> SSL certificate key file path
+ -c <ssl_cert_file> SSL certificate file path
+ -a <ssl_ca_file> CA certificate file path
+ -h print this help
+ -V print script version number and exit
+
+ Example: # ./install.sh -d /opt -k /etc/ssl/private/server.key
+ -c /etc/ssl/certs/server.pem
+ -a /etc/ssl/certs/bundle.pem
+
You must be root for running this script.
4. Configuration files
@@ -136,17 +154,18 @@ C. Installation
SSL_CA_FILE - path to a CA file
e.g. '/etc/ssl/certs/tcs-ca-bundle.pem'
- b) warden-server.conf
+
+ b) warden-server.conf:
The Warden server configuration file contains:
BASEDIR - base directory of the Warden server
e.g. /opt/warden-server/
- SYSLOG - enable/disable logging via syslog
+ SYSLOG - enable/disable syslog logging
e.g. 1
- SYSLOG_VERBOSE - enable/disable verbose mode (stack information added)
+ SYSLOG_VERBOSE - enable/disable logging in verbose mode (stack info added)
e.g. 1
SYSLOG_FACILITY - syslog facility
@@ -163,13 +182,22 @@ C. Installation
DB_HOST - MySQL database host
e.g. localhost
- MAX_EVENTS_LIMIT - maximum number of events that can be downloaded from Warden server
- in a single getNewEvents client function call
- e.g. 2000000
+ MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
+ delivered to one client in one batch
+ e.g. 1000000
+
+ VALID_STRINGS - validation hash containing allowed event attributes
+ e.g.
+
+ %VALID_STRINGS = (
+ 'type' => ['portscan', 'bruteforce', 'probe', 'spam', 'phishing', 'botnet_c_c', 'dos', 'malware', 'copyright', 'webattack', 'test', 'other'],
+ 'source_type' => ['IP', 'URL', 'Reply-To:']
+ );
+
c) warden-apache.conf
- The Apache2 configuration file for Warden server
+ The Apache2 configuration file for Warden server:
SSLEngine on
@@ -193,22 +221,18 @@ C. Installation
</Location>
- 5. Usage of install.sh
+--------------------------------------------------------------------------------
+D. Update
+
- Usage: $ ./install.sh [-d <directory>] [-k <ssl_key_file>]
- [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
- -d <directory> installation directory (default: /opt)
- -k <ssl_key_file> SSL certificate key file path
- -c <ssl_cert_file> SSL certificate file path
- -a <ssl_ca_file> CA certificate file path
- -h print this help
- -V print script version number and exit
-
- Example: $ ./install.sh -d /opt -k /etc/ssl/private/server.key
- -c /etc/ssl/certs/server.pem
- -a /etc/ssl/certs/bundle.pem
+--------------------------------------------------------------------------------
+E. Uninstallation
- 6. Usage of uninstall.sh
+ For uninstallation of the Warden server package from local machine use uninstall.sh.
+
+ Default uninstallation directory is /opt/warden-server/.
+
+ For more information about uninstall.sh options run uninstall.sh -h
Usage: $ ./uninstall.sh [-d <directory>] [-hV]
-d <directory> uninstallation directory (default: /opt)
@@ -216,9 +240,12 @@ C. Installation
-V print script version number and exit
Example: # ./uninstall.sh -d /opt
-
+
+ You must be root for running this script.
+
+
--------------------------------------------------------------------------------
-D. Miscellaneous
+F. Miscellaneous
1. Error Messages
@@ -227,7 +254,7 @@ D. Miscellaneous
2. Firewall Settings
- Make sure that the TCP port listed in /etc/apache2/sites-enables/default
+ Make sure that the TCP port listed in /etc/apache2/sites-enables/default(-ssl)
is allowed on your firewall.
3. Privileges
@@ -239,7 +266,7 @@ D. Miscellaneous
No issues are known.
--------------------------------------------------------------------------------
-E. Registration of Clients
+G. Registration of Clients
The Warden server administrator is responsible for registering new clients or
removing those already registered. Both registration or unregistration scripts
@@ -303,7 +330,7 @@ E. Registration of Clients
deleted, they are merely set 'invalid' in DB table events.
--------------------------------------------------------------------------------
-F. Status Info
+H. Status Info
Functions in this section show status of the Warden server and active
(registered) clients to the Warden system administrator.