diff --git a/src/warden-server/doc/README b/src/warden-server/doc/README
index 2309909e7d52f6f1037b1fa4d7d3107405814337..7220cc292432cf50eccb72de901eb4629f6ca1ca 100644
--- a/src/warden-server/doc/README
+++ b/src/warden-server/doc/README
@@ -8,23 +8,22 @@ Content
B. Installation Dependencies
C. Installation
D. Configuration
- E. Update
- F. Init Scripts
- G. Registration of Clients
- H. Status Info
- I. Nagios Integration
- J. Authors
+ E. Init Scripts
+ F. Registration of Clients
+ G. Status Info
+ H. Nagios Integration
+ I. Authors
--------------------------------------------------------------------------------
A. Overall Information
- 1. About Warden Client
+ 1. About Warden System
Warden is a client-based architecture service designed to share detected
security issues (events) among CSIRT and CERT teams in a simple and fast way.
This package offers full server functionality to both install and maintain
- Warden server and to register and/or unregister particular clients.
+ the Warden server and to register and/or unregister particular clients.
2. Version
@@ -73,45 +72,34 @@ B. Installation Dependencies
--------------------------------------------------------------------------------
C. Installation
- /*TODO*/Zkontrolovat, co z klienta plati i pro server a doplnit chybejici...
-
1. Check SHA1 checksum of corresponding Warden client package archive
- $ sha1sum -c warden-client-1.0.0.tar.gz.sig
+ $ sha1sum -c warden-server-1.0.0.tar.gz.sig
2. Untar it
- $ tar xzvf warden-client-1.0.0.tar.gz
+ $ tar xzvf warden-server-1.0.0.tar.gz
3. Run install.sh
- Default destination directory is /opt/warden-client/
+ Default destination directory is /opt/warden-server/
For more information about install.sh options run install.sh -h
You must be root for running this script.
- 4. Installation Privileges
-
- Warden-client is designed to be run under standard privileges. It should be
- part of other applications run under usual user privileges. However
- warden-client uses SSL certificates for security purposes which are often
- not accessible by standard users.
-
- To solve this issue warden-client should be install under root privileges.
- It copyies local SSL key and certificate files into warden-client/etc
- folder where those are accessible even with standard privileges.
+ 4. /*TODO*/Zkontrolovat Installation Privileges
- Should any user want to preserve standard location of certificate files,
- he or she is advised to remove key and certificate files after installation
- from /warden-client/etc/ and manually edit paths to certificate files in
- warden-client/etc/warden-client.conf. In most cases, this change will force
- warden-client to be run under root privileges though.
-
- 5. Configuration file
+ 5. Configuration files
- You are advised to check configuration file
- warden-client/etc/warden-client.conf. After installation.
+ You are advised to check configuration file warden-server.conf and
+ warden-client.cong in warden-server/etc directory after installation.
+
+ Although this is the Warden server package it also contains several
+ functions (administrators and maintain) that are strictly client-side in
+ a way the Warden system handles functions. Therefore you have to check both
+ server and client config files to make sure your installation of the Warden
+ server was successful and complete.
SOAP protocol is used for handling communication between server and clients.
Therefore, correct URI of Warden server must be set.
@@ -119,20 +107,56 @@ C. Installation
Authentication of clients and server is performed using client and server
SSL certificates. Both clients and server must have valid certificate.
- Configuration file contains following parameters:
+ Configuration files contain following parameters:
+
+ a] warden-client.conf:
URI - URI Warden server
e.g. 'https://warden-dev.cesnet.cz:443/Warden'
SSL_KEY_FILE - path to a host key file,
- e.g. '/opt/warden-client/etc/warden-dev.cesnet.cz.key'
+ e.g. '/opt/warden-servere/warden-dev.cesnet.cz.key'
SSL_CERT_FILE - path to a host certificate file,
- e.g. '/opt/warden-client/etc/warden-dev.cesnet.cz.pem'
+ e.g. '/opt/warden-server/etc/warden-dev.cesnet.cz.pem'
SSL_CA_FILE - path to a CA file
e.g. '/etc/ssl/certs/tcs-ca-bundle.pem'
+ b] warden-server.conf
+
+ The Warden server configuration file contains:
+
+ ADDRESS - IP address/domain name of the Warden server
+ e.g. warden-dev.cesnet.cz
+
+ PORT - used TCP port for the Warden server
+ e.g. 443
+
+ BASEDIR - base directory of the Warden server
+ e.g. /opt/warden-server/
+
+ VARDIR - var directory
+ e.g. $BASEDIR/var/
+
+ LOGDIR - logging directory
+ e.g. /var/log/
+
+ PIDDIR - process ID directory
+ e.g. /var/run/
+
+ SSL_KEY_FILE - path to the server SSL certificate key file
+ e.g. /etc/ssl/private/warden-dev.cesnet.cz.key
+
+ SSL_CERT_FILE - path to the server SSL certificate file
+ e.g. /etc/ssl/certs/warden-dev.cesnet.cz.pem
+
+ SSL_CA_FILE - path to a CA certificate file
+ e.g. /etc/ssl/certs/tcs-ca-bundle.pem
+
+ FACILITY - syslog facility
+ e.g. local7
+
6. Usage of install.sh
Usage: $ ./install.sh [-d <directory>] [-u <user>] [-k <ssl_key_file>]
@@ -152,17 +176,10 @@ C. Installation
D. Configuration
/*TODO*/Doplnit konfiguraci (warden.conf) - mozna to v klientske verzi
- zasahuje do predchozi sekce, zkontrolovat
+ zasahuje do predchozi sekce, zkontrolovat.
---------------------------------------------------------------------------------
-E. Update
-
- /*TODO*/Doplnit, jak se dela update...
-
- To upgrade a client, install a new version.
-
---------------------------------------------------------------------------------
-F. Init Scripts
+-------------------------------------------------------------------------------
+E. Init Scripts
/*TODO*/Doplnit init scripty
@@ -187,12 +204,14 @@ F. Init Scripts
/*TODO*/Doplnit...
--------------------------------------------------------------------------------
-G. Registration of Clients
+F. Registration of Clients
The Warden server administrator is responsible for registering new clients or
removing those already registered. Both registration or unregistreation scripts
are provided in the Warden server package. Those scripts should be run from
- localhost (the same machine the Warden server is installed and running on).
+ localhost (the same machine the Warden server is installed and running on) as
+ they are meant to be administrator functions that are included in the Warden
+ server package only.
Members of Warden community who would like to have their client registered must
contact the Warden server administrator with the requirement. This is usually
@@ -249,26 +268,36 @@ G. Registration of Clients
One can always run unregisterClient.pl with -h argument to see a help.
--------------------------------------------------------------------------------
-H. Status Info
+G. Status Info
+
+ Functions in this sections shows status of active (registered) clients or
+ the Warden server itself to the Warden system administrator.
- /*TODO*/Popsat praci s administrativnimi/dohledovymi funkcemi
+ Similarly to the previous section, these functions should be run from
+ localhost (e. g. from the same machine the Warden server is installed and
+ running on) as they are meant to be administrator functions that are included
+ in the Warden server package only.
1. Get Status
- /*TODO*/Doplnit...
+ Function getStatus is accessible via warden-server/bin/getStatus.pl Perl
+ script. Function has no input parameters and returns precise info about
+ the Warden server/db status.
2. Get Clients
- /*TODO*/Doplnit...
+ Function getClients is accessible via warden-server/bin/getClients.pl Perl
+ script. Function has no input parametres and returns detailed information
+ about registered or unregistered clients.
--------------------------------------------------------------------------------
-I. Nagios Integration
+H. Nagios Integration
Nagios controll is available via Nagios plugin located in
/opt/warden-server/bin/warden-alive.
--------------------------------------------------------------------------------
-J. Authors
+I. Authors
Development: Tomas PLESNIK <plesnik@ics.muni.cz>
Jan SOUKAL <soukal@ics.muni.cz>