doplneno readme. spellcheck, pre-finalni verze.

cded3391 · Jan Soukal · ff80fad3 · cded3391
Commit cded3391 authored 13 years ago by Jan Soukal
--- a/src/warden-server/doc/README
+++ b/src/warden-server/doc/README
@@ -7,19 +7,17 @@ Content
 A. Overall Information
 B. Installation Dependencies
 C. Installation
- D. Configuration
+ D. Miscellaneous
- E. Init Scripts
+ E. Registration of Clients
- F. Registration of Clients
+ F. Status Info
- G. Status Info
+ G. Authors
- H. Nagios Integration
- I. Authors
 --------------------------------------------------------------------------------
 A. Overall Information
 1. About Warden System
-    Warden is a client-based architecture service designed to share detected
+    Warden is a client-server architecture service designed to share detected
    security issues (events) among CSIRT and CERT teams in a simple and fast way.
    This package offers full server functionality to both install and maintain
@@ -33,7 +31,8 @@ A. Overall Information
    warden-server/
      bin/
-        getClients.pl
+        create_tables.sh
+	getClients.pl
 	getStatus.pl
 	registerReceiver.pl
 	registerSender.pl
@@ -49,19 +48,19 @@ A. Overall Information
      etc/
        warden-client.conf
 	warden-server.conf
+	package_version
      lib/
        WardenConf.pm
        WardenReg.pm
        WardenStatus.pm  
-      sh/
+      var/
-        create_table
+        warden.db
-	install
+      uninstall.sh
-	update
 --------------------------------------------------------------------------------
 B. Installation Dependencies
- 1. Aplications:
+ 1. Applications:
    Perl	>= 5.10.1
    SQLite	>= 3.7.3
@@ -87,13 +86,13 @@ B. Installation Dependencies
 --------------------------------------------------------------------------------
 C. Installation
- 1. Check SHA1 checksum of corresponding Warden client package archive
+ 1. Check SHA1 checksum of corresponding Warden server package archive
-    $ sha1sum -c warden-server-1.0.0.tar.gz.sig
+    $ sha1sum -c warden-server-0.1.0.tar.gz.sig
 2. Untar it
-    $ tar xzvf warden-server-1.0.0.tar.gz
+    $ tar xzvf warden-server-0.1.0.tar.gz
 3. Run install.sh 
@@ -103,12 +102,10 @@ C. Installation
    You must be root for running this script.
- 4. /*TODO*/Zkontrolovat Installation Privileges
 5. Configuration files
    You are advised to check configuration file warden-server.conf and
-    warden-client.cong in warden-server/etc directory after installation.
+    warden-client.conf in warden-server/etc/ directory after installation.
    Although this is the Warden server package it also contains several
    functions (administrators and maintain) that are strictly client-side in
@@ -127,13 +124,13 @@ C. Installation
    a] warden-client.conf:
    URI 	  - URI Warden server
-          	    e.g. 'https://warden-dev.cesnet.cz:443/Warden'
+          	    e.g. 'https://warden.server.com:443/Warden'
    SSL_KEY_FILE  - path to a host key file,
-    	    	    e.g. '/opt/warden-servere/warden-dev.cesnet.cz.key'
+    	    	    e.g. '/etc/ssl/private/warden.server.com.key'
    SSL_CERT_FILE - path to a host certificate file,
-     		    e.g. '/opt/warden-server/etc/warden-dev.cesnet.cz.pem'
+     		    e.g. '/etc/ssl/certs/warden.server.com.pem'
    SSL_CA_FILE   - path to a CA file
                    e.g. '/etc/ssl/certs/tcs-ca-bundle.pem' 
@@ -143,7 +140,7 @@ C. Installation
    The Warden server configuration file contains:
    ADDRESS       - IP address/domain name of the Warden server
-                    e.g. warden-dev.cesnet.cz
+                    e.g. warden.server.com
    PORT          - used TCP port for the Warden server
 		    e.g. 443 
@@ -161,10 +158,10 @@ C. Installation
                    e.g. /var/run/
    SSL_KEY_FILE  - path to the server SSL certificate key file
-                    e.g. /etc/ssl/private/warden-dev.cesnet.cz.key
+                    e.g. /etc/ssl/private/warden.server.com.key
    SSL_CERT_FILE - path to the server SSL certificate file 
-                    e.g. /etc/ssl/certs/warden-dev.cesnet.cz.pem
+                    e.g. /etc/ssl/certs/warden.server.com.pem
    SSL_CA_FILE   - path to a CA certificate file
                    e.g. /etc/ssl/certs/tcs-ca-bundle.pem
@@ -174,55 +171,70 @@ C. Installation
 6. Usage of install.sh
-    Usage: $ ./install.sh [-d <directory>] [-u <user>] [-k <ssl_key_file>]
+    Usage: $ ./install.sh [-d <directory>] [-k <ssl_key_file>]
                          [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
 	-d <directory>            installation directory (default: /opt)
-	-u <user>                 owner of warden client package (user for
-				  running detection scripts)
 	-k <ssl_key_file>         SSL certificate key file path
 	-c <ssl_cert_file>        SSL certificate file path
 	-a <ssl_ca_file>          CA certificate file path
 	-h                        print this help
 	-V                        print script version number and exit
-    Example: $ ./install.sh -d /opt -u detector -k /etc/ssl/private/client.key
+    Example: $ ./install.sh -d /opt -k /etc/ssl/private/server.key
+                            -c /etc/ssl/certs/server.pem                            
--------------------------------------------------------------------------------
+			    -a /etc/ssl/certs/bundle.pem
-D. Configuration
+  7. Usage of uninstall.sh
-  /*TODO*/Doplnit konfiguraci (warden.conf) - mozna to v klientske verzi
+   Usage: $ ./uninstall.sh [-d <directory>] [-hV]
-  zasahuje do predchozi sekce, zkontrolovat.
+        -d <directory>            uninstallation directory (default: /opt)
+        -h                        print this help
+        -V                        print script version number and exit
-------------------------------------------------------------------------------
+   Example: # ./uninstall.sh -d /opt
-E. Init Scripts
+--------------------------------------------------------------------------------
+D. Miscellaneous
-  /*TODO*/Doplnit init scripty
+ 1. Error Messages
+    Error messages of the server functions are sent via Syslog to log file, in
+    default to /var/log/messages.
- 1. Start
+    During installation when Syslog reporting is not initiated yet, error
+    messages may be reported to the standard error output instead.
-    /*TODO*/Doplnit...
+ 2. Init Script
- 2. Stop
+    Usage: /etc/init.d/wardend [start|stop|status|restart|force-stop]
-    /*TODO*/Doplnit...
+    The PID of the Warden server process is stored in
+    /var/run/warden-server.pl.pid.
- 3. Restart
+    The lock file is placed in /var/lock/warden-server.
-    /*TODO*/Doplnit...
+    To start the Warden server after rebooting set init script 
+    /etc/init.d/wardend into runlevels configuration system.
- 4. Status
+ 3. Nagios Integration
-    /*TODO*/Doplnit...
+    Nagios control is available via Nagios plugin located in
+    /opt/warden-server/bin/warden-alive.
- 5. Force-stop
+ 4. Firewall
+    Make sure to allow TCP port listed in warden-server.conf ($PORT variable)
+    on your firewall.
-    /*TODO*/Doplnit...
+ 5. Privileges
+    The Warden server runs only under root privileges.
 --------------------------------------------------------------------------------
-F. Registration of Clients
+E. Registration of Clients
 The Warden server administrator is responsible for registering new clients or
- removing those already registered. Both registration or unregistreation scripts
+ removing those already registered. Both registration or unregistration scripts
 are provided in the Warden server package. Those scripts should be run from
 localhost (the same machine the Warden server is installed and running on) as
 they are meant to be administrator functions that are included in the Warden
@@ -235,8 +247,7 @@ F. Registration of Clients
 1. Register Sender
-    New sender clients are registered in Warden system via
+    New sender clients are registered in Warden system via registerSender.pl. 
-    warden-server/bin/registerSender.pl.
    Following attributes must be provided in order to register new client
    successfully:
@@ -252,8 +263,8 @@ F. Registration of Clients
 2. Register Receiver
-    New receiver clients are registered in Warden system via
+    New receiver clients are registered in Warden system via 
-    warden-server/bin/registerReceiver.pl.
+    registerReceiver.pl.
    Following attributes must be provided in order to register new client
    successfully:
@@ -269,11 +280,10 @@ F. Registration of Clients
    One can always run registerReceiver.pl with -h argument to see a help.
 3. Unregister Client
-    In the Warden system, already register clients can be removed (unregistered)
+    In the Warden system, already registered clients can be removed 
-    via warden-server/bin/unregisterClient.pl.
+    (unregistered) via unregisterClient.pl.
    Following attribute must be provided in order to unregister existing client
    successfully:
@@ -282,10 +292,15 @@ F. Registration of Clients
    One can always run unregisterClient.pl with -h argument to see a help.
+    Process of unregistration deletes this client from clients table in DB.
+    On the other hand, all messages stored by this client (considering "sender"
+    client) are not deleted, they are merely set 'invalid' in DB table events.
+    To be more specific: attribute "valid" in events table is set to 'f' (false).
 --------------------------------------------------------------------------------
-G. Status Info
+F. Status Info
-  Functions in this sections shows status of active (registered) clients or
+  Functions in this section show status of active (registered) clients or
  the Warden server itself to the Warden system administrator.
  Similarly to the previous section, these functions should be run from
@@ -295,24 +310,16 @@ G. Status Info
  1. Get Status
-     Function getStatus is accessible via warden-server/bin/getStatus.pl Perl
+     Function getStatus is accessible via getStatus.pl. Function has no input 
-     script. Function has no input parameters and returns precise info about
+     parameters and returns precise info about the Warden server/db status.
-     the Warden server/db status.
  2. Get Clients
-     Function getClients is accessible via warden-server/bin/getClients.pl Perl
+     Function getClients is accessible via getClients.pl. Function has no input 
-     script. Function has no input parametres and returns detailed information
+     parameters and returns detailed information about all registered clients.
-     about registered or unregistered clients.
--------------------------------------------------------------------------------
-H. Nagios Integration
-  Nagios controll is available via Nagios plugin located in
-  /opt/warden-server/bin/warden-alive.
 --------------------------------------------------------------------------------
-I. Authors
+G. Authors
 Development:	Tomas PLESNIK   <plesnik@ics.muni.cz>
 		Jan SOUKAL      <soukal@ics.muni.cz>
@@ -321,5 +328,3 @@ Copyright (C) 2012 Cesnet z.s.p.o
 Special thanks go to Martin Drasar from CSIRT-MU for his help and support
 in the development of Warden system.