====== Yule ====== Yule is the central 'log-server' for samhain logs.. ===== Config, Make & Make Install ===== ./configure --with-log-file=/logs/yule/yule.log --with-html-file=/logs/yule/yule.html --enable-network=server --with-database=mysql --enable-xml-log make make install make install-boot ===== Client Pairing ===== ./samhain_setpwd Usage: samhain_setpwd This program is a utility that will: - search in the binary executable for samhain's compiled-in default password, - change it to , - and output the modified binary to . To allow for non-printable chars, must be a 16-digit hexadecimal number (only 0-9,A-F allowed in input), thus corresponding to an 8-byte password. Example: 'samhain_setpwd samhain new 4142434445464748' takes the file 'samhain', sets the password to 'ABCDEFGH' ('A' = 41 hex, 'B' = 42 hex, ...) and outputs the result to 'samhain.new'. # yule -G 5B5CDF18CE8D66A3 # ./samhain_setpwd samhain $computer_name 5B5CDF18CE8D66A3 INFO old password found INFO replaced: f7c312aaaa12c3f7 by: 5b5cdf18ce8d66a3 INFO finished # scp ./samhain.$computer_name root@$computer_name:/usr/local/sbin/samhain samhain 100% |********************************| 592 KB 00:00 rainer$ yule -P 5B5CDF18CE8D66A3 Client=HOSTNAME@8A542F99C3514499@744C3A3EE8323470D9DAD42E2485BD0B138F6B4116E964\ A9991A0B0D221E1AADE5800968804B99B494C39E7B9DD5710D18F1E6703D1DB6D6393295E05DF6A\ 6AA8D10BB4A21D7D9DC4901D444500D4EA358C1B44A3E3D44ACEC645F938F790A11AB0D03586143\ 977E2BCE3A2D689445AC89134B409E68F34B0DE8BD8242ADD7C0 # yule -P 5B5CDF18CE8D66A3 copy output to end of /etc/yulerc rainer$ tail -2 /etc/yulerc [Clients] Client=client.example.com@8A542F99C3514499@744C3A3EE8323470D9DAD42E2485BD0B138F 6B4116E964A9991A0B0D221E1AADE5800968804B99B494C39E7B9DD5710D18F1E6703D1DB6D6393 295E05DF6A6AA8D10BB4A21D7D9DC4901D444500D4EA358C1B44A3E3D44ACEC645F938F790A11AB 0D03586143977E2BCE3A2D689445AC89134B409E68F34B0DE8BD8242ADD7C0 # /etc/init.d/yule reload