Yule is the central 'log-server' for samhain logs..
./configure --with-log-file=/logs/yule/yule.log --with-html-file=/logs/yule/yule.html --enable-network=server --with-database=mysql --enable-xml-log
make make install make install-boot
./samhain_setpwd
Usage: samhain_setpwd <filename> <suffix> <new_password>
This program is a utility that will:
- search in the binary executable <filename> for samhain's
compiled-in default password,
- change it to <new_password>,
- and output the modified binary to <filename>.<suffix>
To allow for non-printable chars, <new_password> must be a 16-digit hexadecimal number (only 0-9,A-F allowed in input), thus corresponding to an 8-byte password.
Example: 'samhain_setpwd samhain new 4142434445464748'
takes the file 'samhain', sets the password to 'ABCDEFGH'
('A' = 41 hex, 'B' = 42 hex, ...) and outputs the result
to 'samhain.new'.
# yule -G 5B5CDF18CE8D66A3
# ./samhain_setpwd samhain $computer_name 5B5CDF18CE8D66A3 INFO old password found INFO replaced: f7c312aaaa12c3f7 by: 5b5cdf18ce8d66a3 INFO finished
# scp ./samhain.$computer_name root@$computer_name:/usr/local/sbin/samhain samhain 100% || 592 KB 00:00
rainer$ yule -P 5B5CDF18CE8D66A3 Client=HOSTNAME@8A542F99C3514499@744C3A3EE8323470D9DAD42E2485BD0B138F6B4116E964\ A9991A0B0D221E1AADE5800968804B99B494C39E7B9DD5710D18F1E6703D1DB6D6393295E05DF6A\ 6AA8D10BB4A21D7D9DC4901D444500D4EA358C1B44A3E3D44ACEC645F938F790A11AB0D03586143\ 977E2BCE3A2D689445AC89134B409E68F34B0DE8BD8242ADD7C0
# yule -P 5B5CDF18CE8D66A3
copy output to end of /etc/yulerc
rainer$ tail -2 /etc/yulerc [Clients] Client=client.example.com@8A542F99C3514499@744C3A3EE8323470D9DAD42E2485BD0B138F 6B4116E964A9991A0B0D221E1AADE5800968804B99B494C39E7B9DD5710D18F1E6703D1DB6D6393 295E05DF6A6AA8D10BB4A21D7D9DC4901D444500D4EA358C1B44A3E3D44ACEC645F938F790A11AB 0D03586143977E2BCE3A2D689445AC89134B409E68F34B0DE8BD8242ADD7C0
# /etc/init.d/yule reload