| [1] | 1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> | 
|---|
|  | 2 | <html> | 
|---|
|  | 3 | <head> | 
|---|
|  | 4 | <title>HOWTO client+server</title> | 
|---|
|  | 5 | <style type="text/css"> | 
|---|
|  | 6 | <!-- | 
|---|
|  | 7 |  | 
|---|
|  | 8 | html { background: #eee; color: #000; } | 
|---|
|  | 9 |  | 
|---|
|  | 10 | body { background: #eee; color: #000; margin: 0; padding: 0;} | 
|---|
|  | 11 |  | 
|---|
|  | 12 | div.body { | 
|---|
|  | 13 | background: #fff; color: #000; | 
|---|
|  | 14 | margin: 0 1em 0 1em; padding: 1em; | 
|---|
|  | 15 | font-family: serif; | 
|---|
|  | 16 | font-size: 1em; line-height: 1.2em; | 
|---|
|  | 17 | border-width: 0 1px 0 1px; | 
|---|
|  | 18 | border-style: solid; | 
|---|
|  | 19 | border-color: #aaa; | 
|---|
|  | 20 | } | 
|---|
|  | 21 |  | 
|---|
|  | 22 | div.block { | 
|---|
|  | 23 | background: #b6c5f2; color: #000; | 
|---|
|  | 24 | margin: 1em; padding: 0 1em 0 1em; | 
|---|
|  | 25 | border-width: 1px; | 
|---|
|  | 26 | border-style: solid; | 
|---|
|  | 27 | border-color: #2d4488; | 
|---|
|  | 28 | } | 
|---|
|  | 29 |  | 
|---|
|  | 30 | div.warnblock { | 
|---|
|  | 31 | background: #b6c5f2; color: #000; | 
|---|
|  | 32 | margin: 1em; padding: 0 1em 0 1em; | 
|---|
|  | 33 | border-width: 1px; | 
|---|
|  | 34 | border-style: solid; | 
|---|
|  | 35 | border-color: #FF9900; | 
|---|
|  | 36 | } | 
|---|
|  | 37 |  | 
|---|
|  | 38 | table { | 
|---|
|  | 39 | background: #F8F8F8; color: #000; | 
|---|
|  | 40 | margin: 1em; | 
|---|
|  | 41 | border-width: 0 0 0 1px; | 
|---|
|  | 42 | border-style: solid; | 
|---|
|  | 43 | border-color: #C0C0C0; | 
|---|
|  | 44 | } | 
|---|
|  | 45 |  | 
|---|
|  | 46 | td { | 
|---|
|  | 47 | border-width: 0 1px 1px 0; | 
|---|
|  | 48 | border-style: solid; | 
|---|
|  | 49 | border-color: #C0C0C0; | 
|---|
|  | 50 | } | 
|---|
|  | 51 |  | 
|---|
|  | 52 | th { | 
|---|
|  | 53 | background: #F8F8FF; | 
|---|
|  | 54 | border-width: 1px 1px 2px 0; | 
|---|
|  | 55 | border-style: solid; | 
|---|
|  | 56 | border-color: #C0C0C0; | 
|---|
|  | 57 | } | 
|---|
|  | 58 |  | 
|---|
|  | 59 |  | 
|---|
|  | 60 | /* body text, headings, and rules */ | 
|---|
|  | 61 |  | 
|---|
|  | 62 | p { margin: 0; text-indent: 0em; margin: 0 0 0.5em 0 } | 
|---|
|  | 63 |  | 
|---|
|  | 64 | h1, h2, h3, h4, h5, h6 { | 
|---|
|  | 65 | color: #206020; background: transparent; | 
|---|
|  | 66 | font-family: Optima, Arial, Helvetica, sans-serif; | 
|---|
|  | 67 | font-weight: normal; | 
|---|
|  | 68 | } | 
|---|
|  | 69 |  | 
|---|
|  | 70 | h1 { font-size: 1.69em; margin: 1.4em 0 0.4em 0; } | 
|---|
|  | 71 | h2 { font-size: 1.44em; margin: 1.4em 0 0.4em 0; } | 
|---|
|  | 72 | h3 { font-size: 1.21em; margin: 1.4em 0 0.4em 0; } | 
|---|
|  | 73 | h4 { font-size: 1.00em; margin: 1.4em 0 0.4em 0; } | 
|---|
|  | 74 | h5 { font-size: 0.81em; margin: 1.4em 0 0.4em 0; } | 
|---|
|  | 75 | h6 { font-size: 0.64em; margin: 1.4em 0 0.4em 0; } | 
|---|
|  | 76 |  | 
|---|
|  | 77 | hr { | 
|---|
|  | 78 | color: transparent; background: transparent; | 
|---|
|  | 79 | height: 0px; margin: 0.6em 0; | 
|---|
|  | 80 | border-width: 1px ; | 
|---|
|  | 81 | border-style: solid; | 
|---|
|  | 82 | border-color: #999; | 
|---|
|  | 83 | } | 
|---|
|  | 84 |  | 
|---|
|  | 85 | /* bulleted lists and definition lists */ | 
|---|
|  | 86 |  | 
|---|
|  | 87 | ul { margin: 0 1em 0.6em 2em; padding: 0; } | 
|---|
|  | 88 | li { margin: 0.4em 0 0 0; } | 
|---|
|  | 89 |  | 
|---|
|  | 90 | dl { margin: 0.6em 1em 0.6em 2em; } | 
|---|
|  | 91 | dt { color: #285577; } | 
|---|
|  | 92 |  | 
|---|
|  | 93 | tt { color: #602020; } | 
|---|
|  | 94 |  | 
|---|
|  | 95 | /* links */ | 
|---|
|  | 96 |  | 
|---|
|  | 97 | a.link { | 
|---|
|  | 98 | color: #33c; background: transparent; | 
|---|
|  | 99 | text-decoration: none; | 
|---|
|  | 100 | } | 
|---|
|  | 101 |  | 
|---|
|  | 102 | a:hover { | 
|---|
|  | 103 | color: #000; background: transparent; | 
|---|
|  | 104 | } | 
|---|
|  | 105 |  | 
|---|
|  | 106 | body > a { | 
|---|
|  | 107 | font-family: Optima, Arial, Helvetica, sans-serif; | 
|---|
|  | 108 | font-size: 0.81em; | 
|---|
|  | 109 | } | 
|---|
|  | 110 |  | 
|---|
|  | 111 | h1, h2, h3, h4, h5, h6 { | 
|---|
|  | 112 | color: #2d5588; background: transparent; | 
|---|
|  | 113 | font-family: Optima, Arial, Helvetica, sans-serif; | 
|---|
|  | 114 | font-weight: normal; | 
|---|
|  | 115 | } | 
|---|
|  | 116 |  | 
|---|
|  | 117 | --> | 
|---|
|  | 118 | </style></head> | 
|---|
|  | 119 |  | 
|---|
|  | 120 | <body> | 
|---|
|  | 121 | <div class="body"> | 
|---|
|  | 122 | <p style="text-align: center; background: #ccc; border: 1px solid #2d5588;"><a | 
|---|
|  | 123 | style="text-decoration: none;" | 
|---|
|  | 124 | href="http://www.la-samhna.de/samhain/">samhain file integrity | 
|---|
|  | 125 | scanner</a> | <a style="text-decoration: none;" | 
|---|
|  | 126 | href="http://www.la-samhna.de/samhain/s_documentation.html">online | 
|---|
|  | 127 | documentation</a></p> | 
|---|
|  | 128 | <br><center> | 
|---|
|  | 129 | <h1>Setting up a client/server samhain system</h1> | 
|---|
|  | 130 | </center> | 
|---|
|  | 131 | <br> | 
|---|
|  | 132 | <hr> | 
|---|
|  | 133 | <p> | 
|---|
|  | 134 | This document aims to explain how to set up a client/server | 
|---|
|  | 135 | samhain system, where the client (samhain) runs on one machine to be | 
|---|
|  | 136 | monitored, and sends reports via TCP/IP to a remote server (yule). | 
|---|
|  | 137 | </p> | 
|---|
|  | 138 | <p> | 
|---|
|  | 139 | <b>Please note:</b> the server (yule) does not perform any filesystem and/or | 
|---|
|  | 140 | kernel checks. If you want to perform such checks on the log server host, | 
|---|
|  | 141 | you need to run a samhain client on this host as well. | 
|---|
|  | 142 | </p> | 
|---|
|  | 143 | <p> | 
|---|
|  | 144 | Client and server are | 
|---|
|  | 145 | <b>distict applications</b>, and must be | 
|---|
| [553] | 146 | built separately. By default, installation names and paths (e.g. | 
|---|
| [1] | 147 | the configuration file) are | 
|---|
|  | 148 | different. Do not blame us if you abuse './configure' options to | 
|---|
|  | 149 | cause name clashes, if you install both on the same host. | 
|---|
|  | 150 | </p> | 
|---|
|  | 151 |  | 
|---|
|  | 152 | <h2>Introduction</h2> | 
|---|
|  | 153 | <p> | 
|---|
|  | 154 | Samhain can be compiled for remote logging to a central server via a | 
|---|
|  | 155 | secure (AES-encrypted, signed, and authenticated) TCP/IP connection. | 
|---|
|  | 156 | </p><p> | 
|---|
|  | 157 | In addition, both the client configuration file and the file signature | 
|---|
|  | 158 | database can be stored on the server. The client will then pull them from | 
|---|
|  | 159 | the server upon startup. | 
|---|
|  | 160 | </p><p> | 
|---|
|  | 161 | This requires three basic steps: | 
|---|
|  | 162 | </p> | 
|---|
|  | 163 | <ol> | 
|---|
|  | 164 | <li> | 
|---|
|  | 165 | compile and install server and client, | 
|---|
|  | 166 | </li> | 
|---|
|  | 167 | <li> | 
|---|
|  | 168 | establish trust between client and server, and | 
|---|
|  | 169 | </li> | 
|---|
|  | 170 | <li> | 
|---|
|  | 171 | enable remote logging in the client's configuration file. | 
|---|
|  | 172 | </li> | 
|---|
|  | 173 | </ol> | 
|---|
|  | 174 |  | 
|---|
|  | 175 |  | 
|---|
|  | 176 | <h2>Compiling</h2> | 
|---|
|  | 177 |  | 
|---|
|  | 178 | <h3>The server - yule</h3> | 
|---|
|  | 179 |  | 
|---|
|  | 180 | <p> | 
|---|
|  | 181 | <b>Note: </b> the server can be started with root privileges (e.g. to use | 
|---|
|  | 182 | a privileged port < 1024), but it will always | 
|---|
|  | 183 | drop root privileges irrevocably | 
|---|
|  | 184 | before accepting any connections, and run as a non-root user. This user | 
|---|
|  | 185 | can be specified explicitely with the <i>configure</i> | 
|---|
|  | 186 | option <tt>--enable-identity=USER</tt>. The default is | 
|---|
|  | 187 | the first existing user | 
|---|
|  | 188 | out of the list <i>yule, daemon, nobody</i>. | 
|---|
|  | 189 | </p> | 
|---|
|  | 190 |  | 
|---|
|  | 191 | <pre> | 
|---|
|  | 192 |  | 
|---|
|  | 193 | bash$ ./configure --enable-network=server | 
|---|
|  | 194 | bash$ make | 
|---|
|  | 195 | bash$ make install | 
|---|
|  | 196 |  | 
|---|
|  | 197 | </pre> | 
|---|
|  | 198 |  | 
|---|
|  | 199 | <h3>The client - samhain</h3> | 
|---|
|  | 200 |  | 
|---|
|  | 201 |  | 
|---|
|  | 202 | <ul> | 
|---|
|  | 203 | <li> | 
|---|
|  | 204 | <p> | 
|---|
|  | 205 | If you just want remote logging: | 
|---|
|  | 206 | </p><p> | 
|---|
|  | 207 | <tt>   ./configure --enable-network=client | 
|---|
|  | 208 | --with-logserver=server.example.com</tt> | 
|---|
|  | 209 | </p> | 
|---|
|  | 210 | </li> | 
|---|
|  | 211 | <li> | 
|---|
|  | 212 | <p> | 
|---|
|  | 213 | If you want configuration and database files on the server: | 
|---|
|  | 214 | </p><p> | 
|---|
|  | 215 | <tt>   ./configure --enable-network=client | 
|---|
|  | 216 | --with-logserver=server.example.com \<br /> | 
|---|
|  | 217 |         --with-config-file=REQ_FROM_SERVER/etc/samhainrc \<br /> | 
|---|
|  | 218 |         --with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file</tt> | 
|---|
|  | 219 | </p> | 
|---|
|  | 220 | </li> | 
|---|
|  | 221 | </ul> | 
|---|
|  | 222 | <p> | 
|---|
|  | 223 | The path after the keyword <tt>REQ_FROM_SERVER</tt> has the following meaning: | 
|---|
|  | 224 | <ul> | 
|---|
|  | 225 | <li>for the configuration file: | 
|---|
|  | 226 | <ul> | 
|---|
|  | 227 | <li> if <i>initializing</i>, and the connection to the server | 
|---|
|  | 228 | fails, samhain will fall back on the local file (if given); | 
|---|
|  | 229 | </li> | 
|---|
|  | 230 | <li> if in <i>check mode</i>, it is <i>ignored</i>. Samhain will | 
|---|
|  | 231 | abort if the connection to the server fails. | 
|---|
|  | 232 | </li> | 
|---|
|  | 233 | </ul> | 
|---|
|  | 234 | Thus, the local path allows you to initialize the database from a local | 
|---|
|  | 235 | configuration file before the client is known to the server. | 
|---|
|  | 236 | </li> | 
|---|
|  | 237 | <li>for the database file: | 
|---|
|  | 238 | <ul> | 
|---|
|  | 239 | <li> if <i>initializing</i>, the database is written to the local file; | 
|---|
|  | 240 | </li> | 
|---|
|  | 241 | <li> if in <i>check mode</i>, the local path is <i>ignored</i>. Samhain will | 
|---|
|  | 242 | abort if the connection to the server fails. | 
|---|
|  | 243 | </li> | 
|---|
|  | 244 | </ul> | 
|---|
|  | 245 | Thus, <i>init</i> (or <i>update</i>) always requires a local file that | 
|---|
|  | 246 | must be uploaded to the server thereafter. <b>Note</b> that if you | 
|---|
|  | 247 | use the <b>Beltane</b> web-based frontend, database updates can be performed | 
|---|
|  | 248 | on the server without ever running an <i>update</i> on the client. | 
|---|
|  | 249 | </li> | 
|---|
|  | 250 | </ul> | 
|---|
|  | 251 |  | 
|---|
|  | 252 | <h2>Establishing trust between client and server</h2> | 
|---|
|  | 253 |  | 
|---|
|  | 254 | <p> | 
|---|
|  | 255 | By default, samhain uses the SRP (Secure Remote Password) protocol, | 
|---|
|  | 256 | with a password that is <i>embedded in the client binary</i>, and a | 
|---|
|  | 257 | corresponding verifier that is in the <i>server configuration file</i>. | 
|---|
|  | 258 | </p> | 
|---|
|  | 259 |  | 
|---|
|  | 260 | <h3>Embedding the password in the client, and register it with the server</h3> | 
|---|
|  | 261 |  | 
|---|
|  | 262 | <p> | 
|---|
|  | 263 | To embed the password in the binary, there is a dummy password compiled | 
|---|
|  | 264 | in as placeholder, and a utility <i>samhain_setpwd</i> is provided that | 
|---|
|  | 265 | </p> | 
|---|
|  | 266 |  | 
|---|
|  | 267 | <ol> | 
|---|
|  | 268 | <li> | 
|---|
|  | 269 | takes a password as input, | 
|---|
|  | 270 | </li> | 
|---|
|  | 271 | <li> | 
|---|
|  | 272 | searches the original binary for the | 
|---|
|  | 273 | correct place (i.e. the placeholder), and | 
|---|
|  | 274 | </li> | 
|---|
|  | 275 | <li> | 
|---|
|  | 276 | writes a copy of the original binary, with the placeholder replaced | 
|---|
|  | 277 | by the password. The original is left untouched. The copy cannot | 
|---|
|  | 278 | be changed to another password anymore. | 
|---|
|  | 279 | </li> | 
|---|
|  | 280 | </ol> | 
|---|
|  | 281 |  | 
|---|
|  | 282 |  | 
|---|
|  | 283 | <p> | 
|---|
|  | 284 | For convenience, the server has functions to | 
|---|
|  | 285 | </p> | 
|---|
|  | 286 |  | 
|---|
|  | 287 | <ul> | 
|---|
|  | 288 | <li> | 
|---|
|  | 289 | <p> | 
|---|
|  | 290 | generate a random password in the correct format: | 
|---|
|  | 291 | </p><p> | 
|---|
|  | 292 | <tt>   sh$ yule -G</tt> | 
|---|
|  | 293 | </p> | 
|---|
|  | 294 | </li> | 
|---|
|  | 295 | <li> | 
|---|
|  | 296 | <p> | 
|---|
|  | 297 | and generate a corresponding entry for the | 
|---|
|  | 298 | server configuration file: | 
|---|
|  | 299 | </p><p> | 
|---|
|  | 300 | <tt>   sh$ yule -P PASSWORD</tt>. | 
|---|
|  | 301 | <p> | 
|---|
|  | 302 | </li> | 
|---|
|  | 303 | <li> | 
|---|
|  | 304 | The generated entry has a string <tt>'HOSTNAME'</tt> that you should | 
|---|
|  | 305 | replace with the fully qualified name of the client. This entry must | 
|---|
|  | 306 | then be placed in the <tt>[Clients]</tt> section of the yule configuration | 
|---|
|  | 307 | file (e.g. <tt>/etc/yulerc</tt>). | 
|---|
|  | 308 | </li> | 
|---|
|  | 309 | <li> | 
|---|
|  | 310 | Finally, you need to tell yule to reload the configuration (send SIGHUP, | 
|---|
|  | 311 | or use <tt>/etc/init.d/yule reload</tt>). | 
|---|
|  | 312 | </li> | 
|---|
|  | 313 | </ul> | 
|---|
|  | 314 |  | 
|---|
|  | 315 |  | 
|---|
|  | 316 | <h3>Example</h3> | 
|---|
|  | 317 |  | 
|---|
|  | 318 | <pre style="background-color:#DDDDDD; color:#000000"> | 
|---|
|  | 319 |  | 
|---|
|  | 320 | rainer$ ./samhain_setpwd | 
|---|
|  | 321 |  | 
|---|
|  | 322 | Usage: samhain_setpwd <filename> <suffix> <new_password> | 
|---|
|  | 323 |  | 
|---|
|  | 324 | This program is a utility that will: | 
|---|
|  | 325 | - search in the binary executable <filename> for samhain's | 
|---|
|  | 326 | compiled-in default password, | 
|---|
|  | 327 | - change it to <new_password>, | 
|---|
|  | 328 | - and output the modified binary to <filename>.<suffix> | 
|---|
|  | 329 |  | 
|---|
|  | 330 | To allow for non-printable chars, <new_password> must be | 
|---|
|  | 331 | a 16-digit hexadecimal number (only 0-9,A-F allowed in input), | 
|---|
|  | 332 | thus corresponding   to an 8-byte password. | 
|---|
|  | 333 |  | 
|---|
|  | 334 | Example: 'samhain_setpwd samhain new 4142434445464748' | 
|---|
|  | 335 | takes the file 'samhain', sets the password to 'ABCDEFGH' | 
|---|
|  | 336 | ('A' = 41 hex, 'B' = 42 hex, ...) and outputs the result | 
|---|
|  | 337 | to 'samhain.new'. | 
|---|
|  | 338 |  | 
|---|
|  | 339 | rainer$ yule -G | 
|---|
|  | 340 | 5B5CDF18CE8D66A3 | 
|---|
|  | 341 |  | 
|---|
|  | 342 | rainer$ ./samhain_setpwd samhain new 5B5CDF18CE8D66A3 | 
|---|
|  | 343 | INFO   old password found | 
|---|
|  | 344 | INFO   replaced:  f7c312aaaa12c3f7  by:  5b5cdf18ce8d66a3 | 
|---|
|  | 345 | INFO   finished | 
|---|
|  | 346 |  | 
|---|
|  | 347 | rainer$ scp ./samhain.new root@client.example.com:/usr/local/sbin/samhain | 
|---|
|  | 348 | samhain              100% |********************************|   592 KB    00:00 | 
|---|
|  | 349 |  | 
|---|
|  | 350 | rainer$ yule -P 5B5CDF18CE8D66A3 | 
|---|
|  | 351 | Client=HOSTNAME@8A542F99C3514499@744C3A3EE8323470D9DAD42E2485BD0B138F6B4116E964\ | 
|---|
|  | 352 | A9991A0B0D221E1AADE5800968804B99B494C39E7B9DD5710D18F1E6703D1DB6D6393295E05DF6A\ | 
|---|
|  | 353 | 6AA8D10BB4A21D7D9DC4901D444500D4EA358C1B44A3E3D44ACEC645F938F790A11AB0D03586143\ | 
|---|
|  | 354 | 977E2BCE3A2D689445AC89134B409E68F34B0DE8BD8242ADD7C0 | 
|---|
|  | 355 |  | 
|---|
|  | 356 | rainer$ yule -P 5B5CDF18CE8D66A3 | sed s%HOSTNAME%client.example.com% >> /etc/yulerc | 
|---|
|  | 357 |  | 
|---|
|  | 358 | rainer$ tail -2 /etc/yulerc | 
|---|
|  | 359 | [Clients] | 
|---|
|  | 360 | Client=client.example.com@8A542F99C3514499@744C3A3EE8323470D9DAD42E2485BD0B138F | 
|---|
|  | 361 | 6B4116E964A9991A0B0D221E1AADE5800968804B99B494C39E7B9DD5710D18F1E6703D1DB6D6393 | 
|---|
|  | 362 | 295E05DF6A6AA8D10BB4A21D7D9DC4901D444500D4EA358C1B44A3E3D44ACEC645F938F790A11AB | 
|---|
|  | 363 | 0D03586143977E2BCE3A2D689445AC89134B409E68F34B0DE8BD8242ADD7C0 | 
|---|
|  | 364 |  | 
|---|
|  | 365 | rainer$ /etc/init.d/yule reload | 
|---|
|  | 366 |  | 
|---|
|  | 367 | </pre> | 
|---|
|  | 368 |  | 
|---|
|  | 369 | <p> | 
|---|
|  | 370 | <b>Note 1:</b> the verifier <tt>Client=client.example.com@.....</tt> must be | 
|---|
|  | 371 | in the <b>[Clients]</b> section of the server configuration file. It is | 
|---|
|  | 372 | convenient if this is the last section in the config file, because then | 
|---|
|  | 373 | you can just concatenate the output of <tt>yule -P PASSWORD</tt> to the | 
|---|
|  | 374 | configuration file. This allows for better automatisation with a simple | 
|---|
|  | 375 | script. | 
|---|
|  | 376 | </p> | 
|---|
|  | 377 | <p> | 
|---|
|  | 378 | <b>Note 2:</b> samhain comes with a <b>deploy system</b> that handles | 
|---|
|  | 379 | the deployment of clients, including password embedding and server | 
|---|
|  | 380 | configuration, in a semi-automatic way. | 
|---|
|  | 381 | This deploy system is tested and used in a production system | 
|---|
|  | 382 | of more than 50 machines, and described in detail in Chapt. 10 of the MANUAL. | 
|---|
|  | 383 | </p> | 
|---|
|  | 384 |  | 
|---|
|  | 385 | <h2>Enabling remote logging</h2> | 
|---|
|  | 386 | <p> | 
|---|
|  | 387 | Samhain has multiple independent logging facilities (such as a local logfile, | 
|---|
|  | 388 | syslog, e-mail, TCP/IP, etc.) that can be used | 
|---|
|  | 389 | in parallel. You therefore have to specify in the client's configuration | 
|---|
|  | 390 | file, <b>which logging facility</b> you want to use. | 
|---|
|  | 391 | </p> | 
|---|
|  | 392 | <p> | 
|---|
|  | 393 | Selecting logging facilities is done by setting appropriate <b>thresholds</b> | 
|---|
|  | 394 | in the <b>[Log]</b> section of the configuration file: each | 
|---|
|  | 395 | message with a <b>priority</b> exceeding | 
|---|
|  | 396 | the threshold will be logged via the respective facility. Setting | 
|---|
|  | 397 | the threshold to <i>none</i> will disable a facility. For details, | 
|---|
|  | 398 | refer to Chapt. 4 in the MANUAL. | 
|---|
|  | 399 | </p> | 
|---|
|  | 400 | <h3>Example</h3> | 
|---|
|  | 401 | <p> | 
|---|
|  | 402 | To enable remote logging to the server for all messages of | 
|---|
|  | 403 | priority <i>error</i> or higher, use the following directive in the | 
|---|
|  | 404 | client configuration file: | 
|---|
|  | 405 | </p> | 
|---|
|  | 406 | <pre style="background-color:#DDDDDD; color:#000000"> | 
|---|
|  | 407 |  | 
|---|
|  | 408 | [Log] | 
|---|
|  | 409 | ExportSeverity=err | 
|---|
|  | 410 |  | 
|---|
|  | 411 | </pre> | 
|---|
|  | 412 |  | 
|---|
|  | 413 |  | 
|---|
|  | 414 | <h2>Databases and config files on the server</h2> | 
|---|
|  | 415 |  | 
|---|
|  | 416 | <p> | 
|---|
|  | 417 | The client does <i>not</i> tell the server the path to the requested | 
|---|
|  | 418 | file - it just requests a config or a database file. It's entirely the | 
|---|
|  | 419 | responsibility of the server to locate the correct file and send it. | 
|---|
|  | 420 | </p> | 
|---|
|  | 421 | <p> | 
|---|
|  | 422 | The server has a <i>data directory</i>, which by default would be | 
|---|
|  | 423 | <tt>/var/lib/yule</tt>, but depends on your compile options. | 
|---|
|  | 424 | </p> | 
|---|
|  | 425 | <p> | 
|---|
|  | 426 | Config files and baseline databases for clients must be located | 
|---|
|  | 427 | in this directory, and they must be named as follows: | 
|---|
|  | 428 | </p> | 
|---|
|  | 429 | <p> | 
|---|
|  | 430 | Configuration files: <tt>rc.</tt><i>client.mydomain.tld</i> or | 
|---|
|  | 431 | simply <tt>rc</tt> | 
|---|
|  | 432 | (this can be used as a catchall file). | 
|---|
|  | 433 | </p> | 
|---|
|  | 434 | <p> | 
|---|
|  | 435 | Database files: <tt>file.</tt><i>client.mydomain.tld</i> or | 
|---|
|  | 436 | simply <tt>file</tt> | 
|---|
|  | 437 | (this can be used as a catchall file). | 
|---|
|  | 438 | </p> | 
|---|
|  | 439 | </div> | 
|---|
|  | 440 | </body> | 
|---|
|  | 441 | </html> | 
|---|