1. Description

This module manages the main yule database and configuration for samhain. Also it is possible to deploy samhain to each host.

2. Quick start:

For the functionality of remote installation, database update and commands you need the ssh module installed. At this time only ssh-key authentification is supported.

2.1. Configure your Yule Server

This is only an example!
./configure \
--enable-static \
--enable-network=server \
--with-database=mysql \
--enable-xml-log \
--with-sender= \
--with-recipient=  \
--enable-udp \
You should use --with-trusted= if you want to use this module to send messages through yulectl and if you want remote installation.

2.2. Remote installation

!!!THE FOLLOWING STEPS ARE ONLY NEEDED IF YOU WANT TO DO REMOTE UPDATE/INSTALLATION!!! Be sure you do the following after the "make"-stuff:
  • create a group for yule
  • be sure the daemon (or the user which runs yule) and the webserver-user is member of this group
  • chown daemon:yule /etc/yulerc
  • chmod 660 /etc/yulerc
  • chown -R daemon:yule /var/lib/yule/
  • chmod 770 /var/lib/yule/
  • chmod 660 /varlib/yule/[f|r]*

  • Configure your Samhain Packages:
    ./configure \
    --enable-login-watch \
    --enable-mounts-check \
    --enable-static  \
    --enable-suidcheck  \
    --with-config-file=REQ_FROM_SERVER/etc/samhainrc \
    --with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file \
    --with-logserver= \
    --enable-network=client \
    --enable-xml-log \

    Now you can build several packages with make run|rpm|.... At this time only the linux packages run, rpm and deb (untested) are supported. Make a directory "install" in your yule data dir e.g: /var/lib/yule/install/ and take care that the webserver has read access to this directory and the files. Here you have to place your packages.