1prelude-admin(1) General Commands Manual prelude-admin(1)
2
3
4
6 prelude-admin - Manage agents accounts
7
8
10 prelude-admin <subcommand> [options] [args]
11
12 prelude-admin add <profile name> [--uid UID] [--gid GID]
13
14 prelude-admin chown <profile name> [--uid UID] [--gid GID]
15
16 prelude-admin del <profile name>
17
18 prelude-admin rename <profile name> <profile name>
19
20 prelude-admin register <profile name> <wanted permission> <registra‐
21 tion-server address> [--uid UID] [--gid GID] [--passwd=PASSWD>]
22 [--passwd-file=<FILE>]
23
24 prelude-admin registration-server <profile name> [--uid UID] [--gid
25 GID] [--prompt] [--passwd=PASSWD>] [--passwd-file=<FILE>] [--keepalive]
26 [--no-confirm] [--listen]
27
28 prelude-admin revoke <profile> <analyzerID> [--uid UID] [--gid GID]
29
30
32 In order for an agent to communicate with a manager, it must be regis‐
33 tered. Registration involves several steps:
34 - Allocating an unique identity for the agent
35 - Creating directory to be used by the agent (example: failover pur‐
36 pose)
37 - Registering to a remote 'prelude-manager': get a signed X509 cer‐
38 tificate that will allow communication between agent and manager using
39 the specified permissions.
40
41 All these informations are stored in an agent profile.
42
43 An agent profile is identified by its name. When an agent is started,
44 it will load the profile of the same name as the program itself, that
45 is, if your agent is named "prelude-lml", the agent will load the pro‐
46 file named "prelude-lml".
47
48 The name of the profile can be overriden using the '--prelude --profile
49 name_of_my_profile' command line option. It is possible to define the
50 profile name so that you can have several instances of one agent run‐
51 ning with different permissions, using different profiles.
52
53 Note that profiles are not specific to agents, but are used in all pro‐
54 grams of the Prelude suite (agents, managers, etc).
55
56 If you are not sure which permission your agent should get, just start
57 it and default permissions will be displayed.
58
59
61 <profile name> is the default name of the agent you are installing or
62 your own defined name.
63
64 If you start your agent without prior registration, a warning is dis‐
65 played including the default profile name on how to register the agent.
66
67 <requested permission> is the permission your agent needs. It is com‐
68 posed of permission attributes (idmef or admin) and access type:
69 read/write (r/w). By default, an agent need permissions for writing
70 IDMEF to a manager, and reading administrative command sent to it. That
71 is : "idmef:w admin:r".
72
73 <manager address> is the address of the prelude-manager you wish to
74 register. this can either be its IP address or its hostname. If you
75 made a local installation, you can write localhost to connect via unix
76 socket.
77
78 Remember to use the correct uid/gid when registering your agent. For
79 instance, if you want to register snort (running with snort euid /
80 egid), use --uid snort --gid snort.
81
82
83 add <analyzer profile>
84 Setup a new agent user.
85
86 --uid=UID UID or user to use to setup agent files.
87
88 --gid=GID GID or group to use to setup agent files.
89
90
91
92 chown <analyzer profile>
93 Change analyzer owner.
94
95 --uid=UID UID or user to use to setup agent files.
96
97 --gid=GID GID or group to use to setup agent files.
98
99
100
101 del <analyzer profile>
102 The delete command will remove the agent files created through
103 "add" command. Once this is done, the analyzer can't be used
104 unless "register" or "add" is called again.
105
106
107
108 rename <analyzer profile> <analyzer profile>
109 Rename an existing analyzer.
110
111
112
113 register <profile name> <wanted permission> <registration-server
114 address>
115 Register an analyzer.
116
117 Register and create the analyzer basic setup if needed. It will
118 also configure communication of this analyzer with a receiving
119 analyzer (like a Manager) through the specified registration-
120 server.
121
122 --uid=UID UID or user to use to setup analyzer files.
123
124 --gid=GID GID or group to use to setup analyzer files.
125
126 --passwd=PASSWD Use provided password instead of prompting it.
127
128 --passwd-file=-|FILE Read password from file instead of prompting
129 it (- for stdin).
130
131
132
133 registration-server <profile name>
134 Start a registration server to register agents. This is used in
135 order to register 'sending' analyzer to 'receiving' analyzer.
136 <profile name> should be set to the profile name of the
137
138 --uid=UID UID or user to use to setup 'receiving' analyzer files.
139
140 --gid=GID GID or group to use to setup 'receiving' analyzer files.
141
142 --prompt Prompt for a password instead of auto generating it.
143
144 --passwd=PASSWD Use provided password instead of auto generating
145 it.
146
147 --passwd-file=-|FILE Read password from file instead of auto gen‐
148 erating it (- for stdin).
149
150 --keepalive Register analyzer in an infinite loop.
151
152 --no-confirm Do not ask for confirmation on agent registration.
153
154 --listen Address to listen on for registration request (default is
155 any:5553).
156
157
158 revoke <profile name>
159 Revoke access to <profile> for the given analyzerID.
160
161 --uid=UID UID or user to use to setup analyzer files.
162
163 --gid=GID GID to group to use to setup analyzer files.
164
165
166 --help
167 Print help
168
169
171 This man page has been written by Frederic Motte
172
173
174
175 19 June 2007 prelude-admin(1)