Prelude

NoteREQUIREMENTS
 

This facility requires that you have compiled with the --with-prelude option to include support for prelude. Of course you need the libprelude client library for this to work.

Timestamp messages will automatically be converted to Prelude heartbeat messages.

In order to register samhain as a Prelude sensor, you need to run on the Prelude manager the command: manager-adduser, and on the client the command sensor-adduser --sensorname Samhain --uid 0 --manager-addr x.x.x.x.

Both commands are interactive, and apparently should be run simultaneously, where manager-adduser will generate a 'one-shot password' that must be entered in sensor-adduser. This is how it looks on the Prelude manager:

bash$ manager-adduser


Generated one-shot password is "0ltdgbgy".

This password will be requested by "sensor-adduser" in order to connect.
Please remove the first and last quote from this password before using it.



- Waiting for install request from Prelude sensors...
- Connection from 127.0.0.1.
sensor choose to use PLAINTEXT communication method.
successfully created user calvin.

Sensor registered correctly.

And this is the dialog on the client:

bash$ sensor-adduser --sensorname Samhain --uid 0 --manager-addr 127.0.0.1


Now please start "manager-adduser" on the Manager host where
you wish to add the new user.

Please remember that you should call "sensor-adduser" for each configured
Manager entry.

Press enter when done.


Please use the one-shot password provided by the "manager-adduser" program.

Enter registration one shot password : 
Please confirm one shot password : 
connecting to Manager host (127.0.0.1:5553)... Succeeded.

Username to use to authenticate : calvin
Please enter a password for this user : 
Please re-enter the password (comfirm) : 
Register user "calvin" ? [y/n] : y
Plaintext account creation succeed with Prelude Manager.
Allocated ident for Samhain@somehost: 61534998304562071.

The libprelude client library has a configuration file /etc/prelude-sensors/sensors-default.conf where you can configure e.g. the network address of the Prelude manager.