Beltane II

This is version 2.5 of the Beltane II Manual.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. You may obtain a copy of the GNU Free Documentation License from the Free Software Foundation by visiting their Web site or by writing to: Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

This manual refers to Beltane II version 2.5.0.

Table of Contents

1. Introduction
1.1. Purpose
1.2. Backward compatibility
1.3. Notation and Conventions
1.4. About This Manual
2. Installing Beltane
2.1. System Requirements
2.2. Usage Requirements
2.3. Configure
2.4. Installation
2.5. Fixing filesystem access permissions
2.6. Postinstallation configuration
2.7. Upgrading
2.8. Security
2.9. Backups
2.10. Samhain configuration
3. Functions
3.1. The menu panel
3.2. The Clients panel
3.3. The Messages panel
4. Interactive configuration of beltane
4.1. Administrative
4.2. Files and Utilities
4.3. Database
4.4. Display
4.5. Filters
4.6. GnuPG
4.7. Users
4.8. Additional users
5. Using LDAP for login
6. Defining groups for hosts and users
7. Change Control Process Integration
8. Troubleshooting
8.1. Other potential problems
8.2. Obscure problems
9. Performance issues and scalability
9.1. Browser becomes unresponsive
9.2. PHP process runs into resource limits
9.3. Beltane becomes very slow with large database
10. Files and directories
11. Known Bugs and Issues
12. License
13. Configuring Apache for SSL
13.1. Create self-signed certificate
13.2. Configure Apache
14. Regular Expression Summary
14.1. Quantifiers
14.2. Metacharacters
14.3. Examples

1. Introduction

1.1. Purpose

Beltaneis a web-based management console for the samhain/ yulecentralized file integrity / intrusion detection system. Within that system, yuleis the central log server, while samhainis the client (or standalone) application to monitor file integrity (and eventually check for kernel-level rootkits or rogue SUID binaries).

Beltaneis intended to be installed on the central log server, and to act as an administrative frontend. Beltaneallows to

  • manage a database of installed clients (in XML format),

  • review client messages, acknowledge them interactively, and update the file signature databases of clients accordingly (i.e. without the need to run an update on the client).

Beltanetakes advantage of the fact that samhainis designed to run as a daemon, and keeps a memory of file changes. Thus, if a file is modified, only one message is reported as long as the daemon runs. To avoid a new message when the daemon restarts, it is only neccessary to update the file signature database stored on the central server before the next restart of the daemon. All necessary information for this is provided in the daemon's report.

1.2. Backward compatibility

Samhain version 4.0 introduces a change in the baseline database format. This does not affect the client/server communication, i.e. it is possible to mix pre-4.0 and 4.0+ clients and server.

If you are using the Beltane II WebGUI, you need version 2.5+ to handle the new database format.

Finally, if you are planning to make use of the new features for integrating samhain into your change control process, you will need Samhain version 4.0+ for clients and sever, and Beltane II version 2.5+.

1.3. Notation and Conventions

This Handbook uses the following notation:

/usr/bin Directory
foo.sgml Filename
command Command or text that would be typed.
replaceable "Variable" text that can be replaced.
Program or Doc Code Program or document code

1.4. About This Manual

This Manual is a guide for installing and using Beltane. It was written in DocBook(XML) and is available in several formats including XML and HTML.