Clients must be registered with yule to make a connection. Connection attempts by unknown clients will be rejected. The respective section in the server configuration file looks like:
[Clients] # # A client # Client=HOSTNAME_CLIENT1@salt1@verifier1 # # another one # Client=HOSTNAME_CLIENT2@salt2@verifier2 #
These entries have to be computed in the following way:
Choose a password(16 chars hexadecimal, i.e. only 0 - 9, a - f, A - F allowed. To generate a random password, you may use:
Use the program samhain_setpwd to reset the password in the compiled client binary (that is, samhain, not yule ) to the one you have chosen. samhain_setpwd takes three arguments: (1) the binary name, (2) an extension to append to the new binary, and (3) the password. It will read the executable binary (argument 1), insert the password (argument 3), and write a modified binary with the specified extension (argument 2). Run samhain_setpwd without arguments for usage information. Example:
samhain_setpwd samhain EXT 0123456789ABCDEF
Use the server's convenience function '-P' to create a registration entry. Example:
yule -P 0123456789ABCDEF
The output will look like:
You now have to replace HOSTNAME with the fully qualified domain name of the host on which the client should run ( exception: if the server cannot determine the fully qualified hostname, you may need to use the numerical address instead. You will see the problem in a 'Connection refused' message from the server).
Put the registration entry into the servers's configuration file, under the section heading [Clients](see Section 3 ). You need to send SIGHUP to the server for the new entry to take effect.
Repeat steps (1) -- (5) for any number of clients you need (actually, you need a registration entry for each client's host, but you don't neccesarily need different passwords for each client. I.e. you may skip steps (1) -- (3)).
If you have a default directory layout, a [Clients] section right at the end of the server config file, and your client is client.mydomain.com, then you could e.g. do:
samhain_setpwd samhain new $PASSWD
scp samhain.new firstname.lastname@example.org:/usr/local/sbin/samhain
ENTRY=`yule -P $PASSWD | sed s%HOSTNAME%client.mydomain.com%`
echo $ENTRY >>/etc/yulerc
kill -HUP `cat /var/run/yule.pid`