Browse Source

Changed snfilter user and group to snfuser. Tested on Ubuntu.


git-svn-id: https://svn.microneil.com/svn/PKG-SNF-CS-NIX/trunk@58 233e721a-07f6-49eb-a7da-05e0e16828fc
master
adeniz 13 years ago
parent
commit
ab7f2137af

+ 29
- 29
SNF_CS_Developer_Package/INSTALL View File



1) Check prerequisites. 1) Check prerequisites.


2) Create the snfilter user and group.
2) Create the snfuser user and group.


3) Build and install the SNFServer package (using a tarball or a 3) Build and install the SNFServer package (using a tarball or a
package). package).


1) The program curl must be installed. 1) The program curl must be installed.


Creating the snfilter user and group
************************************
Creating the snfuser user and group
***********************************


Before installing, the snfilter user and group must be created. For
increased security, snfilter user has no shell.
Before installing, the snfuser user and group must be created. For
increased security, snfuser user has no shell.


OS-specific issues-- OS-specific issues--


The commands to create the snfilter user and group are OS dependent.
The commands to create the snfuser user and group are OS dependent.
For your convenience, the commands for creating the user and group for For your convenience, the commands for creating the user and group for
varous OSes are listed here. However, no guarantee is made that these varous OSes are listed here. However, no guarantee is made that these
commands will work on your system; please refer to your system commands will work on your system; please refer to your system


1) OpenBSD: 1) OpenBSD:


a) 'useradd -g =uid -m -c "SNFServer Account" -s /bin/false snfilter'.
a) 'useradd -g =uid -m -c "Sniffer Account" -s /bin/false snfuser'.


2) Ubuntu: 2) Ubuntu:


a) 'adduser --gecos "SNFServer Account" --no-create-home --shell /bin/false snfilter'.
a) 'adduser --gecos "Sniffer Account" --no-create-home --shell /bin/false snfuser'.


3) RedHat (and variants such as Fedora and CentOS): 3) RedHat (and variants such as Fedora and CentOS):


a) 'adduser --comment "SNFServer Account" -M --shell /bin/false snfilter'
a) 'adduser --comment "Sniffer Account" -M --shell /bin/false snfuser'


4) Suse: 4) Suse:


a) 'groupadd snfilter'
a) 'groupadd snfuser'


b) 'useradd -c "SNFServer Account" -s /bin/false -g snfilter snfilter'
b) 'useradd -c "Sniffer Account" -s /bin/false -g snfuser snfuser'


5) FreeBSD: 5) FreeBSD:


a) 'pw user add -c "SNFServer Account" -n snfilter -w no -s /bin/false'
a) 'pw user add -c "Sniffer Account" -n snfuser -w no -s /bin/false'


Building and installing SNFServer Building and installing SNFServer
********************************* *********************************


If desired for security purposes, restrict the permissions of If desired for security purposes, restrict the permissions of
SNFServer.xml. For example, to make SNFServer.xml readonly by SNFServer.xml. For example, to make SNFServer.xml readonly by
only the snfilter user and snfilter group, enter the following:
only the snfuser user and snfuser group, enter the following:


chmod 440 SNFServer.xml chmod 440 SNFServer.xml


license ID and authentication attributes of the <identity> element. license ID and authentication attributes of the <identity> element.
If desired for security purposes, restrict the permissions of If desired for security purposes, restrict the permissions of
identity.xml. For example, to make identity.xml readonly by only identity.xml. For example, to make identity.xml readonly by only
snfilter, enter the following:
snfuser, enter the following:


chmod 400 identity.xml chmod 400 identity.xml


iii) Any other changes as necessary if the default directories iii) Any other changes as necessary if the default directories
are not used. are not used.


b) Ensure that getRulebase is executable by the snfilter user.
b) Ensure that getRulebase is executable by the snfuser user.
This can be done with the command: This can be done with the command:


chmod +x getRulebase chmod +x getRulebase


5) Ensure that the snfilter user has read/write access to the files
5) Ensure that the snfuser user has read/write access to the files
in workspace (default: /usr/share/snf-server or in workspace (default: /usr/share/snf-server or
/usr/local/share/snf-server) and configuration directory (default: /usr/local/share/snf-server) and configuration directory (default:
/etc/snf-server). To grant this access, enter the following command,
as the root user:
/etc/snf-server). To grant this access, enter the following
command, as the root user:


chown -R snfilter:snfilter /usr/share/snf-server
chown -R snfuser:snfuser /usr/share/snf-server


chown -R snfilter:snfilter /etc/snf-server
chown -R snfuser:snfuser /etc/snf-server


As you modify files in these directories, please ensure that the As you modify files in these directories, please ensure that the
read/write permissions for snfilter is maintained.
read/write permissions for snfuser is maintained.


6) Create the logfile directory, and ensure the snfilter user has
6) Create the logfile directory, and ensure the snfuser user has
read/write access to it: read/write access to it:


mkdir /var/log/snf-server mkdir /var/log/snf-server


chown snfilter:snfilter /var/log/snf-server
chown snfuser:snfuser /var/log/snf-server


chmod 755 /var/log/snf-server chmod 755 /var/log/snf-server




b) 'touch UpdateReady.txt'. b) 'touch UpdateReady.txt'.


c) 'chown snfilter UpdateReady.txt'.
c) 'chown snfuser UpdateReady.txt'.


d) 'su -m snfilter -c "/usr/sbin/getRulebase"'. If getRulebase
is in a different directory, this command should be changed
d) 'su -m snfuser -c "/usr/sbin/getRulebase"'. If getRulebase is
in a different directory, this command should be changed
accordingly. accordingly.


OS-specific issues-- OS-specific issues--


cp snfSniffer.sample snfSniffer cp snfSniffer.sample snfSniffer


chown snfilter snfSniffer
chown snfuser snfSniffer


chmod 550 snfSniffer chmod 550 snfSniffer


also add: also add:


'snfilter unix - n n - 10 pipe' 'snfilter unix - n n - 10 pipe'
' flags=Rq user=snfilter argv=/usr/sbin/snfSniffer'
' flags=Rq user=snfuser argv=/usr/sbin/snfSniffer'
' -f ${sender} -- ${recipient}' ' -f ${sender} -- ${recipient}'


to master.cf. Specify the directory snfSniffer is in if not to master.cf. Specify the directory snfSniffer is in if not


cp snfSnifferFilter.sample snfSnifferFilter cp snfSnifferFilter.sample snfSnifferFilter


chown snfilter snfSnifferFilter
chown snfuser snfSnifferFilter


chmod 550 snfSnifferFilter chmod 550 snfSnifferFilter



+ 2
- 2
SNF_CS_Developer_Package/Scripts/snf-server.freebsd View File

rcvar=`set_rcvar` rcvar=`set_rcvar`
required_dirs=$dir required_dirs=$dir
required_files="$dir/$productionProg $dir/$clientProg $configFile" required_files="$dir/$productionProg $dir/$clientProg $configFile"
snfserver_user=snfilter
snfserver_group=snfilter
snfserver_user=snfuser
snfserver_group=snfuser


# Start in a directory that is writable. # Start in a directory that is writable.
snfserver_chdir=PREFIX/share/PACKAGE_NAME snfserver_chdir=PREFIX/share/PACKAGE_NAME

+ 1
- 1
SNF_CS_Developer_Package/Scripts/snf-server.openbsd View File

clientProg="SNFClient" clientProg="SNFClient"


# Name of user to run as. # Name of user to run as.
userName="snfilter"
userName="snfuser"


# #
# Function to create the mode file. # Function to create the mode file.

+ 1
- 1
SNF_CS_Developer_Package/Scripts/snf-server.redhat View File

clientProg="SNFClient" clientProg="SNFClient"


# Name of user to run as. # Name of user to run as.
userName="snfilter"
userName="snfuser"


# Name of lockfile. # Name of lockfile.
lockFile="/var/lock/subsys/PACKAGE_NAME" lockFile="/var/lock/subsys/PACKAGE_NAME"

+ 1
- 1
SNF_CS_Developer_Package/Scripts/snf-server.suse View File

clientProg="SNFClient" clientProg="SNFClient"


# Name of user to run as. # Name of user to run as.
userName="snfilter"
userName="snfuser"


# Name of lockfile. # Name of lockfile.
lockFile="/var/lock/subsys/$productionProg" lockFile="/var/lock/subsys/$productionProg"

+ 1
- 1
SNF_CS_Developer_Package/Scripts/snf-server.ubuntu View File

clientProg="SNFClient" clientProg="SNFClient"


# Name of user to run as. # Name of user to run as.
userName="snfilter"
userName="snfuser"


# Name of group. # Name of group.
groupName=$userName groupName=$userName

Loading…
Cancel
Save