Beltane II

This is version 2.3 of the Beltane II Manual.

Table of Contents
1. Introduction
1.1. Purpose
1.2. Notation and Conventions
1.3. About This Manual
2. Installing Beltane
2.1. System Requirements
2.2. Usage Requirements
2.3. Configure
2.4. Installation
2.5. Fixing filesystem access permissions
2.6. Postinstallation configuration
2.7. Upgrading
2.8. Security
2.9. Backups
2.10. Samhain configuration
3. Functions
3.1. The menu panel
3.2. The Clients panel
3.3. The Messages panel
4. Interactive configuration of beltane
4.1. Administrative
4.2. Files and Utilities
4.3. Database
4.4. Display
4.5. Filters
4.6. GnuPG
4.7. Users
4.8. Additional users
5. Using LDAP for login
6. Defining groups for hosts and users
7. Troubleshooting
7.1. Other popular problems
7.2. Obscure problems
8. Performance issues and scalability
8.1. Browser becomes unresponsive
8.2. PHP process runs into resource limits
8.3. Beltane becomes very slow with large database
9. Files and directories
10. Known Bugs and Issues
11. License
12. Configuring Apache for SSL
12.1. Create self-signed certificate
12.2. Configure Apache
13. Regular Expression Summary
13.1. Quantifiers
13.2. Metacharacters
13.3. Examples

1. Introduction

1.1. Purpose

Beltane is a web-based management console for the samhain/yule centralized file integrity / intrusion detection system. Within that system, yule is the central log server, while samhain is the client (or standalone) application to monitor file integrity (and eventually check for kernel-level rootkits or rogue SUID binaries).

Beltane is intended to be installed on the central log server, and to act as an administrative frontend. Beltane allows to

  • manage a database of installed clients (in XML format),

  • review client messages, acknowledge them interactively, and update the file signature databases of clients accordingly (i.e. without the need to run an update on the client).

Beltane takes advantage of the fact that samhain is designed to run as a daemon, and keeps a memory of file changes. Thus, if a file is modified, only one message is reported as long as the daemon runs. To avoid a new message when the daemon restarts, it is only neccessary to update the file signature database stored on the central server before the next restart of the daemon. All necessary information for this is provided in the daemon's report.

1.2. Notation and Conventions

This Handbook uses the following notation:

/usr/bin Directory
foo.sgml Filename
command Command or text that would be typed.
replaceable "Variable" text that can be replaced.
Program or Doc Code Program or document code

1.3. About This Manual

This Manual is a guide for installing and using Beltane. It was written in DocBook(SGML) and is available in several formats including SGML and HTML.