Provided by: prelude-utils_4.1.0-4.2_amd64 bug

NAME

       prelude-admin - Manage agents accounts

SYNOPSIS

       prelude-admin <subcommand> [options] [args]

       prelude-admin add <profile name> [--uid UID] [--gid GID]

       prelude-admin chown <profile name> [--uid UID] [--gid GID]

       prelude-admin del <profile name>

       prelude-admin rename <profile name> <profile name>

       prelude-admin  register  <profile  name> <wanted permission> <registration-server address>
       [--uid UID] [--gid GID] [--passwd=PASSWD>] [--passwd-file=<FILE>]

       prelude-admin registration-server  <profile  name>  [--uid  UID]  [--gid  GID]  [--prompt]
       [--passwd=PASSWD>] [--passwd-file=<FILE>] [--keepalive] [--no-confirm] [--listen]

       prelude-admin revoke <profile> <analyzerID> [--uid UID] [--gid GID]

DESCRIPTION

       In  order  for an agent to communicate with a manager, it must be registered. Registration
       involves several steps:
        - Allocating a unique identity for the agent
        - Creating directory to be used by the agent (example: failover purpose)
        - Registering to a remote 'prelude-manager': get a  signed  X509  certificate  that  will
       allow communication between agent and manager using the specified permissions.

       All this information is stored in an agent profile.

       An  agent  profile  is  identified by its name. When an agent is started, it will load the
       profile of the same name as the program itself, that is, if your agent is named  "prelude-
       lml", the agent will load the profile named "prelude-lml".

       The   name   of   the   profile   can   be   overridden  using  the  '--prelude  --profile
       name_of_my_profile' command line option. It is possible to define the profile name so that
       you  can  have  several  instances  of one agent running with different permissions, using
       different profiles.

       Note that profiles are not specific to agents, but are used in all programs of the Prelude
       suite (agents, managers, etc).

       If  you  are  not  sure  which permission your agent should get, just start it and default
       permissions will be displayed.

OPTIONS

       <profile name> is the default name of the agent you are installing  or  your  own  defined
       name.

       If  you  start your agent without prior registration, a warning is displayed including the
       default profile name on how to register the agent.

       <requested permission> is the permission your agent needs. It is  composed  of  permission
       attributes  (idmef  or admin) and access type: read/write (r/w). By default, an agent need
       permissions for writing IDMEF to a manager, and reading administrative command sent to it.
       That is: "idmef:w admin:r".

       <manager  address>  is  the  address of the prelude-manager you wish to register. This can
       either be its IP address or its hostname. If you made a local installation, you can  write
       localhost to connect via unix socket.

       Remember to use the correct uid/gid when registering your agent. For instance, if you want
       to register snort (running with snort euid / egid), use --uid snort --gid snort.

       add <analyzer profile>
            Setup a new agent user.

            --uid=UID UID or user to use to setup agent files.

            --gid=GID GID or group to use to setup agent files.

       chown <analyzer profile>
            Change analyzer owner.

            --uid=UID UID or user to use to setup agent files.

            --gid=GID GID or group to use to setup agent files.

       del <analyzer profile>
            The delete command will remove the agent files created through  "add"  command.  Once
            this is done, the analyzer can't be used unless "register" or "add" is called again.

       rename <analyzer profile> <analyzer profile>
            Rename an existing analyzer.

       register <profile name> <wanted permission> <registration-server address>
            Register an analyzer.

            Register  and  create  the  analyzer  basic  setup if needed.  It will also configure
            communication of this analyzer with a receiving analyzer (like a Manager) through the
            specified registration-server.

            --uid=UID UID or user to use to setup analyzer files.

            --gid=GID GID or group to use to setup analyzer files.

            --passwd=PASSWD Use provided password instead of prompting it.

            --passwd-file=-|FILE Read password from file instead of prompting it (- for stdin).

       registration-server <profile name>
            Start  a  registration  server to register agents.  This is used in order to register
            'sending' analyzer to 'receiving' analyzer. <profile  name>  should  be  set  to  the
            profile  name  of  the  'receiving'  analyzer,  the one where 'sending' analyzer will
            register to.

            --uid=UID UID or user to use to setup 'receiving' analyzer files.

            --gid=GID GID or group to use to setup 'receiving' analyzer files.

            --prompt Prompt for a password instead of auto generating it.

            --passwd=PASSWD Use provided password instead of auto generating it.

            --passwd-file=-|FILE Read password from file instead of auto  generating  it  (-  for
            stdin).

            --keepalive Register analyzer in an infinite loop.

            --no-confirm Do not ask for confirmation on agent registration.

            --listen Address to listen on for registration request (default is any:5553).

       revoke <profile name>
            Revoke access to <profile> for the given analyzerID.

            --uid=UID UID or user to use to setup analyzer files.

            --gid=GID GID to group to use to setup analyzer files.

       --help
            Print help

AUTHOR

       This man page has been written by Frederic Motte

                                           19 June 2007                          prelude-admin(1)