ARS Config
From M@Wiki
Main Page | About | Help | FAQ | Special pages | Log in

Category: ARS
Printable version | Disclaimers | Privacy policy

This page describes configuration options for ARS. The versions of the tools this was written for are noted here for reference only.

Contents

Automagic Registration System v2.0 Config

Registration APPlication (rapp.pl) v2.3

  • $OFF = 0; If this is set to 1, new registrations will be disabled.
  • $NAME = "tiger"; This names the RAPP instance so that registration data can be tagged, and proper configuration data can be retrieved. If you're not using the $VLAN setting, this too should also be set to the same thing on all of your appliances.
  • $FIELDS{fieldname}= [n,"Field Name",s]; This defines a field for the form, with the database name of 'fieldname'. If 'n' is 1, the field is required, if it's 0 then it is not. "Field Name" is the field label as presented to the user. 's' is the "maxsize" as set by the form. Exceptin is the 'comments' field which is a text area, so it takes a columns and rows size such as $FIELDS{comments} = [0, "Comments (\<300 Words)", 5, 30];
  • $make_dropdown = 1; If you want the "make" field to use a dropdown list.
  • @make_list=("Compaq","Gateway","Other"); The list of values for the 'make' field dropdown.
  • $type_dropdown = 1; If you want the "type" field to use a dropdown list.
  • @type_list=("Desktop","Laptop","Other"); The list of values for the 'type' field dropdown.
  • $os_dropdown = 1; If you want the 'os' field to use a dropdown list.
  • @os_list=("Windows","GNU/Linux","Other"); The list of values for the 'os' field dropdown.
  • $comments_textarea = 1; If you want to use a textarea instead of a textfield for the 'comments' field.
  • $fields_per_line = 2; Set the number of fields-per-line. Note that if "comments" are being used and $comments_textarea=1, comments has its own line. "comments" should always be last for this reason.
  • $SAQ = 0; SAQ creates an Approval Queue to provide people who want it, with the ability to approve or reject system registrations. Overridden registrations are auto-approved.
  • $SAQ_PASSWORD = "*OBSCURE*"; The override password. Registrants entering this password will be challeged to authenticate themselves. If they are on the SAQ_USERS list in the database, and properly authenticate, the registration will be allowed. The intended user's username should be entered in the "username" box on the main form. After registration, the authenticated SAQ_USER's username is entered in the registration record's "proxy" field.
  • $SCAN = 0; If you want to make a "clean scan" of a system a condition for registration set this to 1. See the docs on Brutal for more info.
  • $POSTREG_SCAN = 0; If you would like registered users who come back to the registration page to scan themselves, set this to 1. $SCAN must also be set to 1.
  • $POSTREG_REMOVE = 1; If you would like registered users who come back to the registration page to unregister themselves, set this to 1.
  • $ENFORCE_CERTAIN_SERIALS=0; If you want to verify the syntax of serial number by the user-selected "make", set this to 1.
  • @ENFORCED_SERIALS=('Gateway','Apple'); This is a list of 'makes' to check the seral number syntax for, if $ENFORCE_CERTAIN_SERIALS=1.
  • $VLAN = 42; The VLAN tag for this network/subnetwork. If you want a system registered on one network to be auto-registered for all networks, set this to 0 (or any consistent number) on all of your appliances. This has no impact on packet-level VLAN tags. It's for database sorting only.

Brutal (brutal, Medusa::Brutal) v2.0

  • All Brutal configs can be overriden from the Brutal driver or scripts that use Medusa::Brutal, but are set in Medusa::Config by default.

Shelob v2.0

  • $nortel_autodiscovery = 0; If you're using Nortel Baystack or Passport gear, you can set this to 1 and by providing only the core switches on your network to @root, Shelob will learn the topology of your entire network. For heterogeneous deployments, you'll need to provide the address of each Nortel device that's connected to an inner non-Nortel device.
  • @root=('sw1.yournet.com','sw2.yournet.com'); This array contains a list of IP names and/or IP addresses of all edge switches. The exception is if you have $nortel_autodiscovery = 1, then only the core switches need to be specified here.
  • $snmp_ro_community = "public"; SNMPv2 Read-Only Community Name

awlogd (awlogd) v2.1

  • $SYSLOG = "/var/log/messages"; The name of the file to keep an eye on.
  • $awlog_db_host = "db.yourhost.com"; The IP name or IP address of your database server.
  • $awlog_db_username = "awu"; The username for awlogd to log in to your database server as. (Must have INSERT, UPDATE and SELECT rights to the "ARPWATCH" table).
  • $awlog_db_password = "veryfunny"; The password that goes with the aforementioned username.
  • $awlog_db_name = "medusa"; The name of the database that contains the ARPWATCH table on $awlog_db_host.
  • $VLAN = 42; The VLAN tag for this network/subnetwork. This has no impact on packet-level VLAN tags. It's for database sorting only.
  • @excludes=("00:07:E9:06:7D:BC","12:12:12:12:12:12"); Ethernet addresses to ignore. The addresses of your appliance should be here.

AMI (Medusa::CGI) v2.5

  • force_ssl=1; Turn this off if you don't want to force the AMI applications to only allow execution when SSLized.

Local System Globals (Medusa::Config) v2.1

Common

  • $DB_HOST="db.yourhost.com"; The IP name or IP address of your database server.
  • $DB_NAME="medusa"; The name of the database, on the database server.

AMI-specific

  • $ami_db_host = $DB_HOST; The IP name or IP address of your database server, as used by AMI.
  • $ami_db_username = "ami"; The username for AMI to log into the database server as. (Must have SELECT, INSERT, UPDATE, and DELETE rights to the whole database).
  • $ami_db_password = "hahaha"; The password that goes with the aforementioned username.
  • $ami_db_name = $DB_NAME; The name of the database, on the database server, as used by AMI.

RAPP-specific

  • $rapp_db_host = $DB_HOST; The IP name or IP address of your database server, as used by RAPP.
  • $rapp_db_username = "rapp"; The username for RAPP to log into the database server as. (Must have SELECT, INSERT, UPDATE, and DELETE rights to the whole database. DELETE rights can be removed if RAPP's $POSTREG_REMOVE = 0; TODO: Rights to tables other than REG can be modded down).
  • $rapp_db_password = "nicetry"; The password that goes with the aforementioned username.
  • $rapp_db_name = $DB_NAME; The name of the database, on the database server, as used by RAPP.

Brutal/Medusa::Brutal-using-specific

  • $brutal_db_host = $DB_HOST; The IP name or IP address of your database server, as used by Brutal/Medusa::Brutal
  • $brutal_db_username = "brutal"; The username for Brutal/Medusa::Brutal to log into the database server as. TODO: Permissions.
  • $brutal_db_password = "notlikely"; The password that goes with the aforementioned username.
  • $brutal_db_name = $DB_NAME; The name of the database, on the database server, as used by Brutal/Medusa::Brutal.
  • $brutal_scanner_host = "localhost"; The IP name or IP address of the vulerability scanning host. Not used if $brutal_use_rr = 1;
  • $brutal_scanner_username = 'brutal'; The username, if necessary, required to log into the security scanner server.
  • $brutal_scanner_password = 'uhuh'; The password, if necessary, required to log into the security scanner server.
  • $brutal_scanner_ssl = 1; If relevant/supported, use SSL/TLS to connect to the security scanner server.
  • $brutal_with_openmosix = 0; If Brutal/Medusa::Brutal applications are running on an OpenMOSIX cluster and this is set to 1, certain perfomance-enhancing and cluster-safety code is run.
  • $brutal_fork = 0; When scanning more than one system, it may be desirable to fork the Brutal/Medusa::Brutal application for each system being scanned. Setting this to 1 does that.
  • $brutal_use_rr = 0; If you have multiple security scanner servers, and would like Brutal/Medusa::Brutal applications to access them sequentially (round-robin) per-scan, set this to 1.
  • $brutal_randomize_rr = 0; By default, if $brutal_use_rr = 1, then the servers are accessed in a "round-robin" (eq. sequential) manner from the list. When scanning large numbers of systems, this might be ok, but if you're just scanning on per session (such as via RAPP), you'll always be connecting to the first in the list. Setting this to 1 causes a random server to be picked from the list.
  • $brutal_ids_use = 0; By default, Brutal/Medusa::Brutal applications hit their targets with every relevant attack. If you set this to one, Brutal/Medusa::Brutal will use Medusa::Brutal::ids which exports a list of attack ids to run.
  • @brutal_rr_hosts =(); It is not recommended that you set this in Medusa::Config, but rather override its values inside of Brutal/Medusa::Brutal applications. This is the list of security scanner servers users if $brutal_use_rr = 1.

Shelob-specific

  • $shelob_db_host = $DB_HOST; The IP name or IP address of your database server, as used by Shelob
  • $shelob_db_username = "shelob"; The username for Shelob to log into the database server as. TODO: Permissions.
  • $shelob_db_password = "nope"; The password that goes with the aforementioned username.
  • $shelob_db_name = $DB_NAME; The name of the database, on the database server, as used by Shelob.

Retrieved from "http://mattwork.potsdam.edu/projects/wiki/index.php/ARS_Config"

This page has been accessed 1,109 times. This page was last modified 15:43, 24 April 2006.