SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files 
|     __|   |   |.---.-.|    |  |_     _|
|__     |       ||  _  ||       | |   |

|_______|__|_|__||___._||__|____| |___|

What is SMaNT?

  • It aims to be SMaNT is the Systems Management And Network Toolkit. It's easy to develop dynamic plugins allow for interactive or scripted remote access and configuration of a server or groups of servers via almost any GUI or from the command line in real time.
  • It is now Right now it allows you to run arbitrary scripts on a server in which the smantd daemon is running. It has a nice SSL encryption and key based authentication system that allow for the to be accomplished securly.

For instance, I have a seperate mail and web server. I built a simple PHP interface so that users can modify thier Qmail and Vpopmail virtual domains via the web. The PHP code execs the client-ssl program (located in the clients/ subir) and pushes changes to the smant server, or pulls information from it.

It has also proven to be very usfull for me when I am writing bash scripts that also need to make changes on a remote server non-interactivly.

How do I use it?

  • Setup
    • RPM If you downloaded the RPM, make sure you also downloaded the smant-lib rpm, and install it first. SMaNT requires it to run.

      After rpm -Uvh smant-ver.rpm, look in the /etc directory for the smantd.conf file. See section Configuration below for more.

    • Source Make sure you have downloaded and install the sman-lib source package. SMaNT requires it to run. Untar and unzip the source, and cd into the smant-serv dir then do the following: ./bootstrap ./configure make make install Then locate the smantd.conf file, probably in your /usr/local/etc dir.
    • Configuration Edit the smantd.conf file. MAKE SURE the paths are valid, and that you follow the instruction in it. Generate a pair of keys for you server, and for you client. this can be done with the script provided in the keys/ subdir. For example: ./gencert.sh serv (to generate a keypair for your server) ./gencert.sh cli (to generate a keypair for your client) If your smantd.conf is in /etc then put all the keys in your /etc/smant/keys dir. If your smantd.conf is in /usr/local/etc then they do into /usr/local/etc/smant/keys.

      Bot the smant daemon and the client(s) will look for thier corresponding keys in this directory.

      Make sure that the user running smant (defined in the smantd.conf) has access to the smant log files (defined in the smantd.conf).

      Finally, to make it dance, just put a custom shell script into /etc/smant/plugins/scripts or /usr/local/etc/smant/plugins/scripts (depending on where it installed) and use the client to execute it. You can follow the example located in the scripts directory named gen.sh. To use gen.sh we would do this. ./client-ssl 9000 192.168.1.1 generic gen "ls -la" ^ ^ ^ ^ ^ ^ | | | | | |- MSG (this will be | | | | | passed as an argument | | | | | to gen.sh) | | | | |- Type (for libsmant-generic | | | | this is the name of the script | | | | to exec minus the .sh) | | | | | | | |- name of plugin (libsmant-generic) | | | | | |- IP of smantd daemon | | | |- The Port | |- The client

      This should get your SMaNT system running.

I don't get it!

  • I dont blame you This README is probably a little sketchy, bu I promise more comprehensive documentation is on the way.

Why not use WebMin or LinuxConf?

  • I wasn't hapy with webmin or linuxconf. Neither really allow for multiple interfaces for one daemon, or configuration across multiple machines or platforms. SMaNT is ideal for administrating machines that the client does not run on. I usually don't run apache on my mail servers. Why not? you ask?, becuase it's a mail server, and I already have a webserver. This is an ideal situation for SMaNT

Is this not a Unicenter Clone?

  • Could be I heard that Unicenter does all sorts of things, just like smant, but since I couldnt pay the thousands of dollars for licenes, I have really never seen it.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! PROTECT YOUR KEYS !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

This cannot be stressed enough. Smant's authentication relys on key based authentication. If you keys are compromised then your Smant server may become compromised. Make sure and chmod 400 your keys!

PLEASE try not to run Smant as root.
In most cases you can
get away with running it as it's own uid, or the uid of the files/directories you need access to.
PLEASE try not to run Smant as root.

#################################
# Key Management #
#################################

First, you must specifiy where you are keeping your keys, this can me done by editing /etc/smant/smantd.conf . Once this is done, put all your clients certs in the file you specified in smantd.conf as "cacert", the defaults looks like this:
cacert = cli-cacert.pem
After adding or changing any of the client keys, smant should be restarted.


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.