Beltane is a web-based management console for the samhain/yule centralized file integrity / intrusion detection system. Within that system, yule is the central log server, while samhain is the client (or standalone) application to monitor file integrity (and eventually check for kernel-level rootkits or rogue SUID binaries).

Beltane is intended to be installed on the central log server, and to act as an administrative frontend. Beltane allows to

manage a database of installed clients (in XML format),
review client messages, acknowledge them interactively, and update the file signature databases of clients accordingly (i.e. without the need to run an update on the client).

Beltane takes advantage of the fact that samhain is designed to run as a daemon, and keeps a memory of file changes. Thus, if a file is modified, only one message is reported as long as the daemon runs. To avoid a new message when the daemon restarts, it is only neccessary to update the file signature database stored on the central server before the next restart of the daemon. All necessary information for this is provided in the daemon's report.

1.2. Notation and Conventions

This Handbook uses the following notation:

`/usr/bin`	Directory
`foo.sgml`	Filename
command	Command or text that would be typed.
`replaceable`	"Variable" text that can be replaced.
`Program or Doc Code`	Program or document code

1.3. About This Manual

This Manual is a guide for installing and using Beltane. It was written in DocBook(SGML) and is available in several formats including SGML and HTML.