15. Clients

This section is relevant for yule only. Section heading:

[Clients]

Entries must be of the form:

Client= hostname@salt@verifier

See Section 3 on how to compute a valid entry.

The hostname must be the same name that the client retrieves from the host on which it runs. Usually, this will be a fully qualified hostname, no numerical address. However, there is no method that guarantees to yield the fully qualified hostname (it is not even guaranteed that a host has one ...). The only way to know for sure is to set up the client, and check whether the connection is refused by the server with a message like Connection attempt from unregistered host hostname In that case, hostname is what you should use.

[Warning]CAVEAT

Problems and oddities encountered in client/server setups (like client messages from 127.0.0.1, server warnings about unknown/unresolved peer, etc. are always(at least so far) due to incorrect configuration of the DNS or the /etc/hosts file.

A surprisingly large number of hosts are not able to determine the own hostname, or reverse lookup adresses on the own local network. Don't bother asking about such problems — fix your DNS.

Alias= alias@hostname — This option allows to define an alias for a hostname, which is evaluated when the 'SetClientFromAccept' option is active. This may be used to fix the problem that the remote samhain client reports itself with different hostname than known to the network layer on the side of the yule server, which e.g. may happen if you route the samhain traffic through a secondary management network that is different from the primary network of the system.