| 1 | Short description of Evidence control system
|
|---|
| 2 |
|
|---|
| 3 | This directory contains the backbone of the control system.
|
|---|
| 4 |
|
|---|
| 5 | Config is the configuration server and needs to run before any other DIM
|
|---|
| 6 | server that requests configuration information is started (if a configuration
|
|---|
| 7 | request cannot be answered, a server will normally not start). A configuration
|
|---|
| 8 | file can be given on the command line.
|
|---|
| 9 |
|
|---|
| 10 | DColl is the central data collector. It subscribes to all services handled by
|
|---|
| 11 | the name server and writes them to disk (except those excluded in the
|
|---|
| 12 | configuration file). It also provides a history service for all DIM services
|
|---|
| 13 | and a command for logging.
|
|---|
| 14 |
|
|---|
| 15 | Alarm can be configured to check all servers for availability and status and
|
|---|
| 16 | can produce a master alarm.
|
|---|
| 17 |
|
|---|
| 18 | The DIMDIR environment variable needs to point to the DIM installation directory
|
|---|
| 19 | when compiling. DIM_DNS_NODE must point to the name server for any DIM server
|
|---|
| 20 | to run.
|
|---|
| 21 |
|
|---|
| 22 |
|
|---|
| 23 | Version history
|
|---|
| 24 | ---------------
|
|---|
| 25 |
|
|---|
| 26 | 19/5/2010 Service histories now available via DimRpc from DColl, not via .hist service
|
|---|
| 27 | When regular expression compiling results in error, State is set to ERROR, not
|
|---|
| 28 | FATAL. The erroneous expression is ignored in the following.
|
|---|
| 29 | 25/5/2010 Service history remains available if service itself become unavailable. If not
|
|---|
| 30 | yet in memory, reading from file is tried. Improved error handling of
|
|---|
| 31 | history files.
|
|---|
| 32 | 28/5/2010 Changed name of 'State' service to 'Message' to better reflect its functionality.
|
|---|
| 33 | Added client information to log file entries.
|
|---|
| 34 | 30/5/2010 Created Bridge server that repeats services from one DNS to another.
|
|---|
| 35 | Service quality now also written to slow data file.
|
|---|
| 36 | 31/5/2010 Configuration file format follows semi-standard INI format.
|
|---|
| 37 | 7/6/2010 Separated History service from DColl. History format changed, now includes
|
|---|
| 38 | service format (allows history access also when service is unavailable).
|
|---|
| 39 | 11/6/2010 Bridge does not forward history service
|
|---|
| 40 | 17/6/2010 Added SendToLog() method. Changed severity encoding of Message service to
|
|---|
| 41 | use standard DIM structure of format "I:1;C"
|
|---|
| 42 | 18/6/2010 Alarm server configuration accepts now one email address per server. A new
|
|---|
| 43 | service for each observed server SERVERNAME/AlarmLevel contains the highest
|
|---|
| 44 | level that occurred in the past. Reset of alarm level only via a DIM command.
|
|---|
| 45 | 19/6/2010 ToString() now returns std::string
|
|---|
| 46 | 23/6/2010 GetConfig() returns std::string. Non-blocking configuration request in case
|
|---|
| 47 | GetConfig() not called from main thread. Access to configuration information
|
|---|
| 48 | internally mutex protected. With ActivateSignal() a signal can be set that is send
|
|---|
| 49 | to main thread upon configuration file change, the build-in signal handler then
|
|---|
| 50 | invokes the (virtual) method ConfigChanged().
|
|---|
| 51 | 24/6/2010 Workaround for erroneous /SERVICE_LIST updates. Added static tokenize method to
|
|---|
| 52 | Evidence class.
|
|---|
| 53 | 30/6/2010 Made Lock()/Unlock() publicly available (mutex of type PTHREAD_MUTEX_ERRORCHECK),
|
|---|
| 54 | in case signal is set with ActivateSignal() this signal will be blocked while locked.
|
|---|
| 55 | Implemented experimental automatic full configuration tracking for Bridge.
|
|---|
| 56 |
|
|---|
| 57 |
|
|---|
| 58 | Preliminary firewall settings on eth-vme02 (rule 5 for DIM, rule 6 for X11 over ssh)
|
|---|
| 59 |
|
|---|
| 60 | Chain INPUT (policy ACCEPT)
|
|---|
| 61 | num target prot opt source destination
|
|---|
| 62 | 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
|
|---|
| 63 |
|
|---|
| 64 | Chain FORWARD (policy ACCEPT)
|
|---|
| 65 | num target prot opt source destination
|
|---|
| 66 | 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
|
|---|
| 67 |
|
|---|
| 68 | Chain OUTPUT (policy ACCEPT)
|
|---|
| 69 | num target prot opt source destination
|
|---|
| 70 |
|
|---|
| 71 | Chain RH-Firewall-1-INPUT (2 references)
|
|---|
| 72 | num target prot opt source destination
|
|---|
| 73 | 1 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
|
|---|
| 74 | 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
|
|---|
| 75 | 3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
|
|---|
| 76 | 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2000
|
|---|
| 77 | 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5100:6000 state NEW
|
|---|
| 78 | 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6000:6063 state NEW
|
|---|
| 79 | 7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
|
|---|
