Looks like a great tool you've got here -- actually, it's the platform I've been looking for to continue the development (and hopefully an eventual public release) of a security auditing tool I started working on long ago.
Anyway - so I'm working with the basics of NodeBrain, just trying to see how the mechanics work. I've come to the point where the documentation doesn't provide any more detail - and I feel like I've followed everything the manual said, but I'm getting no results.
Let me give you my basic scenario:
Two Windows computers - a desktop called "ARCHITECT07", and a laptop called "ARCHITECT6". From one, issue a "DIR" command on the other.
So, that's the config - each should know about the other, and I should be able to issue commands to the desktop from the laptop ... but I'm getting an authorization error.
---command script used for ARCHITECT07 (desktop) to daemonize NB---
set log="listener.log"
set out="c:\nodebrain"
define l1 listener protocol="NBP",port=12345;
---interactive commands issued at ARCHITEC6 (laptop)---
Date Time Message
---------- -------- --------------------------------------------
2003/03/18 02:19:31 NB000I NodeBrain nb unknown[1740]
2003/03/18 02:19:31 NB000I Portraying identity "laptop".
2003/03/18 02:19:31 NB000I Private definitions loaded.
2003/03/18 02:19:31 NB000I Reading from standard input.
---------- --------
@> >desktopbrain dir
2003/03/18 02:19:37 NB000I Brain desktopbrain=desktop@192.168.0.103:12345
NB000E Client identity "laptop" not authorizated to connect.
2003/03/18 02:19:37 NB000T nbpSend: open failed
Any insights? Thanks.....
-Doug
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Your configuration files looks fine at a glace, there's just one more step---you need to include a statement that gives laptop permission to connect to desktop. Add this statement to the private.nb file on desktop, after declaring laptop.
rank laptop guest
If you want to give laptop permission to issue shell commands on desktop, use owner instead of guest. (See RANK statement in manual.)
rank laptop owner
If you want desktop to have persion to connect to laptop, you'll need to update the private.nb file on ARCHITECT6 (laptop) with similar commands.
You are not required to place the rank statement in private.nb, but that works well for this example. If you end up with multiple listening brains (agents) using the same private.nb and want to give public identities different permissions in each agent, the rank statement would go in a configuration file you invent for each agent (e.g. agent1.nb and agent2.nb). Those files would be used at startup (e.g. "nb agent1.nb"). The identity declarations (keys) are still kept in private.nb.
There's a bit of information on the RANK statement in the manual. I'll try to improve it and make reference to it when talking about the private.nb file. Now I see an error on the RANK page that I need to fix. It refers to a GRANT statement that is not yet implemented. RANK provides broad sets of permissions, while GRANT is planned to provide more granular permissions in a future (not next) release.
Ed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi ...
Looks like a great tool you've got here -- actually, it's the platform I've been looking for to continue the development (and hopefully an eventual public release) of a security auditing tool I started working on long ago.
Anyway - so I'm working with the basics of NodeBrain, just trying to see how the mechanics work. I've come to the point where the documentation doesn't provide any more detail - and I feel like I've followed everything the manual said, but I'm getting no results.
Let me give you my basic scenario:
Two Windows computers - a desktop called "ARCHITECT07", and a laptop called "ARCHITECT6". From one, issue a "DIR" command on the other.
Here's the private.nb file for each:
---private.nb for ARCHITECT07---
declare desktop identity b.7535f5088fa97e1c.b862be30b6588b75.0;
portray desktop;
declare desktopbrain brain desktop@localhost:12345;
declare laptop identity 7.34ffdca66d132004.0.0;
declare laptopbrain brain laptop@architect6:12345;
---private.nb file for ARCHITECT6---
declare desktop identity b.7535f5088fa97e1c.0.0;
declare desktopbrain brain desktop@architect07:12345;
declare laptop identity 7.34ffdca66d132004.7b6bb020680a9421.0;
declare laptopbrain brain laptop@localhost:12345;
portray laptop;
So, that's the config - each should know about the other, and I should be able to issue commands to the desktop from the laptop ... but I'm getting an authorization error.
---command script used for ARCHITECT07 (desktop) to daemonize NB---
set log="listener.log"
set out="c:\nodebrain"
define l1 listener protocol="NBP",port=12345;
---interactive commands issued at ARCHITEC6 (laptop)---
Date Time Message
---------- -------- --------------------------------------------
2003/03/18 02:19:31 NB000I NodeBrain nb unknown[1740]
2003/03/18 02:19:31 NB000I Portraying identity "laptop".
2003/03/18 02:19:31 NB000I Private definitions loaded.
2003/03/18 02:19:31 NB000I Reading from standard input.
---------- --------
@> >desktopbrain dir
2003/03/18 02:19:37 NB000I Brain desktopbrain=desktop@192.168.0.103:12345
NB000E Client identity "laptop" not authorizated to connect.
2003/03/18 02:19:37 NB000T nbpSend: open failed
Any insights? Thanks.....
-Doug
Doug,
Your configuration files looks fine at a glace, there's just one more step---you need to include a statement that gives laptop permission to connect to desktop. Add this statement to the private.nb file on desktop, after declaring laptop.
rank laptop guest
If you want to give laptop permission to issue shell commands on desktop, use owner instead of guest. (See RANK statement in manual.)
rank laptop owner
If you want desktop to have persion to connect to laptop, you'll need to update the private.nb file on ARCHITECT6 (laptop) with similar commands.
You are not required to place the rank statement in private.nb, but that works well for this example. If you end up with multiple listening brains (agents) using the same private.nb and want to give public identities different permissions in each agent, the rank statement would go in a configuration file you invent for each agent (e.g. agent1.nb and agent2.nb). Those files would be used at startup (e.g. "nb agent1.nb"). The identity declarations (keys) are still kept in private.nb.
There's a bit of information on the RANK statement in the manual. I'll try to improve it and make reference to it when talking about the private.nb file. Now I see an error on the RANK page that I need to fix. It refers to a GRANT statement that is not yet implemented. RANK provides broad sets of permissions, while GRANT is planned to provide more granular permissions in a future (not next) release.
Ed