
 _______ _______         _______ _______
|     __|   |   |.---.-.|    |  |_     _|
|__     |       ||  _  ||       | |   |
|_______|__|_|__||___._||__|____| |___|


What is SMaNT?
--------------
- It aims to be
  SMaNT is the Systems Management And Network Toolkit. 
  It's easy to develop dynamic plugins allow for interactive
  or scripted remote access and configuration of a server or 
  groups of servers via almost any GUI or from the command line
  in real time.

- It is now
  Right now it allows you to run arbitrary scripts on a server
  in which the smantd daemon is running.
  It has a nice SSL encryption and key based authentication system
  that allow for the to be accomplished securly.
  
  For instance, I have a seperate mail and web server. I built
  a simple PHP interface so that users can modify thier Qmail and
  Vpopmail virtual domains via the web. The PHP code execs the 
  client-ssl program (located in the clients/ subir) and pushes
  changes to the smant server, or pulls information from it.

  It has also proven to be very usfull for me when I am writing
  bash scripts that also need to make changes on a remote server
  non-interactivly.

How do I use it?
----------------
- Setup
  - RPM
    If you downloaded the RPM, make sure you also downloaded the
    smant-lib rpm, and install it first. SMaNT requires it to run.

    After rpm -Uvh smant-ver.rpm, look in the /etc directory for
    the smantd.conf file. See section Configuration below for more.

  - Source
    Make sure you have downloaded and install the sman-lib source 
    package. SMaNT requires it to run.
    Untar and unzip the source, and cd into the smant-serv dir then 
    do the following:
    ./bootstrap
    ./configure
    make
    make install
    Then locate the smantd.conf file, probably in your /usr/local/etc 
    dir.

  - Configuration
    Edit the smantd.conf file. MAKE SURE the paths are valid, and that
    you follow the instruction in it.
    Generate a pair of keys for you server, and for you client. this
    can be done with the script provided in the keys/ subdir.
    For example:
    ./gencert.sh serv (to generate a keypair for your server)
    ./gencert.sh cli (to generate a keypair for your client)
    If your smantd.conf is in /etc then put all the keys in your
    /etc/smant/keys dir. If your smantd.conf is in /usr/local/etc
    then they do into /usr/local/etc/smant/keys.

    Bot the smant daemon and the client(s) will look for thier
    corresponding keys in this directory.

    Make sure that the user running smant (defined in the smantd.conf)
    has access to the smant log files (defined in the smantd.conf).

    Finally, to make it dance, just put a custom shell script into
    /etc/smant/plugins/scripts or /usr/local/etc/smant/plugins/scripts
    (depending on where it installed) and use the client to execute it.
    You can follow the example located in the scripts directory named
    gen.sh.
    To use gen.sh we would do this.
    ./client-ssl 9000 192.168.1.1 generic gen "ls -la"
    ^            ^    ^           ^        ^    ^
    |	         |    |		  |	   |	|- MSG (this will be
    |		 |    |		  |	   |	   passed as an argument
    |		 |    |		  |	   |	   to gen.sh)
    |		 |    |		  |	   |- Type (for libsmant-generic
    |            |    |           |           this is the name of the script
    |            |    |           |           to exec minus the .sh)
    |            |    |           |
    |            |    |           |- name of plugin (libsmant-generic)
    |            |    |
    |            |    |- IP of smantd daemon
    |            |
    |		 |- The Port
    |
    |- The client 

    This should get your SMaNT system running. 
     

I don't get it!
---------------
- I dont blame you
  This README is probably a little sketchy, bu I promise more
  comprehensive documentation is on the way.

Why not use WebMin or LinuxConf?
-------------------------------
- I wasn't hapy with webmin or linuxconf.
  Neither really allow for multiple interfaces for one daemon,
  or configuration across multiple machines or platforms. 
  SMaNT is ideal for administrating machines that the client
  does not run on. 
  I usually don't run apache on my mail servers. Why not? you ask?, 
  becuase it's a mail server, and I already have a webserver. 
  This is an ideal situation for SMaNT

Is this not a Unicenter Clone?
------------------------------
- Could be
  I heard that Unicenter does all sorts of things, just like smant, 
  but since I couldnt pay the thousands of dollars for licenes, I
  have really never seen it.


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!      PROTECT YOUR KEYS           !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

This cannot be stressed enough. Smant's authentication relys
on key based authentication. If you keys are compromised then
your Smant server may become compromised.
Make sure and chmod 400 your keys!

PLEASE try not to run Smant as root. 
In most cases you can
get away with running it as it's own uid, or the uid of the
files/directories you need access to.
PLEASE try not to run Smant as root.


#################################
#       Key Management          #
#################################

First, you must specifiy where you are keeping your keys,
this can me done by editing /etc/smant/smantd.conf . Once
this is done, put all your clients certs in the file you
specified in smantd.conf as "cacert", the defaults looks like
this:
cacert = cli-cacert.pem
After adding or changing any of the client keys, smant should be
restarted. 
