unattended installation

Pietro

Dec 31, 2015 @ 03:21 PM

Hello,

where can I find the documentation about the config.auth.user.php file format ?
I need it to be able to automate the installation of PML.

Thanks!

Support Staff 1 Posted by potsky on Jan 02, 2016 @ 06:47 PM

Hello,

there will be an API I hope in 2016 ! But for the moment, here is the basic format of the auth file (all auth functions are in the class Sentinel in file inc/Sentinel.php :

<?php if (realpath(__FILE__)===realpath($_SERVER["SCRIPT_FILENAME"])) {header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");die();}?>
{
  "generated": "1448388815",
  "security": "c63JoOs8_ZWJSKw6Xi7eEwzdEjg0i6cCDP7oTZU66SwKWYFnIupDmZk2js-gwkqK",
  "anonymous": [],
  "users": {
    "potsky": {
      "roles": [
        "admin"
      ],
      "pwd": "917f33800bce25637e632f4f906892424c1fe34b",
      "logs": [],
      "cd": "1448388822",
      "cb": null,
      "at": "Dgd-Qwh5zsJAmcHnr_jZsIeaVsWzqoGu",
      "hp": "Zjf15D-PoWanaJ-2",
      "logincount": 1,
      "lastlogin": {
        "ip": "::1",
        "ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7",
        "ts": "1448388830"
      }
    },
    "potskyuser": {
      "roles": [
        "user"
      ],
      "pwd": "880770f022dfbee46cd9225c34809b9a5516d853",
      "logs": {
        "-config-user-d-apache-php-contenterror": {
          "r": true
        },
        "-config-user-d-apache-php-contentaccess": {
          "r": true
        },
        "-config-user-d-apache-php-apierror": {
          "r": true
        },
        "-config-user-d-apache-php-apiaccess": {
          "r": true
        },
        "-config-user-d-squid-php-squidaccess": {
          "r": true
        }
      },
      "cd": 1386752948,
      "cb": "root",
      "at": "fCm1j44r0KYV2c6n8Y_CVYlwqe_3QBUw",
      "hp": "iNnCGPfgA7NJaZ98",
      "logincount": 1,
      "lastlogin": {
        "ip": "172.16.25.1",
        "ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7",
        "ts": "1444892251"
      }
    }
  },
  "logs": [
    [
      "signin",
      "potsky",
      "1448388830",
      "::1",
      "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7"
    ]
  ]
}

And here are the explanations :

<?php if (realpath(__FILE__)===realpath($_SERVER["SCRIPT_FILENAME"])) {header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");die();}?>

Always copy this line as it to avoid people access directly the json file.

"generated": "1448388815",

The generated key is the timestamp of the creation date of the auth file.

"security": "c63JoOs8_ZWJSKw6Xi7eEwzdEjg0i6cCDP7oTZU66SwKWYFnIupDmZk2js-gwkqK",

This is a random key which will be used as salt when hashing password. If you change it when users have already been created, their password will not work anymore.

"anonymous": [],

The list of logs (file ids) accessible anonymously

"users": {

The list of users where keys are usernames and values are the user object.

"potsky": {

The first user is potsky. The username is the key of the user object.

  "roles": [
    "admin"
  ],

A list of roles. Supported roles are now user or admin. No need to set an admin as a user too.

  "pwd": "917f33800bce25637e632f4f906892424c1fe34b",

The user password hash encoded with this formula : sha1( $security . $username . $generated . $password )

  "logs": [],

This array lists all log files accessible by the user. Here is an other example with a user and not an admin :

      "logs": {
        "-config-user-d-apache-php-contenterror": {
          "r": true
        },
        "-config-user-d-apache-php-contentaccess": {
          "r": true
        },
        "-config-user-d-apache-php-apierror": {
          "r": true
        },
        "-config-user-d-apache-php-apiaccess": {
          "r": true
        },
        "-config-user-d-squid-php-squidaccess": {
          "r": true
        }
      },

The only supported value now is r for read.

  "cd": "1448388822",

The creation date timestamp.

  "cb": null,

cb is for created by. This is the username of the user who has created the current user. System is null. You can set all values to null.

  "at": "Dgd-Qwh5zsJAmcHnr_jZsIeaVsWzqoGu",

This is the access token

  "hp": "Zjf15D-PoWanaJ-2",

Presalt for this user, postsalt is the instance security token

  "logincount": 1,

Do not set this value when creating a user.

  "lastlogin": {
    "ip": "::1",
    "ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7",
    "ts": "1448388830"
  }

Do not set this value when creating a user.

"logs": [
[
  "signin",
  "potsky",
  "1448388830",
  "::1",
  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7"
]

Do not set this value when creating a user.

If you want to use PHP to create the authentication file and users, it is easier :

Include the Sentinel class in your script
use the create method to create the authentication file
use the setUser($username , $password) method to create a user
use the setAdmin($username , $password) method to create an admin

For example :

<?php
include 'inc/Sentinel.php`;

Sentinel::init();
Sentinel::create();
Sentinel::setAdmin('admin','pass');
Sentinel::setUser( 'user' , 'pass' , null , array( 'fileid1' => array( 'r' => true ) , 'fileid2' => array( 'r' => true ) ) );
Sentinel::save();

Tell me if it works !

2 Posted by Pietro on Jan 05, 2016 @ 10:45 PM

Thanks a lot for the very clear explaination.

it worked as well with some minor changes:

<?php

include 'inc/global.inc.php'; include 'inc/classes/Sentinel.php'; Sentinel::init(); Sentinel::create(); Sentinel::setAdmin('admin','pass'); Sentinel::save(); ?>
- Edit
Support Staff 3 Posted by potsky on Jan 06, 2016 @ 08:13 AM

Nice!
- Edit
potsky closed this discussion on Jan 06, 2016 @ 08:13 AM.
Pietro re-opened this discussion on Jan 13, 2016 @ 01:05 AM
4 Posted by Pietro on Jan 13, 2016 @ 01:05 AM

Here: https://github.com/pbertera/dockerfiles/tree/master/SyslogServer
you can find a Docker container with rsyslog and PML.

Thanks,
- Edit

Reply to this discussion

Internal reply

Name

Email

No formatting (switch to Markdown)

Attach File

You can attach files up to 10MB

Verify Human

Spam protection: What is the ninth month of the year?

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

New Issue
Conversation Started

A conversation has been started with the Pimp my Log staff to resolve this discussion.
Close the discussion Close the discussion

Private Permissions

This discussion is private. Only you and Pimp my Log support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Comments Feed

Keyboard shortcuts

Generic

?	Show this help
ESC	Blurs the current field

Comment Form

r	Focus the comment reply box
^ + ↩	Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

	12 Jan 06:43	rotated gzipped files
	22 May 17:04	Help you obtain Microsoft prize(capital, iPhone, etc.) to grow your business
	02 Nov 10:57	Use this A.I. Tool to Generate Immediate Content
	08 Oct 17:28	Helps you maximize your website revenue in 5 minutes
	12 Aug 09:23	The top secret AI traffic hack

Recent Articles

	Joomla
	Docker Syslog server
	MySQL
	PHP installations with Suhosin extension and exotic ini settings
	Signification of fields in an export

unattended installation

Pietro

Reply to this discussion

Internal reply

Attached Files

New Issue

Conversation Started

Close the discussion Close the discussion

Private Permissions

Public Permissions

Keyboard shortcuts

Generic

Comment Form

Recent Discussions

Recent Articles