ScanCore notes; = ScanCore = ScanCore runs as a daemon, periodically scanning for "Scan Agents" and invoking all agents it finds in (and under) 'path::directories::scan_agents'. See 'Agents' below for details on writing new agents. If the local system is not configured, or if none of the databases are available, ScanCore will go into a loop, sleeping for a period of time and then re-checking to see if the system is not configured or if at least one database is available. Once read, it will serially execute all scan agents it finds. Each agent is given a period of time it is allowed to run for before it is terminated. This is controlled by 'scancore::timing::agent_runtime', but can be overridden on a per-agent basis with 'scancore::agent::::agent_runtime'. NOTE: It is strongly recommended to keep the average runtime of an agent as low as possible! To prevent putting too high a load on the host system, agents are called sequentially. So an agent that takes a long time to run will cause all other agents to be delayed, and slow down how often post-scan checks can be performed. = Agents = ScanCore Agents are self-contained executables that can be written in any language the user chooses. A typical agent contains three files under a dedicated directory, itself under 'path::directories::scan_agents'. For example, the agent 'scan-network'; * /usr/sbin/scancore-agents/scan-network/scan-network - Main program * /usr/sbin/scancore-agents/scan-network/scan-network.sql - SQL schema * /usr/sbin/scancore-agents/scan-network/scan-network.xml - XML 'words' == Permissions == Given most agents are interacting with core systems, all agents are called with root priviledges. If your agent doesn't need priviledged access, it is recommended that you drop to an unpriviledged user. If you provide your agent via an external RPM (or other mechanism), be sure to properly setup SELinux. It is enabled and enforcing on production systems! == Naming == All scan agents *must* start with the name 'scan-X'. When ScanCore walks the agents directory, any file that does not start with this name is ignored. == Main Program == This is the executable invoked by ScanCore. It should do a single scan and then exit. Keeping the total runtime as short as possible should be a high priority! == SQL Schema == Most agents will want to store data in the ScanCore database (usually a postgres database called 'anvil', see 'database::X' entries in anvil.conf). If your tables are not found in a given database, this schema will be loaded. At this time, there are Perl libraries (see 'perldoc Anvil::Tools::Database') that dramatically simplify connecting to any available databases, handling resync when a given database falls behind, etc. If you plan to write a scan agent in another language, porting these tools would be very much appreciated. Let us know and we will be happy to assist however we can. == XML 'words' == Any strings used for logging or sending "alerts" to notification recipients are found in this file. Please see 'words.xml' for more information on how this file is structured. NOTE: This file MUST be the same as the agent itself, with the file extension '.xml'. NOTE: To avoid namespace collisions, it is STRONGLY recommended that all string keys start with your agent name! Ie: 'scan_network_X'.