TinyIDS Protocol¶

TinyIDS uses a simple protocol for the communication between the client (tinyids) and the server (tinyidsd).

This page described the TinyIDS Protocol revision 2.

Client - Server session¶

Communication between the TinyIDS server and client consists of only one data exchange. A client-server session is outlined below:

1. The client connects to the server.
2. The server accepts the connection without a welcome message.
3. The client sends the command.
4. The server verifies/rejects the command and sents a response back to the client.
5. The client disconnects.

Overview of Supported Commands¶

• TEST {protocol_revision}
• CHECK {hash}
• UPDATE {hash} {passphrase}
• DELETE {passphrase}
• CHANGEPHRASE {old_passphrase} {new_passphrase}

Overview of Response Codes¶

• 20 OK
• 30 MISMATCH
• 31 NOT FOUND
• 40 INVALID CLIENT
• 41 INVALID COMMAND
• 42 INVALID PASSPHRASE

Command TEST¶

Tests communication with the TinyIDS server.

Syntax:

TEST {protocol_revision}

Responses:

• 20 OK
  • Server and client use compatible protocol revisions.
  • PKI, if used, is correctly set up.
  • Connectivity is OK.
• 40 INVALID CLIENT
  • Server and client use incompatible protocol revisions.
  • PKI, if used, is not correctly set up.
  • Connectivity issues.

Command CHECK¶

Compares the calculated hash with the hash that has been stored at a remote TinyIDS server for the client's IP address.

Syntax:

CHECK {hash}

Responses:

• 20 OK
  • Hash comparison is successful.
• 30 MISMATCH
  • Hashes do not match. The system has been changed by a system update or by an intruder.
• 31 NOT FOUND
  • No hash has been previously stored on the TinyIDS server for the client's IP address.

Command UPDATE¶

Updates or stores a hash at a remote TinyIDS server.

Syntax:

UPDATE {hash} {passphrase}

Responses:

• 20 OK
  • Client authentication on the remote TinyIDS server was successful using the passphrase.
  • The hash has been stored/updated successfully at the remote TinyIDS server.
• 42 INVALID PASSPHRASE
  • Client could not be authenticated on the remote TinyIDS server using the passphrase.
  • The remotely stored hash, if it exists, has not changed.

Command DELETE¶

Deletes the stored hash at a remote TinyIDS server.

Syntax:

DELETE {passphrase}

Responses:

• 20 OK
  • Client authentication on the remote TinyIDS server was successful using the passphrase.
  • The hash has been deleted from the remote TinyIDS server.
• 31 NOT FOUND
  • No hash has been previously stored on the TinyIDS server for the client's IP address.
• 42 INVALID PASSPHRASE
  • Client could not be authenticated on the remote TinyIDS server using the passphrase.
  • The remotely stored hash, if it exists, has not been deleted.

Command CHANGEPHRASE¶

Change the passphrase on the remote server.

Syntax:

CHANGEPHRASE {old_passphrase} {new_passphrase}

Responses:

• 20 OK
  • Client authentication on the remote TinyIDS server was successful using the old_passphrase.
  • The passphrase has been replaced by the new_passphrase on the remote TinyIDS server.
• 31 NOT FOUND
  • There is no information stored on the TinyIDS server for the client's IP address. Therefore, a passphrase does not exist.
• 42 INVALID PASSPHRASE
  • Client could not be authenticated on the remote TinyIDS server using the passphrase.
  • The remotely stored passphrase, if it exists, has not changed.