diff options
Diffstat (limited to 'network/ntop/README.SLACKWARE')
| -rw-r--r-- | network/ntop/README.SLACKWARE | 238 |
1 files changed, 238 insertions, 0 deletions
diff --git a/network/ntop/README.SLACKWARE b/network/ntop/README.SLACKWARE new file mode 100644 index 0000000000..0186ed3daa --- /dev/null +++ b/network/ntop/README.SLACKWARE @@ -0,0 +1,238 @@ +README.Slackware +================ + +This file contains some specific instructions to complete the +installation of ntop on Slackware. + +0) Before running the SlackBuild script +--------------------------------------- + +0.1) ntop group & user + +Before running the ntop.SlackBuild script, you will need to create +the 'ntop' user and group. The script won't run if these do not +exist. + +The suggested UID and GID is 212, but you can change this as needed: + + # groupadd -g 212 ntop + # useradd -u 212 -g ntop -d /var/lib/ntop -s /bin/false ntop + +If you want to use a different user and/or group under which to run +ntop, you can pass alternate values to the NTOPUSER and NTOPGROUP variables +when running the build script. + +1) Download extra databases +--------------------------- + +After building & installing the ntop package, you might want to +follow these extra steps: + +1.1) GeoIP tables + +To identify the location of the external hosts your netwerk connects +to, ntop uses GeoIP. You will need to download the latest tables to +your ntop server and store them in /etc/ntop: + + # cd /etc/ntop + # wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz + # gunzip -c GeoLiteCity.dat.gz > GeoLiteCity.dat + # wget http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz + # gunzip -c GeoIPASNum.dat.gz > GeoIPASNum.dat + +Both files are updated regularly (about once a month). There are some +suggestions below on how to keep your ntop server up-to-date. + +1.2) OS fingerprint database + +ntop tries to identify the Operating System from the captures packages by +searching for a "fingerprint". It uses a table that needs to be downloaded +from the ettercap project on SourceForge: + + # cd /etc/ntop + # wget -O etter.finger.os http://ettercap.cvs.sourceforge.net/ettercap/ettercap_ng/share/etter.finger.os?rev=HEAD + +This file hasn't been updated since 2005, so it doesn't identify the more +modern OSs (Slackware 13.0 is identified as "Debian Linux" :-/ ) but it still +might be helpful. + +1.3) OUI database + +All MAC addresses contain a "Organizationally Unique Identifier" (OUI) to +identify the manufacturer. These OUIs are assigned by the IEEE Standards +Association. A table is included with ntop, but new OUIs are assigned almost +every day, so you might want to update the file now, before starting ntop: + + # cd /etc/ntop + # wget http://standards.ieee.org/regauth/oui/oui.txt + # gzip -c oui.txt > oui.txt.gz + +Since this file changes frequently, check the suggestions later in this file +on how to keep your ntop server up-to-date. + +2) Start & Stop scripts for ntop +-------------------------------- + +2.1) Automatic startup and shutdown + +If you want to start ntop on system bootup, include these lines in your +/etc/rc.d/rc.local: + + # Start ntop + if [ -x /etc/rc.d/rc.ntop ]; then + echo "Starting ntop..." + /etc/rc.d/rc.ntop start + fi + +To guarantee a clean shutdown of ntop, include this in +/etc/rc.d/rc.local_shutdown: + + # Stop ntop + if [ -x /etc/rc.d/rc.ntop ]; then + echo "Stopping ntop..." + /etc/rc.d/rc.ntop stop + fi + +2.2) Make /etc/rc.d/rc.ntop executable + +Additionally, you'll have to set the rc script to be executable just like +any other Slackware rc script: + + # chmod +x /etc/rc.d/rc.ntop + +3) Set the administrator password +--------------------------------- + +When ntop is installed at the first time, you MUST set the administration +password for ntop (user 'admin'). You do that by running ntop with the +option -A (or --set-admin-password) as root: +# /usr/bin/ntop -P <ntop_homedirectory> -u <ntopuser> -A +For example: + + # /usr/bin/ntop -P /var/lib/ntop -u ntop -A + +It will prompt you for the password and then exit. + +4) Starting ntop +---------------- + +Now you are ready to start ntop by calling the startup script: + + # /etc/rc.d/rc.ntop start + +Once ntop has started and configured correctly, you should be able to look +at all the data it's collected by pointing your browser at: + + http://(ip-of-your-ntop-server):3000/ + +Browse through the configuration menu (Admin / Configure / Startup options) +to set the interfaces you want to capture and many more parameters. + +Fore more documentation on ntop, check: +- http://www.ntop.org/documentation.html +- http://www.ntop.org/needHelp.html + +There are also some mailing lists you can subscribe to, that can be found on +the pages mentioned above. + +*** NOTE *** +* There have been some reports about ntop crashing (segfault) after any +* period between a couple of minutes to several hours. +* If this happens on your system, try disabling DNS resolution either from +* the menu (admin/configure/startup options/IP Prefs) or changing the rc.ntop +* file, adding the "-n" option to the line that starts ntop: +* /usr/bin/ntop --w3c -u $NTOPUID -n -d >> $NTOPLOG 2>&1 +* ^^ +*** end *** + +5) Keeping your ntop tables up-to-date +-------------------------------------- + +Now that your ntop server is running, you might want to keep the tables we +installed earlier updated automatically. + +I do this with a few simple shell scripts I copy to the /etc/cron.xxxx/ +directories, where xxxx stands for: + + - hourly + - daily + - weekly + - monthly + +So saving a script in /etc/cron.weekly/ means it will be run every week. +Saving it in /etc/cron/monthly/ means it will run once a month, etc. + +My suggestions are: + - save ntop_update_geoip in /etc/cron.weekly + - save ntop_update_oui in /etc/cron.daily + +Don't forget to make the script executable. + +The following scripts are examples, feel free to adapt them to your reality: + +============================================================================= +********************* +* ntop_update_geoip * - Suggestion: save in /etc/cron.weekly +********************* +----------------------------------------------------------------------------- +#!/bin/sh +# +# ntop_update_geoip: update GeoIP tables + +UPDATE_DIR="/etc/ntop" +UPDATE_LOG="/var/log/ntop_update.log" +UPDATE_OUT="wget.out" +UPDATES="\ +http://geolite.maxmind.com/download/geoip/database/,GeoLiteCity.dat \ +http://geolite.maxmind.com/download/geoip/database/asnum/,GeoIPASNum.dat" + +cd $UPDATE_DIR + +for update in $UPDATES; do + update_url=`echo $update | awk -F , {'print $1'}` + update_file=`echo $update | awk -F , {'print $2'}` + + wget -o $UPDATE_OUT -N ${update_url}${update_file}.gz + WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?) + if [ $WGET_TEST -eq "0" ]; then + tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG + gunzip -c ${update_file}.gz > ${update_file} + fi +done + +rm $UPDATE_OUT +============================================================================= +******************* +* ntop_update_oui * - Suggestion: save in /etc/cron.daily +******************* +----------------------------------------------------------------------------- +#!/bin/sh +# +# ntop_update_oui: update OUI table + +UPDATE_DIR="/etc/ntop" +UPDATE_LOG="/var/log/ntop_update.log" +UPDATE_OUT="wget.out" +UPDATES="\ +http://standards.ieee.org/regauth/oui/,oui.txt" + +cd $UPDATE_DIR + +for update in $UPDATES; do + update_url=`echo $update | awk -F , {'print $1'}` + update_file=`echo $update | awk -F , {'print $2'}` + + wget -o $UPDATE_OUT -N ${update_url}${update_file} + WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?) + if [ $WGET_TEST -eq "0" ]; then + tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG + gzip -c ${update_file} > ${update_file}.gz + fi +done + +rm $UPDATE_OUT +============================================================================= + +(Note that there are some subtle differences between the scripts, so beware +when copying) + |