slackbuilds_ponce/network/ntop/README.SLACKWARE

239 lines
7.5 KiB
Text
Raw Normal View History

README.Slackware
================
This file contains some specific instructions to complete the
installation of ntop on Slackware.
0) Before running the SlackBuild script
---------------------------------------
0.1) ntop group & user
Before running the ntop.SlackBuild script, you will need to create
the 'ntop' user and group. The script won't run if these do not
exist.
The suggested UID and GID is 212, but you can change this as needed:
# groupadd -g 212 ntop
# useradd -u 212 -g ntop -d /var/lib/ntop -s /bin/false ntop
If you want to use a different user and/or group under which to run
ntop, you can pass alternate values to the NTOPUSER and NTOPGROUP variables
when running the build script.
1) Download extra databases
---------------------------
After building & installing the ntop package, you might want to
follow these extra steps:
1.1) GeoIP tables
To identify the location of the external hosts your netwerk connects
to, ntop uses GeoIP. You will need to download the latest tables to
your ntop server and store them in /etc/ntop:
# cd /etc/ntop
# wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
# gunzip -c GeoLiteCity.dat.gz > GeoLiteCity.dat
# wget http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
# gunzip -c GeoIPASNum.dat.gz > GeoIPASNum.dat
Both files are updated regularly (about once a month). There are some
suggestions below on how to keep your ntop server up-to-date.
1.2) OS fingerprint database
ntop tries to identify the Operating System from the captures packages by
searching for a "fingerprint". It uses a table that needs to be downloaded
from the ettercap project on SourceForge:
# cd /etc/ntop
# wget -O etter.finger.os http://ettercap.cvs.sourceforge.net/ettercap/ettercap_ng/share/etter.finger.os?rev=HEAD
This file hasn't been updated since 2005, so it doesn't identify the more
modern OSs (Slackware 13.0 is identified as "Debian Linux" :-/ ) but it still
might be helpful.
1.3) OUI database
All MAC addresses contain a "Organizationally Unique Identifier" (OUI) to
identify the manufacturer. These OUIs are assigned by the IEEE Standards
Association. A table is included with ntop, but new OUIs are assigned almost
every day, so you might want to update the file now, before starting ntop:
# cd /etc/ntop
# wget http://standards.ieee.org/regauth/oui/oui.txt
# gzip -c oui.txt > oui.txt.gz
Since this file changes frequently, check the suggestions later in this file
on how to keep your ntop server up-to-date.
2) Start & Stop scripts for ntop
--------------------------------
2.1) Automatic startup and shutdown
If you want to start ntop on system bootup, include these lines in your
/etc/rc.d/rc.local:
# Start ntop
if [ -x /etc/rc.d/rc.ntop ]; then
echo "Starting ntop..."
/etc/rc.d/rc.ntop start
fi
To guarantee a clean shutdown of ntop, include this in
/etc/rc.d/rc.local_shutdown:
# Stop ntop
if [ -x /etc/rc.d/rc.ntop ]; then
echo "Stopping ntop..."
/etc/rc.d/rc.ntop stop
fi
2.2) Make /etc/rc.d/rc.ntop executable
Additionally, you'll have to set the rc script to be executable just like
any other Slackware rc script:
# chmod +x /etc/rc.d/rc.ntop
3) Set the administrator password
---------------------------------
When ntop is installed at the first time, you MUST set the administration
password for ntop (user 'admin'). You do that by running ntop with the
option -A (or --set-admin-password) as root:
# /usr/bin/ntop -P <ntop_homedirectory> -u <ntopuser> -A
For example:
# /usr/bin/ntop -P /var/lib/ntop -u ntop -A
It will prompt you for the password and then exit.
4) Starting ntop
----------------
Now you are ready to start ntop by calling the startup script:
# /etc/rc.d/rc.ntop start
Once ntop has started and configured correctly, you should be able to look
at all the data it's collected by pointing your browser at:
http://(ip-of-your-ntop-server):3000/
Browse through the configuration menu (Admin / Configure / Startup options)
to set the interfaces you want to capture and many more parameters.
Fore more documentation on ntop, check:
- http://www.ntop.org/documentation.html
- http://www.ntop.org/needHelp.html
There are also some mailing lists you can subscribe to, that can be found on
the pages mentioned above.
*** NOTE ***
* There have been some reports about ntop crashing (segfault) after any
* period between a couple of minutes to several hours.
* If this happens on your system, try disabling DNS resolution either from
* the menu (admin/configure/startup options/IP Prefs) or changing the rc.ntop
* file, adding the "-n" option to the line that starts ntop:
* /usr/bin/ntop --w3c -u $NTOPUID -n -d >> $NTOPLOG 2>&1
* ^^
*** end ***
5) Keeping your ntop tables up-to-date
--------------------------------------
Now that your ntop server is running, you might want to keep the tables we
installed earlier updated automatically.
I do this with a few simple shell scripts I copy to the /etc/cron.xxxx/
directories, where xxxx stands for:
- hourly
- daily
- weekly
- monthly
So saving a script in /etc/cron.weekly/ means it will be run every week.
Saving it in /etc/cron/monthly/ means it will run once a month, etc.
My suggestions are:
- save ntop_update_geoip in /etc/cron.weekly
- save ntop_update_oui in /etc/cron.daily
Don't forget to make the script executable.
The following scripts are examples, feel free to adapt them to your reality:
=============================================================================
*********************
* ntop_update_geoip * - Suggestion: save in /etc/cron.weekly
*********************
-----------------------------------------------------------------------------
#!/bin/sh
#
# ntop_update_geoip: update GeoIP tables
UPDATE_DIR="/etc/ntop"
UPDATE_LOG="/var/log/ntop_update.log"
UPDATE_OUT="wget.out"
UPDATES="\
http://geolite.maxmind.com/download/geoip/database/,GeoLiteCity.dat \
http://geolite.maxmind.com/download/geoip/database/asnum/,GeoIPASNum.dat"
cd $UPDATE_DIR
for update in $UPDATES; do
update_url=`echo $update | awk -F , {'print $1'}`
update_file=`echo $update | awk -F , {'print $2'}`
wget -o $UPDATE_OUT -N ${update_url}${update_file}.gz
WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
if [ $WGET_TEST -eq "0" ]; then
tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
gunzip -c ${update_file}.gz > ${update_file}
fi
done
rm $UPDATE_OUT
=============================================================================
*******************
* ntop_update_oui * - Suggestion: save in /etc/cron.daily
*******************
-----------------------------------------------------------------------------
#!/bin/sh
#
# ntop_update_oui: update OUI table
UPDATE_DIR="/etc/ntop"
UPDATE_LOG="/var/log/ntop_update.log"
UPDATE_OUT="wget.out"
UPDATES="\
http://standards.ieee.org/regauth/oui/,oui.txt"
cd $UPDATE_DIR
for update in $UPDATES; do
update_url=`echo $update | awk -F , {'print $1'}`
update_file=`echo $update | awk -F , {'print $2'}`
wget -o $UPDATE_OUT -N ${update_url}${update_file}
WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
if [ $WGET_TEST -eq "0" ]; then
tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
gzip -c ${update_file} > ${update_file}.gz
fi
done
rm $UPDATE_OUT
=============================================================================
(Note that there are some subtle differences between the scripts, so beware
when copying)