slackbuilds_ponce/network/ntop/README.SLACKWARE

187 lines
5.5 KiB
Text
Raw Normal View History

README.Slackware
================
This file contains some specific instructions to complete the
installation of ntop on Slackware.
0) Before running the SlackBuild script
---------------------------------------
0.1) ntop group & user
Before running the ntop.SlackBuild script, you will need to create
the 'ntop' user and group. The script won't run if these do not
exist.
The suggested UID and GID is 212, but you can change this as needed:
# groupadd -g 212 ntop
# useradd -u 212 -g ntop -d /var/lib/ntop -s /bin/false ntop
If you want to use a different user and/or group under which to run
ntop, you can pass alternate values to the NTOPUSER and NTOPGROUP variables
when running the build script.
1) Start & Stop scripts for ntop
--------------------------------
1.1) Automatic startup and shutdown
If you want to start ntop on system bootup, include these lines in your
/etc/rc.d/rc.local:
# Start ntop
if [ -x /etc/rc.d/rc.ntop ]; then
echo "Starting ntop..."
/etc/rc.d/rc.ntop start
fi
To guarantee a clean shutdown of ntop, include this in
/etc/rc.d/rc.local_shutdown:
# Stop ntop
if [ -x /etc/rc.d/rc.ntop ]; then
echo "Stopping ntop..."
/etc/rc.d/rc.ntop stop
fi
1.2) Make /etc/rc.d/rc.ntop executable
Additionally, you'll have to set the rc script to be executable just like
any other Slackware rc script:
# chmod +x /etc/rc.d/rc.ntop
2) Set the administrator password
---------------------------------
When ntop is installed at the first time, you MUST set the administration
password for ntop (user 'admin'). You do that by running ntop with the
option -A (or --set-admin-password) as root:
# /usr/bin/ntop -P <ntop_homedirectory> -u <ntopuser> -A
For example:
# /usr/bin/ntop -P /var/lib/ntop -u ntop -A
It will prompt you for the password and then exit.
3) Starting ntop
----------------
Now you are ready to start ntop by calling the startup script:
# /etc/rc.d/rc.ntop start
Once ntop has started and configured correctly, you should be able to look
at all the data it's collected by pointing your browser at:
http://(ip-of-your-ntop-server):3000/
Browse through the configuration menu (Admin / Configure / Startup options)
to set the interfaces you want to capture and many more parameters.
Fore more documentation on ntop, check:
- http://www.ntop.org/documentation.html
- http://www.ntop.org/needHelp.html
There are also some mailing lists you can subscribe to, that can be found on
the pages mentioned above.
4) Keeping your ntop tables up-to-date
--------------------------------------
Now that your ntop server is running, you might want to keep some of the
tables that are installed updated automatically.
I do this with a few simple shell scripts I copy to the /etc/cron.xxxx/
directories, where xxxx stands for:
- hourly
- daily
- weekly
- monthly
So saving a script in /etc/cron.weekly/ means it will be run every week.
Saving it in /etc/cron/monthly/ means it will run once a month, etc.
My suggestions are:
- save ntop_update_geoip in /etc/cron.weekly
- save ntop_update_oui in /etc/cron.daily
Don't forget to make the script executable.
The following scripts are examples for the GeoIP and OUI tables, feel free
to adapt them to your reality.
The "OS Fingerprint" table has not changed for over five years, so I did not
create a script for it.
It you want, you can check for updates at:
http://ettercap.cvs.sourceforge.net/ettercap/ettercap_ng/share/etter.finger.os?rev=HEAD
=============================================================================
*********************
* ntop_update_geoip * - Suggestion: save in /etc/cron.weekly
*********************
-----------------------------------------------------------------------------
#!/bin/sh
#
# ntop_update_geoip: update GeoIP tables
UPDATE_DIR="/etc/ntop"
UPDATE_LOG="/var/log/ntop_update.log"
UPDATE_OUT="wget.out"
UPDATES="\
http://geolite.maxmind.com/download/geoip/database/,GeoLiteCity.dat \
http://geolite.maxmind.com/download/geoip/database/asnum/,GeoIPASNum.dat"
cd $UPDATE_DIR
for update in $UPDATES; do
update_url=`echo $update | awk -F , {'print $1'}`
update_file=`echo $update | awk -F , {'print $2'}`
wget -o $UPDATE_OUT -N ${update_url}${update_file}.gz
WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
if [ $WGET_TEST -eq "0" ]; then
tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
gunzip -c ${update_file}.gz > ${update_file}
fi
done
rm $UPDATE_OUT
=============================================================================
*******************
* ntop_update_oui * - Suggestion: save in /etc/cron.daily
*******************
-----------------------------------------------------------------------------
#!/bin/sh
#
# ntop_update_oui: update OUI table
UPDATE_DIR="/etc/ntop"
UPDATE_LOG="/var/log/ntop_update.log"
UPDATE_OUT="wget.out"
UPDATES="\
http://standards.ieee.org/regauth/oui/,oui.txt"
cd $UPDATE_DIR
for update in $UPDATES; do
update_url=`echo $update | awk -F , {'print $1'}`
update_file=`echo $update | awk -F , {'print $2'}`
wget -o $UPDATE_OUT -N ${update_url}${update_file}
WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
if [ $WGET_TEST -eq "0" ]; then
tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
gzip -c ${update_file} > ${update_file}.gz
fi
done
rm $UPDATE_OUT
=============================================================================
(Note that there are some subtle differences between the scripts, so beware
when copying)