2010-05-13 00:37:40 +02:00
|
|
|
README.Slackware
|
|
|
|
================
|
|
|
|
|
|
|
|
This file contains some specific instructions to complete the
|
|
|
|
installation of ntop on Slackware.
|
|
|
|
|
|
|
|
0) Before running the SlackBuild script
|
|
|
|
---------------------------------------
|
|
|
|
|
|
|
|
0.1) ntop group & user
|
|
|
|
|
|
|
|
Before running the ntop.SlackBuild script, you will need to create
|
|
|
|
the 'ntop' user and group. The script won't run if these do not
|
|
|
|
exist.
|
|
|
|
|
|
|
|
The suggested UID and GID is 212, but you can change this as needed:
|
|
|
|
|
|
|
|
# groupadd -g 212 ntop
|
|
|
|
# useradd -u 212 -g ntop -d /var/lib/ntop -s /bin/false ntop
|
|
|
|
|
|
|
|
If you want to use a different user and/or group under which to run
|
|
|
|
ntop, you can pass alternate values to the NTOPUSER and NTOPGROUP variables
|
|
|
|
when running the build script.
|
|
|
|
|
2010-08-30 12:59:18 +02:00
|
|
|
1) Start & Stop scripts for ntop
|
2010-05-13 00:37:40 +02:00
|
|
|
--------------------------------
|
|
|
|
|
2010-08-30 12:59:18 +02:00
|
|
|
1.1) Automatic startup and shutdown
|
2010-05-13 00:37:40 +02:00
|
|
|
|
|
|
|
If you want to start ntop on system bootup, include these lines in your
|
|
|
|
/etc/rc.d/rc.local:
|
|
|
|
|
|
|
|
# Start ntop
|
|
|
|
if [ -x /etc/rc.d/rc.ntop ]; then
|
|
|
|
echo "Starting ntop..."
|
|
|
|
/etc/rc.d/rc.ntop start
|
|
|
|
fi
|
|
|
|
|
|
|
|
To guarantee a clean shutdown of ntop, include this in
|
|
|
|
/etc/rc.d/rc.local_shutdown:
|
|
|
|
|
|
|
|
# Stop ntop
|
|
|
|
if [ -x /etc/rc.d/rc.ntop ]; then
|
|
|
|
echo "Stopping ntop..."
|
|
|
|
/etc/rc.d/rc.ntop stop
|
|
|
|
fi
|
|
|
|
|
2010-08-30 12:59:18 +02:00
|
|
|
1.2) Make /etc/rc.d/rc.ntop executable
|
2010-05-13 00:37:40 +02:00
|
|
|
|
|
|
|
Additionally, you'll have to set the rc script to be executable just like
|
|
|
|
any other Slackware rc script:
|
|
|
|
|
|
|
|
# chmod +x /etc/rc.d/rc.ntop
|
|
|
|
|
2010-08-30 12:59:18 +02:00
|
|
|
2) Set the administrator password
|
2010-05-13 00:37:40 +02:00
|
|
|
---------------------------------
|
|
|
|
|
|
|
|
When ntop is installed at the first time, you MUST set the administration
|
|
|
|
password for ntop (user 'admin'). You do that by running ntop with the
|
|
|
|
option -A (or --set-admin-password) as root:
|
|
|
|
# /usr/bin/ntop -P <ntop_homedirectory> -u <ntopuser> -A
|
|
|
|
For example:
|
|
|
|
|
|
|
|
# /usr/bin/ntop -P /var/lib/ntop -u ntop -A
|
|
|
|
|
|
|
|
It will prompt you for the password and then exit.
|
|
|
|
|
2010-08-30 12:59:18 +02:00
|
|
|
3) Starting ntop
|
2010-05-13 00:37:40 +02:00
|
|
|
----------------
|
|
|
|
|
|
|
|
Now you are ready to start ntop by calling the startup script:
|
|
|
|
|
|
|
|
# /etc/rc.d/rc.ntop start
|
|
|
|
|
|
|
|
Once ntop has started and configured correctly, you should be able to look
|
|
|
|
at all the data it's collected by pointing your browser at:
|
|
|
|
|
|
|
|
http://(ip-of-your-ntop-server):3000/
|
|
|
|
|
|
|
|
Browse through the configuration menu (Admin / Configure / Startup options)
|
|
|
|
to set the interfaces you want to capture and many more parameters.
|
|
|
|
|
|
|
|
Fore more documentation on ntop, check:
|
|
|
|
- http://www.ntop.org/documentation.html
|
|
|
|
- http://www.ntop.org/needHelp.html
|
|
|
|
|
|
|
|
There are also some mailing lists you can subscribe to, that can be found on
|
|
|
|
the pages mentioned above.
|
|
|
|
|
2010-08-30 12:59:18 +02:00
|
|
|
4) Keeping your ntop tables up-to-date
|
2010-05-13 00:37:40 +02:00
|
|
|
--------------------------------------
|
|
|
|
|
2010-08-30 12:59:18 +02:00
|
|
|
Now that your ntop server is running, you might want to keep some of the
|
|
|
|
tables that are installed updated automatically.
|
2010-05-13 00:37:40 +02:00
|
|
|
|
|
|
|
I do this with a few simple shell scripts I copy to the /etc/cron.xxxx/
|
|
|
|
directories, where xxxx stands for:
|
|
|
|
|
|
|
|
- hourly
|
|
|
|
- daily
|
|
|
|
- weekly
|
|
|
|
- monthly
|
|
|
|
|
|
|
|
So saving a script in /etc/cron.weekly/ means it will be run every week.
|
|
|
|
Saving it in /etc/cron/monthly/ means it will run once a month, etc.
|
|
|
|
|
|
|
|
My suggestions are:
|
|
|
|
- save ntop_update_geoip in /etc/cron.weekly
|
|
|
|
- save ntop_update_oui in /etc/cron.daily
|
|
|
|
|
|
|
|
Don't forget to make the script executable.
|
|
|
|
|
2010-08-30 12:59:18 +02:00
|
|
|
The following scripts are examples for the GeoIP and OUI tables, feel free
|
|
|
|
to adapt them to your reality.
|
|
|
|
|
|
|
|
The "OS Fingerprint" table has not changed for over five years, so I did not
|
|
|
|
create a script for it.
|
|
|
|
It you want, you can check for updates at:
|
|
|
|
http://ettercap.cvs.sourceforge.net/ettercap/ettercap_ng/share/etter.finger.os?rev=HEAD
|
2010-05-13 00:37:40 +02:00
|
|
|
|
|
|
|
=============================================================================
|
|
|
|
*********************
|
|
|
|
* ntop_update_geoip * - Suggestion: save in /etc/cron.weekly
|
|
|
|
*********************
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
# ntop_update_geoip: update GeoIP tables
|
|
|
|
|
|
|
|
UPDATE_DIR="/etc/ntop"
|
|
|
|
UPDATE_LOG="/var/log/ntop_update.log"
|
|
|
|
UPDATE_OUT="wget.out"
|
|
|
|
UPDATES="\
|
|
|
|
http://geolite.maxmind.com/download/geoip/database/,GeoLiteCity.dat \
|
|
|
|
http://geolite.maxmind.com/download/geoip/database/asnum/,GeoIPASNum.dat"
|
|
|
|
|
|
|
|
cd $UPDATE_DIR
|
|
|
|
|
|
|
|
for update in $UPDATES; do
|
|
|
|
update_url=`echo $update | awk -F , {'print $1'}`
|
|
|
|
update_file=`echo $update | awk -F , {'print $2'}`
|
|
|
|
|
|
|
|
wget -o $UPDATE_OUT -N ${update_url}${update_file}.gz
|
|
|
|
WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
|
|
|
|
if [ $WGET_TEST -eq "0" ]; then
|
|
|
|
tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
|
|
|
|
gunzip -c ${update_file}.gz > ${update_file}
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
rm $UPDATE_OUT
|
|
|
|
=============================================================================
|
|
|
|
*******************
|
|
|
|
* ntop_update_oui * - Suggestion: save in /etc/cron.daily
|
|
|
|
*******************
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
# ntop_update_oui: update OUI table
|
|
|
|
|
|
|
|
UPDATE_DIR="/etc/ntop"
|
|
|
|
UPDATE_LOG="/var/log/ntop_update.log"
|
|
|
|
UPDATE_OUT="wget.out"
|
|
|
|
UPDATES="\
|
|
|
|
http://standards.ieee.org/regauth/oui/,oui.txt"
|
|
|
|
|
|
|
|
cd $UPDATE_DIR
|
|
|
|
|
|
|
|
for update in $UPDATES; do
|
|
|
|
update_url=`echo $update | awk -F , {'print $1'}`
|
|
|
|
update_file=`echo $update | awk -F , {'print $2'}`
|
|
|
|
|
|
|
|
wget -o $UPDATE_OUT -N ${update_url}${update_file}
|
|
|
|
WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
|
|
|
|
if [ $WGET_TEST -eq "0" ]; then
|
|
|
|
tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
|
|
|
|
gzip -c ${update_file} > ${update_file}.gz
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
rm $UPDATE_OUT
|
|
|
|
=============================================================================
|
|
|
|
|
|
|
|
(Note that there are some subtle differences between the scripts, so beware
|
|
|
|
when copying)
|
|
|
|
|