mirror of
https://github.com/Ponce/slackbuilds
synced 2024-12-01 01:00:03 +01:00
239 lines
7.5 KiB
Text
239 lines
7.5 KiB
Text
|
README.Slackware
|
||
|
================
|
||
|
|
||
|
This file contains some specific instructions to complete the
|
||
|
installation of ntop on Slackware.
|
||
|
|
||
|
0) Before running the SlackBuild script
|
||
|
---------------------------------------
|
||
|
|
||
|
0.1) ntop group & user
|
||
|
|
||
|
Before running the ntop.SlackBuild script, you will need to create
|
||
|
the 'ntop' user and group. The script won't run if these do not
|
||
|
exist.
|
||
|
|
||
|
The suggested UID and GID is 212, but you can change this as needed:
|
||
|
|
||
|
# groupadd -g 212 ntop
|
||
|
# useradd -u 212 -g ntop -d /var/lib/ntop -s /bin/false ntop
|
||
|
|
||
|
If you want to use a different user and/or group under which to run
|
||
|
ntop, you can pass alternate values to the NTOPUSER and NTOPGROUP variables
|
||
|
when running the build script.
|
||
|
|
||
|
1) Download extra databases
|
||
|
---------------------------
|
||
|
|
||
|
After building & installing the ntop package, you might want to
|
||
|
follow these extra steps:
|
||
|
|
||
|
1.1) GeoIP tables
|
||
|
|
||
|
To identify the location of the external hosts your netwerk connects
|
||
|
to, ntop uses GeoIP. You will need to download the latest tables to
|
||
|
your ntop server and store them in /etc/ntop:
|
||
|
|
||
|
# cd /etc/ntop
|
||
|
# wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
|
||
|
# gunzip -c GeoLiteCity.dat.gz > GeoLiteCity.dat
|
||
|
# wget http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
|
||
|
# gunzip -c GeoIPASNum.dat.gz > GeoIPASNum.dat
|
||
|
|
||
|
Both files are updated regularly (about once a month). There are some
|
||
|
suggestions below on how to keep your ntop server up-to-date.
|
||
|
|
||
|
1.2) OS fingerprint database
|
||
|
|
||
|
ntop tries to identify the Operating System from the captures packages by
|
||
|
searching for a "fingerprint". It uses a table that needs to be downloaded
|
||
|
from the ettercap project on SourceForge:
|
||
|
|
||
|
# cd /etc/ntop
|
||
|
# wget -O etter.finger.os http://ettercap.cvs.sourceforge.net/ettercap/ettercap_ng/share/etter.finger.os?rev=HEAD
|
||
|
|
||
|
This file hasn't been updated since 2005, so it doesn't identify the more
|
||
|
modern OSs (Slackware 13.0 is identified as "Debian Linux" :-/ ) but it still
|
||
|
might be helpful.
|
||
|
|
||
|
1.3) OUI database
|
||
|
|
||
|
All MAC addresses contain a "Organizationally Unique Identifier" (OUI) to
|
||
|
identify the manufacturer. These OUIs are assigned by the IEEE Standards
|
||
|
Association. A table is included with ntop, but new OUIs are assigned almost
|
||
|
every day, so you might want to update the file now, before starting ntop:
|
||
|
|
||
|
# cd /etc/ntop
|
||
|
# wget http://standards.ieee.org/regauth/oui/oui.txt
|
||
|
# gzip -c oui.txt > oui.txt.gz
|
||
|
|
||
|
Since this file changes frequently, check the suggestions later in this file
|
||
|
on how to keep your ntop server up-to-date.
|
||
|
|
||
|
2) Start & Stop scripts for ntop
|
||
|
--------------------------------
|
||
|
|
||
|
2.1) Automatic startup and shutdown
|
||
|
|
||
|
If you want to start ntop on system bootup, include these lines in your
|
||
|
/etc/rc.d/rc.local:
|
||
|
|
||
|
# Start ntop
|
||
|
if [ -x /etc/rc.d/rc.ntop ]; then
|
||
|
echo "Starting ntop..."
|
||
|
/etc/rc.d/rc.ntop start
|
||
|
fi
|
||
|
|
||
|
To guarantee a clean shutdown of ntop, include this in
|
||
|
/etc/rc.d/rc.local_shutdown:
|
||
|
|
||
|
# Stop ntop
|
||
|
if [ -x /etc/rc.d/rc.ntop ]; then
|
||
|
echo "Stopping ntop..."
|
||
|
/etc/rc.d/rc.ntop stop
|
||
|
fi
|
||
|
|
||
|
2.2) Make /etc/rc.d/rc.ntop executable
|
||
|
|
||
|
Additionally, you'll have to set the rc script to be executable just like
|
||
|
any other Slackware rc script:
|
||
|
|
||
|
# chmod +x /etc/rc.d/rc.ntop
|
||
|
|
||
|
3) Set the administrator password
|
||
|
---------------------------------
|
||
|
|
||
|
When ntop is installed at the first time, you MUST set the administration
|
||
|
password for ntop (user 'admin'). You do that by running ntop with the
|
||
|
option -A (or --set-admin-password) as root:
|
||
|
# /usr/bin/ntop -P <ntop_homedirectory> -u <ntopuser> -A
|
||
|
For example:
|
||
|
|
||
|
# /usr/bin/ntop -P /var/lib/ntop -u ntop -A
|
||
|
|
||
|
It will prompt you for the password and then exit.
|
||
|
|
||
|
4) Starting ntop
|
||
|
----------------
|
||
|
|
||
|
Now you are ready to start ntop by calling the startup script:
|
||
|
|
||
|
# /etc/rc.d/rc.ntop start
|
||
|
|
||
|
Once ntop has started and configured correctly, you should be able to look
|
||
|
at all the data it's collected by pointing your browser at:
|
||
|
|
||
|
http://(ip-of-your-ntop-server):3000/
|
||
|
|
||
|
Browse through the configuration menu (Admin / Configure / Startup options)
|
||
|
to set the interfaces you want to capture and many more parameters.
|
||
|
|
||
|
Fore more documentation on ntop, check:
|
||
|
- http://www.ntop.org/documentation.html
|
||
|
- http://www.ntop.org/needHelp.html
|
||
|
|
||
|
There are also some mailing lists you can subscribe to, that can be found on
|
||
|
the pages mentioned above.
|
||
|
|
||
|
*** NOTE ***
|
||
|
* There have been some reports about ntop crashing (segfault) after any
|
||
|
* period between a couple of minutes to several hours.
|
||
|
* If this happens on your system, try disabling DNS resolution either from
|
||
|
* the menu (admin/configure/startup options/IP Prefs) or changing the rc.ntop
|
||
|
* file, adding the "-n" option to the line that starts ntop:
|
||
|
* /usr/bin/ntop --w3c -u $NTOPUID -n -d >> $NTOPLOG 2>&1
|
||
|
* ^^
|
||
|
*** end ***
|
||
|
|
||
|
5) Keeping your ntop tables up-to-date
|
||
|
--------------------------------------
|
||
|
|
||
|
Now that your ntop server is running, you might want to keep the tables we
|
||
|
installed earlier updated automatically.
|
||
|
|
||
|
I do this with a few simple shell scripts I copy to the /etc/cron.xxxx/
|
||
|
directories, where xxxx stands for:
|
||
|
|
||
|
- hourly
|
||
|
- daily
|
||
|
- weekly
|
||
|
- monthly
|
||
|
|
||
|
So saving a script in /etc/cron.weekly/ means it will be run every week.
|
||
|
Saving it in /etc/cron/monthly/ means it will run once a month, etc.
|
||
|
|
||
|
My suggestions are:
|
||
|
- save ntop_update_geoip in /etc/cron.weekly
|
||
|
- save ntop_update_oui in /etc/cron.daily
|
||
|
|
||
|
Don't forget to make the script executable.
|
||
|
|
||
|
The following scripts are examples, feel free to adapt them to your reality:
|
||
|
|
||
|
=============================================================================
|
||
|
*********************
|
||
|
* ntop_update_geoip * - Suggestion: save in /etc/cron.weekly
|
||
|
*********************
|
||
|
-----------------------------------------------------------------------------
|
||
|
#!/bin/sh
|
||
|
#
|
||
|
# ntop_update_geoip: update GeoIP tables
|
||
|
|
||
|
UPDATE_DIR="/etc/ntop"
|
||
|
UPDATE_LOG="/var/log/ntop_update.log"
|
||
|
UPDATE_OUT="wget.out"
|
||
|
UPDATES="\
|
||
|
http://geolite.maxmind.com/download/geoip/database/,GeoLiteCity.dat \
|
||
|
http://geolite.maxmind.com/download/geoip/database/asnum/,GeoIPASNum.dat"
|
||
|
|
||
|
cd $UPDATE_DIR
|
||
|
|
||
|
for update in $UPDATES; do
|
||
|
update_url=`echo $update | awk -F , {'print $1'}`
|
||
|
update_file=`echo $update | awk -F , {'print $2'}`
|
||
|
|
||
|
wget -o $UPDATE_OUT -N ${update_url}${update_file}.gz
|
||
|
WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
|
||
|
if [ $WGET_TEST -eq "0" ]; then
|
||
|
tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
|
||
|
gunzip -c ${update_file}.gz > ${update_file}
|
||
|
fi
|
||
|
done
|
||
|
|
||
|
rm $UPDATE_OUT
|
||
|
=============================================================================
|
||
|
*******************
|
||
|
* ntop_update_oui * - Suggestion: save in /etc/cron.daily
|
||
|
*******************
|
||
|
-----------------------------------------------------------------------------
|
||
|
#!/bin/sh
|
||
|
#
|
||
|
# ntop_update_oui: update OUI table
|
||
|
|
||
|
UPDATE_DIR="/etc/ntop"
|
||
|
UPDATE_LOG="/var/log/ntop_update.log"
|
||
|
UPDATE_OUT="wget.out"
|
||
|
UPDATES="\
|
||
|
http://standards.ieee.org/regauth/oui/,oui.txt"
|
||
|
|
||
|
cd $UPDATE_DIR
|
||
|
|
||
|
for update in $UPDATES; do
|
||
|
update_url=`echo $update | awk -F , {'print $1'}`
|
||
|
update_file=`echo $update | awk -F , {'print $2'}`
|
||
|
|
||
|
wget -o $UPDATE_OUT -N ${update_url}${update_file}
|
||
|
WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
|
||
|
if [ $WGET_TEST -eq "0" ]; then
|
||
|
tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
|
||
|
gzip -c ${update_file} > ${update_file}.gz
|
||
|
fi
|
||
|
done
|
||
|
|
||
|
rm $UPDATE_OUT
|
||
|
=============================================================================
|
||
|
|
||
|
(Note that there are some subtle differences between the scripts, so beware
|
||
|
when copying)
|
||
|
|