network/ntop: Updated for version 3.3.10

This commit is contained in:
Niels Horn 2010-05-13 00:37:40 +02:00 committed by Robby Workman
parent 608dafae2e
commit 8e76bfd2c8
7 changed files with 398 additions and 72 deletions

View file

@ -7,51 +7,20 @@ It sports a NetFlow/sFlow emitter/collector, an HTTP-based client
interface for creating ntop-centric monitoring applications, and
RRD for persistently storing traffic statistics.
ntop requires rrdtool, which is also available at Slackbuilds.org.
This requires libevent, rrdtool, lua, and GeoIP.
ntop needs to run under its own user/group. This has been assigned to
the following by SlackBuilds.org, but feel free to change it on your
system for consistency with local assignments.
User: ntop UID: 212 GID: 212
group: ntop GID: 212
If you want to change that, you'll need to change the script and
the rc.ntop to reflect your changes.
You can change pass alternate values for the user and group using
NTOPUSER and NTOPGROUP variables when running the build script.
Logs are placed in /var/log/ntop/ and will be rotated every week. The
log rotation will restart the ntop server which will reset the ntop
statistics. If you want to keep the statistics you have to edit or delete
the /etc/logrotate.d/ntop file.
If you want to start ntop on system bootup:
/etc/rc.d/rc.local
==================
# Startup ntop
if [ -x /etc/rc.d/rc.ntop ]; then
/etc/rc.d/rc.ntop start
fi
/etc/rc.d/rc.local_shutdown
===========================
# Stop ntop
if [ -x /etc/rc.d/rc.ntop ]; then
/etc/rc.d/rc.ntop stop
fi
Additionally, you'll have to set the rc script to be executable just
like any other Slackware rc script.
# chmod +x /etc/rc.d/rc.ntop
When ntop is installed at the first time, you MUST set the
administration password for ntop (user 'admin'). You do that
by running ntop with the option -A (or --set-admin-password) as root.
# /usr/bin/ntop -P <ntop_homedirectory> -u <ntopuser> -A
For example:
# /usr/bin/ntop -P /var/lib/ntop -u ntop -A
It will prompt you for the password and then exit.
Running ntop:
Once ntop has started and configured correctly, you should be able to look
at all the data it's collected by pointing your browser at:
http://localhost:3000/
For some important post-build and basic configuration instructions,
see the included 'README.SLACKWARE' file.

View file

@ -0,0 +1,238 @@
README.Slackware
================
This file contains some specific instructions to complete the
installation of ntop on Slackware.
0) Before running the SlackBuild script
---------------------------------------
0.1) ntop group & user
Before running the ntop.SlackBuild script, you will need to create
the 'ntop' user and group. The script won't run if these do not
exist.
The suggested UID and GID is 212, but you can change this as needed:
# groupadd -g 212 ntop
# useradd -u 212 -g ntop -d /var/lib/ntop -s /bin/false ntop
If you want to use a different user and/or group under which to run
ntop, you can pass alternate values to the NTOPUSER and NTOPGROUP variables
when running the build script.
1) Download extra databases
---------------------------
After building & installing the ntop package, you might want to
follow these extra steps:
1.1) GeoIP tables
To identify the location of the external hosts your netwerk connects
to, ntop uses GeoIP. You will need to download the latest tables to
your ntop server and store them in /etc/ntop:
# cd /etc/ntop
# wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
# gunzip -c GeoLiteCity.dat.gz > GeoLiteCity.dat
# wget http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
# gunzip -c GeoIPASNum.dat.gz > GeoIPASNum.dat
Both files are updated regularly (about once a month). There are some
suggestions below on how to keep your ntop server up-to-date.
1.2) OS fingerprint database
ntop tries to identify the Operating System from the captures packages by
searching for a "fingerprint". It uses a table that needs to be downloaded
from the ettercap project on SourceForge:
# cd /etc/ntop
# wget -O etter.finger.os http://ettercap.cvs.sourceforge.net/ettercap/ettercap_ng/share/etter.finger.os?rev=HEAD
This file hasn't been updated since 2005, so it doesn't identify the more
modern OSs (Slackware 13.0 is identified as "Debian Linux" :-/ ) but it still
might be helpful.
1.3) OUI database
All MAC addresses contain a "Organizationally Unique Identifier" (OUI) to
identify the manufacturer. These OUIs are assigned by the IEEE Standards
Association. A table is included with ntop, but new OUIs are assigned almost
every day, so you might want to update the file now, before starting ntop:
# cd /etc/ntop
# wget http://standards.ieee.org/regauth/oui/oui.txt
# gzip -c oui.txt > oui.txt.gz
Since this file changes frequently, check the suggestions later in this file
on how to keep your ntop server up-to-date.
2) Start & Stop scripts for ntop
--------------------------------
2.1) Automatic startup and shutdown
If you want to start ntop on system bootup, include these lines in your
/etc/rc.d/rc.local:
# Start ntop
if [ -x /etc/rc.d/rc.ntop ]; then
echo "Starting ntop..."
/etc/rc.d/rc.ntop start
fi
To guarantee a clean shutdown of ntop, include this in
/etc/rc.d/rc.local_shutdown:
# Stop ntop
if [ -x /etc/rc.d/rc.ntop ]; then
echo "Stopping ntop..."
/etc/rc.d/rc.ntop stop
fi
2.2) Make /etc/rc.d/rc.ntop executable
Additionally, you'll have to set the rc script to be executable just like
any other Slackware rc script:
# chmod +x /etc/rc.d/rc.ntop
3) Set the administrator password
---------------------------------
When ntop is installed at the first time, you MUST set the administration
password for ntop (user 'admin'). You do that by running ntop with the
option -A (or --set-admin-password) as root:
# /usr/bin/ntop -P <ntop_homedirectory> -u <ntopuser> -A
For example:
# /usr/bin/ntop -P /var/lib/ntop -u ntop -A
It will prompt you for the password and then exit.
4) Starting ntop
----------------
Now you are ready to start ntop by calling the startup script:
# /etc/rc.d/rc.ntop start
Once ntop has started and configured correctly, you should be able to look
at all the data it's collected by pointing your browser at:
http://(ip-of-your-ntop-server):3000/
Browse through the configuration menu (Admin / Configure / Startup options)
to set the interfaces you want to capture and many more parameters.
Fore more documentation on ntop, check:
- http://www.ntop.org/documentation.html
- http://www.ntop.org/needHelp.html
There are also some mailing lists you can subscribe to, that can be found on
the pages mentioned above.
*** NOTE ***
* There have been some reports about ntop crashing (segfault) after any
* period between a couple of minutes to several hours.
* If this happens on your system, try disabling DNS resolution either from
* the menu (admin/configure/startup options/IP Prefs) or changing the rc.ntop
* file, adding the "-n" option to the line that starts ntop:
* /usr/bin/ntop --w3c -u $NTOPUID -n -d >> $NTOPLOG 2>&1
* ^^
*** end ***
5) Keeping your ntop tables up-to-date
--------------------------------------
Now that your ntop server is running, you might want to keep the tables we
installed earlier updated automatically.
I do this with a few simple shell scripts I copy to the /etc/cron.xxxx/
directories, where xxxx stands for:
- hourly
- daily
- weekly
- monthly
So saving a script in /etc/cron.weekly/ means it will be run every week.
Saving it in /etc/cron/monthly/ means it will run once a month, etc.
My suggestions are:
- save ntop_update_geoip in /etc/cron.weekly
- save ntop_update_oui in /etc/cron.daily
Don't forget to make the script executable.
The following scripts are examples, feel free to adapt them to your reality:
=============================================================================
*********************
* ntop_update_geoip * - Suggestion: save in /etc/cron.weekly
*********************
-----------------------------------------------------------------------------
#!/bin/sh
#
# ntop_update_geoip: update GeoIP tables
UPDATE_DIR="/etc/ntop"
UPDATE_LOG="/var/log/ntop_update.log"
UPDATE_OUT="wget.out"
UPDATES="\
http://geolite.maxmind.com/download/geoip/database/,GeoLiteCity.dat \
http://geolite.maxmind.com/download/geoip/database/asnum/,GeoIPASNum.dat"
cd $UPDATE_DIR
for update in $UPDATES; do
update_url=`echo $update | awk -F , {'print $1'}`
update_file=`echo $update | awk -F , {'print $2'}`
wget -o $UPDATE_OUT -N ${update_url}${update_file}.gz
WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
if [ $WGET_TEST -eq "0" ]; then
tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
gunzip -c ${update_file}.gz > ${update_file}
fi
done
rm $UPDATE_OUT
=============================================================================
*******************
* ntop_update_oui * - Suggestion: save in /etc/cron.daily
*******************
-----------------------------------------------------------------------------
#!/bin/sh
#
# ntop_update_oui: update OUI table
UPDATE_DIR="/etc/ntop"
UPDATE_LOG="/var/log/ntop_update.log"
UPDATE_OUT="wget.out"
UPDATES="\
http://standards.ieee.org/regauth/oui/,oui.txt"
cd $UPDATE_DIR
for update in $UPDATES; do
update_url=`echo $update | awk -F , {'print $1'}`
update_file=`echo $update | awk -F , {'print $2'}`
wget -o $UPDATE_OUT -N ${update_url}${update_file}
WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
if [ $WGET_TEST -eq "0" ]; then
tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
gzip -c ${update_file} > ${update_file}.gz
fi
done
rm $UPDATE_OUT
=============================================================================
(Note that there are some subtle differences between the scripts, so beware
when copying)

View file

@ -0,0 +1,98 @@
--- ntop-3.3.10.orig/configure.in 2009-11-27 23:36:09.000000000 -0200
+++ ntop-3.3.10/configure.in 2009-11-28 10:16:33.000000000 -0200
@@ -1652,21 +1652,12 @@
dnl>
dnl> Lua - http://www.lua.org
dnl>
-LUA_VERSION=lua-5.1.4
-if test -f "$LUA_VERSION.tar.gz"; then
- echo "Lua already present on this machine"
-else
- wget http://www.lua.org/ftp/$LUA_VERSION.tar.gz
+LUA_TEST=$(which lua > /dev/null 2> /dev/null ; echo $?)
+if test $LUA_TEST -ne 0 ; then
+ echo "*** Lua not installed ***"
+ exit 1
fi
-
-tar xvfz $LUA_VERSION.tar.gz
-cat $LUA_VERSION/src/Makefile | sed -e s,'MYCFLAGS=-DLUA_USE_POSIX',' MYCFLAGS="-fPIC -DLUA_USE_POSIX"',g > /tmp/lua.temp
-cat /tmp/lua.temp > $LUA_VERSION/src/Makefile
-#rm -f /tmp/lua.temp
-cd $LUA_VERSION; make posix; cd ..
-
-LUA_LIB_DIR=$PWD/$LUA_VERSION"/src"
-LIBS="-L${LUA_LIB_DIR} -llua ${LIBS} "
+LIBS="-llua ${LIBS} "
INCS="${INCS} -I${LUA_LIB_DIR}"
AC_DEFINE_UNQUOTED(HAVE_LUA, 1, [LUA is supported])
@@ -1963,39 +1954,13 @@
fi
dnl> GeoIP (http://www.maxmind.com/)
-if test -f "GeoIP.tar.gz"; then
- echo "GeoIP already present on this machine"
-else
- wget http://www.maxmind.com/download/geoip/api/c/GeoIP.tar.gz
-fi
-tar xvfz GeoIP.tar.gz
-GEO_DIR=`find $PWD -type d -name "GeoIP-*"`
-cd $GEO_DIR; ./configure --prefix=${prefix}; make; cd ..
-# OSX Fix
-GEO_DYLIB="$GEO_DIR/libGeoIP/.libs/libGeoIP.dylib"
-if test -f $GEO_DYLIB; then
- ln -s $GEO_DYLIB .
-fi
-
-if test -f "GeoLiteCity.dat"; then
- echo "GeoLiteCity.dat already present"
-else
- wget http://www.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
- gunzip GeoLiteCity.dat.gz
-fi
-
-if test -f "GeoIPASNum.dat"; then
- echo "GeoIPASNum.dat already present"
-else
- wget http://www.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
- gunzip GeoIPASNum.dat.gz
+GEOIP_TEST=$(ldconfig -p | grep libGeoIP.so > /dev/null 2> /dev/null ; echo $?)
+if test $GEOIP_TEST -ne 0 ; then
+ echo "*** GeoIP not installed ***"
+ exit 1
fi
-
-GEO_DIR=`find $PWD -type d -name "GeoIP-*"`
-GEO_IP="$GEO_DIR/libGeoIP/"
-CFLAGS="$CFLAGS -I$GEO_IP"
-LDFLAGS="-L$GEO_IP.libs/ -lGeoIP $LDFLAGS"
+LDFLAGS="-lGeoIP $LDFLAGS"
dnl> NTOPCONFIGDEBUG_SETTINGS([precet])
--- ntop-3.3.10.orig/Makefile.am 2009-11-28 12:08:37.000000000 -0200
+++ ntop-3.3.10/Makefile.am 2009-11-28 14:20:56.000000000 -0200
@@ -74,11 +74,8 @@
ETTER_PASSIVE_DOWNLOAD_PARMS = "rev=HEAD"
NTOPDATA = ntop-cert.pem \
- $(ETTER_PASSIVE) \
oui.txt.gz \
- specialMAC.txt.gz \
- GeoIPASNum.dat \
- GeoLiteCity.dat
+ specialMAC.txt.gz
NTOPHTML = html html/*.js html/*.html html/*.gif html/*.jpg html/*.ico html/*.png \
html/*.css html/*.dtd \
@@ -270,8 +267,6 @@
install: install-recursive
- cd @GEO_DIR@; make install
-
@mkdir -p $(DESTDIR)/$(CFG_DBFILE_DIR)
@echo ""

View file

@ -22,51 +22,66 @@
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Copyright 2009 (ntop version >= 3.3.10) Niels Horn <niels.horn@gmail.com>
PRGNAM=ntop
VERSION=3.3.8
VERSION=3.3.10
ARCH=${ARCH:-i486}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
NTOPUSER=${NTOPUSER:-ntop}
NTOPGROUP=${NTOPGROUP:-ntop}
CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}
set -e
# Bail out if user or group isn't valid on your system
# For slackbuilds.org, assigned ntop uid/gid are 212/212
# See http://slackbuilds.org/uid_gid.txt
if ! grep ^ntop: /etc/group 2>&1 > /dev/null; then
echo " You must have a \"ntop\" group to run this script."
echo " # groupadd -g 212 ntop"
if ! grep ^$NTOPGROUP: /etc/group 2>&1 > /dev/null; then
echo " You must have a \"$NTOPGROUP\" group to run this script."
echo " # groupadd -g 212 $NTOPGROUP"
exit 1
elif ! grep ^ntop: /etc/passwd 2>&1 > /dev/null; then
echo " You must have a \"ntop\" user to run this script."
echo " # useradd -u 212 -g ntop -d /var/lib/ntop -s /bin/false ntop"
elif ! grep ^$NTOPUSER: /etc/passwd 2>&1 > /dev/null; then
echo " You must have a \"$NTOPUSER\" user to run this script."
echo " # useradd -u 212 -g $NTOPGROUP -d /var/lib/ntop -s /bin/false $NTOPUSER"
exit 1
fi
if [ "$ARCH" = "i486" ]; then
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
fi
set -e
rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $PRGNAM-$VERSION
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
cd $PRGNAM-$VERSION
#chown -R root:root .
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \; -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;
# The ntop configure / make routine automatically downloads & installs
# lua and GeoIP (even when already present on your machine), so we'll
# patch this to just warn & exit if the packages are not found.
patch -p1 < $CWD/no_downloads.patch
# Since ntop calls their ./configure from autogen.sh anything passed onto
# autogen.sh (ie $@) is passed off as command line arguments to configure.
CFLAGS="$SLKCFLAGS" \
@ -77,19 +92,20 @@ CXXFLAGS="$SLKCFLAGS" \
--localstatedir=/var/lib \
--mandir=/usr/man \
--docdir=/usr/doc/$PRGNAM-$VERSION \
--libdir=/usr/lib${LIBDIRSUFFIX} \
--with-tcpwrap \
--enable-sslv3 \
--enable-sslwatchdog \
--enable-snmp \
--enable-i18n \
--build=$ARCH-slackware-linux
make
make install DESTDIR=$PKG
( cd $PKG
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | \
xargs strip --strip-unneeded 2> /dev/null || true
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | \
xargs strip --strip-unneeded 2> /dev/null || true
)
( cd $PKG/usr/man
@ -97,12 +113,21 @@ make install DESTDIR=$PKG
for i in $(find . -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done
)
# Bug in ntop source:: http://tinyurl.com/2wf7ou . This should at somepoint
# Bug in ntop source:: http://tinyurl.com/2wf7ou . This should at some point
# be dealt with upstream. For now fix this in $PKG :)
if [ -d $PKG/usr/lib/plugins ]; then
rmdir -v $PKG/usr/lib/plugins
if [ -d $PKG/usr/lib${LIBDIRSUFFIX}/plugins ]; then
rmdir -v $PKG/usr/lib${LIBDIRSUFFIX}/plugins
fi
mkdir -p $PKG/etc/logrotate.d $PKG/etc/rc.d
install -m 0644 $CWD/$PRGNAM.logrotate $PKG/etc/logrotate.d/$PRGNAM.new
sed -e "s%@NTOPUSER@%$NTOPUSER%" -e "s%@NTOPGROUP@%$NTOPGROUP%" \
$CWD/rc.ntop > $PKG/etc/rc.d/rc.ntop.new
chmod 0755 $PKG/etc/rc.d/rc.ntop.new
# Change the permissions on ntops homedir so we can write logs
chown -R $NTOPUSER:$NTOPGROUP $PKG/var/lib/$PRGNAM
# Copy *all* documentation over (docs/ is not included in make install for
# some arkane reason. Rename some docs to prevent them copying over each other.
for FILE in {README,INSTALL}; do mv docs/$FILE docs/$FILE.docs ; done
@ -111,17 +136,11 @@ cp -a AUTHORS CONTENTS COPYING ChangeLog INSTALL MANIFESTO NEWS PORTING \
README SUPPORT_NTOP.txt THANKS ntop.html ntop.txt docs/* NetFlow www \
$PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
mkdir -p $PKG/etc/logrotate.d $PKG/etc/rc.d
install -m 0644 $CWD/$PRGNAM.logrotate $PKG/etc/logrotate.d/$PRGNAM.new
install -m 0755 $CWD/rc.$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM.new
# Change the permissions on ntops homedir so we can write logs
chown -R ntop:ntop $PKG/var/lib/$PRGNAM
cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh
cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}

View file

@ -1,8 +1,10 @@
PRGNAM="ntop"
VERSION="3.3.8"
VERSION="3.3.10"
HOMEPAGE="http://www.ntop.org"
DOWNLOAD="http://downloads.sourceforge.net/ntop/ntop-3.3.8.tar.gz"
MD5SUM="19c6a582c285ffae18bf0c3b599d184e"
MAINTAINER="Michiel van Wessem"
EMAIL="michiel@slackbuilds.org"
APPROVED="David Somero"
DOWNLOAD="http://downloads.sourceforge.net/ntop/ntop-3.3.10.tar.gz"
MD5SUM="6e2ffa90d5f935c8f03d88a5dd19a866"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
MAINTAINER="Niels Horn"
EMAIL="niels.horn@gmail.com"
APPROVED="rworkman"

View file

@ -7,8 +7,8 @@
# time and the various cleanups in the script and the start|stop|restart
# functions.
NTOPUID=ntop
NTOPGID=ntop
NTOPUID=@NTOPUSER@
NTOPGID=@NTOPGROUP@
NTOPLOG=/var/log/ntop
DATE=$(date +%a\ %b\ %d\ %T\ %Y)
RETVAL=0
@ -31,7 +31,7 @@ ntop_start() {
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
touch /var/lock/subsys/ntop
touch /var/lock/ntop
sleep 2
echo "Done"
else
@ -66,7 +66,7 @@ ntop_stop() {
echo "Done"
fi
fi
rm -f /var/lock/subsys/ntop
rm -f /var/lock/ntop
fi
return $RETVAL
}

View file

@ -12,7 +12,7 @@ ntop: ntop is a network probe that shows network usage in a way similar to
ntop: what top does for processes. In interactive mode, it displays the
ntop: network status on the user's terminal. In Web mode, it acts as a Web
ntop: server, creating an HTML dump of the network status.
ntop:
ntop:
ntop: It sports a NetFlow/sFlow emitter/collector, an HTTP-based client
ntop: interface for creating ntop-centric monitoring applications, and
ntop: RRD for persistently storing traffic statistics.