Intergrated test scripts with automake

[gnucomo.git] / TUTORIAL

$Id: TUTORIAL,v 1.3 2003-08-17 11:40:52 arjen Exp $

        Tutorial for GnuCoMo


        What is GnuCoMo

The aim of the GnuCoMo (GNU COmputer MOnitoring) project is to build a
set of applications that will help administrators to monitor networks as
a whole for errors, attacks and security-breaches in a very user-friendly
way. It is free (GPL) software, sources are available and you are free
to modify it to suit your needs.

GnuCoMo collects system and application logfiles from the monitored
systems (this can be computers, routers and other devices) and stores them
in a database. This collected data is further interpreted and analyzed
until reports and alerts are generated. Because GnuCoMo can combine data
from multiple sources and longer timespans than common IDSs it is able
to recognize attacks that previously remained undetected.

[TODO: current status]


        About this Document

This document aims to guide you through the installation of GnuCoMo on
a Unix (Linux) workstation. When we have completed the installation this
document will give a quick guided tour through the functionality GnuCoMo
offers. The procedures described here aim at getting the GnuCoMo demo
up and running as quickly as possible and may not be suited for your
production environment. I assume you have some experience with installing
software on your system.

This document is part of the Gnucomo package. Gnucomo is released under
the Gnu General Public License, see the file COPYING.


        Reporting Bugs

If you think you have found a bug in GnuCoMo, this tutorial or the
other GnuCoMo documentation, please report it by sending an e-mail to:
bugs@gnucomo.org. Please include in your bug report:
 - the GnuCoMo version you've found the bug in
 - what you did to provoke the error
 - the output (or error message) you got
 - (if relevant) which output you expected
 - processor type and kernel version you use
 - the versions of the packages that gnucomo depends on

[TODO: Check with Brenno over e-mail adress]


        Installation

Most of the GnuCoMo installation can be done from an ordinary Unix
account; when you need root rights you will be told so explicitly. It is
however a good idea to create a gnucomo account.


        Getting the software

GnuCoMo can be downloaded from the GnuCoMo website
http://www.gnucomo.org/. If you read this file you are likely to have a
copy of GnuCoMo on your system. If you are serious about using GnuCoMo
it would be a good idea to periodicly check the website for updates
and bugfixes.

To be able to install and run GnuCoMo you'll need several other packages:

PostgreSQL
        PostgreSQL is the database we use for GnuCoMo. Most
        linux distributions provide ready to install packages for
        PostgreSQL. We need at least the postgresql, postgresql-server,
        postgresql-libs and postgresql-devel packages.
        If you want to compile PostgreSQL from source: go to the
        PostgreSQL homepage (http://www.postgresql.org/) and download
        the sources via one of the ftp sites. We need libpq++ support
        for GnuCoMo.
        Though we appreciate the performance improvements that the
        PostgreSQL 7.3 server provides, we recommend sticking to the
        PostgreSQL 7.2 client versions for now; at least until we've
        solved the problems with the libpq++ libraries and PostgreSQL 7.3.

libpqxx
        The C++ client interface for the PostgreSQL database server
        is a separate project, not distributed with PostgreSQL.
        This library replaces the old libpq++ library.
        The place to find libpqxx is
        http://gborg.postgresql.org/project/libpqxx/projdisplay.php
        Make sure you install libpqxx in a default library path or
        set your LB_LIBRARY_PATH environment variable to include
        the directory in which libpqxx is installed. The default
        for libpqxx is /usr/local/libpqxx/lib.

PHP
        PHP is used as programming language for gcm_deamon. If you
        have packages you would want to install at least the php and
        php-pgsql packages.
        You can get PHP sources and documentation from the PHP website:
        http://www.php.net/. If you're compiling yourself, don't forget
        to include PostgreSQL support.

libxml2
        We use XML for configuration that we can't (or don't want
        to) store in the database and for documentation in XMLDOC
        format. The libxml2 library usually comes with your linux
        system and you would want to install both the libxml2 and
        libxml2-devel packages.  The libxml2 sources can be downloaded
        via http://xmlsoft.org/downloads.html

AXE
        It's not likely that you'll find precompiled AXE packages on
        the net, so you'll have to compile from source. Get the AXE
        sources from http://www.andromeda.nl/projects/AXE/AXE.html;
        you'll need version 0.3 or better.
        Instructions on compiling and installing AXE are given later in
        this document.


The following packages are optional and provide additional functionality
to GnuCoMo:

GnuPG
        Recommended for encryption and signing of data that is transported
        over the network. Not used at this moment.

XMLDOC
        We use XMLDOC to process our documentation. Download
        and installation instructions can be found on
        http://www.andromeda.nl/projects/xmldoc/xmldoc.html

Apache
        [HELPME: basic instructions]

Python + tkinter
        A GUI based configuration tool named MalfisInter (mi) is being
        worked upon. This tool is programmed in Python and requires XML
        and TkInter support.


        Compiling

If you're lucky enough to find precompiled packages for your system and
have root permissions to install them, things are easy for you; otherwise
you would have to compile from source, which takes a bit more time if
you allready have the standard developer tools (C and C++ compilers,
make, (f)lex and yacc or bison) installed. You will need those tools
for GnuCoMo anyway.
Another essential utility is the bzip compressor package; you will need
it to unpack the archives. bzip2 and bunzip2 come standard with Linux,
but may not be available on older Unix distributions. Sources for bzip2
can be found at http://sources.redhat.com/bzip2/.
Most of the packages mentioned in this document come with detailed
compilation and installation instructions and I recommend to read the
README and INSTALL files before compiling and installing them.


        Compiling AXE

For compiling AXE you need the X-windows (X11) headers and
libraries. Under Linux you might need to install the XFree86-devel
package, but these headers are usualy available whenever the C compiler
is installed (also on propriatary unixes).
[TODO]


        Compiling GnuCoMo

[TODO]


        A few notes on PostgreSQL configuration

        - PostgreSQL authentication
[TODO]


        Creating the database

        - start up postgres
        - login as postgres administrator and create a postgres user
        - createdb
        - create.sql


        Getting the web interface up and running

The web interface is convenient (optional?)
[TODO]


        Performing a test run

        - add object id
        - gcm_input
        - gcm_deamon
        - view results

        Cleaning up

        dropdb
        dropuser


        And now...

If you like GnuCoMo [TODO]
Report success under Non-Linux [TODO]