1 $Id: TUTORIAL,v 1.2 2003-02-05 11:01:17 arjen Exp $
8 The aim of the GnuCoMo (GNU COmputer MOnitoring) project is to build a
9 set of applications that will help administrators to monitor networks as
10 a whole for errors, attacks and security-breaches in a very user-friendly
11 way. It is free (GPL) software, sources are available and you are free
12 to modify it to suit your needs.
14 GnuCoMo collects system and application logfiles from the monitored
15 systems (this can be computers, routers and other devices) and stores them
16 in a database. This collected data is further interpreted and analyzed
17 until reports and alerts are generated. Because GnuCoMo can combine data
18 from multiple sources and longer timespans than common IDSs it is able
19 to recognize attacks that previously remained undetected.
21 [TODO: current status]
26 This document aims to guide you through the installation of GnuCoMo on
27 a Unix (Linux) workstation. When we have completed the installation this
28 document will give a quick guided tour through the functionality GnuCoMo
29 offers. The procedures described here aim at getting the GnuCoMo demo
30 up and running as quickly as possible and may not be suited for your
31 production environment. I assume you have some experience with installing
32 software on your system.
34 This document is part of the Gnucomo package. Gnucomo is released under
35 the Gnu General Public License, see the file COPYING.
40 If you think you have found a bug in GnuCoMo, this tutorial or the
41 other GnuCoMo documentation, please report it by sending an e-mail to:
42 bugs@gnucomo.org. Please include in your bug report:
43 - the GnuCoMo version you've found the bug in
44 - what you did to provoke the error
45 - the output (or error message) you got
46 - (if relevant) which output you expected
47 - processor type and kernel version you use
48 - the versions of the packages that gnucomo depends on
50 [TODO: Check with Brenno over e-mail adress]
55 Most of the GnuCoMo installation can be done from an ordinary Unix
56 account; when you need root rights you will be told so explicitly. It is
57 however a good idea to create a gnucomo account.
62 GnuCoMo can be downloaded from the GnuCoMo website
63 http://www.gnucomo.org/. If you read this file you are likely to have a
64 copy of GnuCoMo on your system. If you are serious about using GnuCoMo
65 it would be a good idea to periodicly check the website for updates
68 To be able to install and run GnuCoMo you'll need several other packages:
71 PostgreSQL is the database we use for GnuCoMo. Most
72 linux distributions provide ready to install packages for
73 PostgreSQL. We need at least the postgresql, postgresql-server,
74 postgresql-libs and postgresql-devel packages.
75 If you want to compile PostgreSQL from source: go to the
76 PostgreSQL homepage (http://www.postgresql.org/) and download
77 the sources via one of the ftp sites. We need libpq++ support
79 Though we appreciate the performance improvements that the
80 PostgreSQL 7.3 server provides, we recommend sticking to the
81 PostgreSQL 7.2 client versions for now; at least until we've
82 solved the problems with the libpq++ libraries and PostgreSQL 7.3.
85 PHP is used as programming language for gcm_deamon. If you
86 have packages you would want to install at least the php and
88 You can get PHP sources and documentation from the PHP website:
89 http://www.php.net/. If you're compiling yourself, don't forget
90 to include PostgreSQL support.
93 We use XML for configuration that we can't (or don't want
94 to) store in the database and for documentation in XMLDOC
95 format. The libxml2 library usually comes with your linux
96 system and you would want to install both the libxml2 and
97 libxml2-devel packages. The libxml2 sources can be downloaded
98 via http://xmlsoft.org/downloads.html
101 It's not likely that you'll find precompiled AXE packages on
102 the net, so you'll have to compile from source. Get the AXE
103 sources from http://www.andromeda.nl/projects/AXE/AXE.html;
104 you'll need version 0.3 or better.
105 Instructions on compiling and installing AXE are given later in
109 The following packages are optional and provide additional functionality
113 Recommended for encryption and signing of data that is transported
114 over the network. Not used at this moment.
117 We use XMLDOC to process our documentation. Download
118 and installation instructions can be found on
119 http://www.andromeda.nl/projects/xmldoc/xmldoc.html
122 [HELPME: basic instructions]
125 A GUI based configuration tool named MalfisInter (mi) is being
126 worked upon. This tool is programmed in Python and requires XML
132 If you're lucky enough to find precompiled packages for your system and
133 have root permissions to install them, things are easy for you; otherwise
134 you would have to compile from source, which takes a bit more time if
135 you allready have the standard developer tools (C and C++ compilers,
136 make, (f)lex and yacc or bison) installed. You will need those tools
138 Another essential utility is the bzip compressor package; you will need
139 it to unpack the archives. bzip2 and bunzip2 come standard with Linux,
140 but may not be available on older Unix distributions. Sources for bzip2
141 can be found at http://sources.redhat.com/bzip2/.
142 Most of the packages mentioned in this document come with detailed
143 compilation and installation instructions and I recommend to read the
144 README and INSTALL files before compiling and installing them.
149 For compiling AXE you need the X-windows (X11) headers and
150 libraries. Under Linux you might need to install the XFree86-devel
151 package, but these headers are usualy available whenever the C compiler
152 is installed (also on propriatary unixes).
161 A few notes on PostgreSQL configuration
163 - PostgreSQL authentication
167 Creating the database
170 - login as postgres administrator and create a postgres user
175 Getting the web interface up and running
177 The web interface is convenient (optional?)
181 Performing a test run
196 If you like GnuCoMo [TODO]
197 Report success under Non-Linux [TODO]