$Id: TUTORIAL,v 1.3 2003-08-17 11:40:52 arjen Exp $ Tutorial for GnuCoMo What is GnuCoMo The aim of the GnuCoMo (GNU COmputer MOnitoring) project is to build a set of applications that will help administrators to monitor networks as a whole for errors, attacks and security-breaches in a very user-friendly way. It is free (GPL) software, sources are available and you are free to modify it to suit your needs. GnuCoMo collects system and application logfiles from the monitored systems (this can be computers, routers and other devices) and stores them in a database. This collected data is further interpreted and analyzed until reports and alerts are generated. Because GnuCoMo can combine data from multiple sources and longer timespans than common IDSs it is able to recognize attacks that previously remained undetected. [TODO: current status] About this Document This document aims to guide you through the installation of GnuCoMo on a Unix (Linux) workstation. When we have completed the installation this document will give a quick guided tour through the functionality GnuCoMo offers. The procedures described here aim at getting the GnuCoMo demo up and running as quickly as possible and may not be suited for your production environment. I assume you have some experience with installing software on your system. This document is part of the Gnucomo package. Gnucomo is released under the Gnu General Public License, see the file COPYING. Reporting Bugs If you think you have found a bug in GnuCoMo, this tutorial or the other GnuCoMo documentation, please report it by sending an e-mail to: bugs@gnucomo.org. Please include in your bug report: - the GnuCoMo version you've found the bug in - what you did to provoke the error - the output (or error message) you got - (if relevant) which output you expected - processor type and kernel version you use - the versions of the packages that gnucomo depends on [TODO: Check with Brenno over e-mail adress] Installation Most of the GnuCoMo installation can be done from an ordinary Unix account; when you need root rights you will be told so explicitly. It is however a good idea to create a gnucomo account. Getting the software GnuCoMo can be downloaded from the GnuCoMo website http://www.gnucomo.org/. If you read this file you are likely to have a copy of GnuCoMo on your system. If you are serious about using GnuCoMo it would be a good idea to periodicly check the website for updates and bugfixes. To be able to install and run GnuCoMo you'll need several other packages: PostgreSQL PostgreSQL is the database we use for GnuCoMo. Most linux distributions provide ready to install packages for PostgreSQL. We need at least the postgresql, postgresql-server, postgresql-libs and postgresql-devel packages. If you want to compile PostgreSQL from source: go to the PostgreSQL homepage (http://www.postgresql.org/) and download the sources via one of the ftp sites. We need libpq++ support for GnuCoMo. Though we appreciate the performance improvements that the PostgreSQL 7.3 server provides, we recommend sticking to the PostgreSQL 7.2 client versions for now; at least until we've solved the problems with the libpq++ libraries and PostgreSQL 7.3. libpqxx The C++ client interface for the PostgreSQL database server is a separate project, not distributed with PostgreSQL. This library replaces the old libpq++ library. The place to find libpqxx is http://gborg.postgresql.org/project/libpqxx/projdisplay.php Make sure you install libpqxx in a default library path or set your LB_LIBRARY_PATH environment variable to include the directory in which libpqxx is installed. The default for libpqxx is /usr/local/libpqxx/lib. PHP PHP is used as programming language for gcm_deamon. If you have packages you would want to install at least the php and php-pgsql packages. You can get PHP sources and documentation from the PHP website: http://www.php.net/. If you're compiling yourself, don't forget to include PostgreSQL support. libxml2 We use XML for configuration that we can't (or don't want to) store in the database and for documentation in XMLDOC format. The libxml2 library usually comes with your linux system and you would want to install both the libxml2 and libxml2-devel packages. The libxml2 sources can be downloaded via http://xmlsoft.org/downloads.html AXE It's not likely that you'll find precompiled AXE packages on the net, so you'll have to compile from source. Get the AXE sources from http://www.andromeda.nl/projects/AXE/AXE.html; you'll need version 0.3 or better. Instructions on compiling and installing AXE are given later in this document. The following packages are optional and provide additional functionality to GnuCoMo: GnuPG Recommended for encryption and signing of data that is transported over the network. Not used at this moment. XMLDOC We use XMLDOC to process our documentation. Download and installation instructions can be found on http://www.andromeda.nl/projects/xmldoc/xmldoc.html Apache [HELPME: basic instructions] Python + tkinter A GUI based configuration tool named MalfisInter (mi) is being worked upon. This tool is programmed in Python and requires XML and TkInter support. Compiling If you're lucky enough to find precompiled packages for your system and have root permissions to install them, things are easy for you; otherwise you would have to compile from source, which takes a bit more time if you allready have the standard developer tools (C and C++ compilers, make, (f)lex and yacc or bison) installed. You will need those tools for GnuCoMo anyway. Another essential utility is the bzip compressor package; you will need it to unpack the archives. bzip2 and bunzip2 come standard with Linux, but may not be available on older Unix distributions. Sources for bzip2 can be found at http://sources.redhat.com/bzip2/. Most of the packages mentioned in this document come with detailed compilation and installation instructions and I recommend to read the README and INSTALL files before compiling and installing them. Compiling AXE For compiling AXE you need the X-windows (X11) headers and libraries. Under Linux you might need to install the XFree86-devel package, but these headers are usualy available whenever the C compiler is installed (also on propriatary unixes). [TODO] Compiling GnuCoMo [TODO] A few notes on PostgreSQL configuration - PostgreSQL authentication [TODO] Creating the database - start up postgres - login as postgres administrator and create a postgres user - createdb - create.sql Getting the web interface up and running The web interface is convenient (optional?) [TODO] Performing a test run - add object id - gcm_input - gcm_deamon - view results Cleaning up dropdb dropuser And now... If you like GnuCoMo [TODO] Report success under Non-Linux [TODO]