--- /dev/null
+$Id: TUTORIAL,v 1.1 2003-02-05 10:35:43 arjen Exp $
+
+ Tutorial for GnuCoMo
+
+
+ What is GnuCoMo
+
+The aim of the GnuCoMo (GNU COmputer MOnitoring) project is to build a
+set of applications that will help administrators to monitor networks as
+a whole for errors, attacks and security-breaches in a very user-friendly
+way. It is free (GPL) software, sources are available and you are free
+to modify it to suit your needs.
+
+GnuCoMo collects system and application logfiles from the monitored
+systems (this can be computers, routers and other devices) and stores them
+in a database. This collected data is further interpreted and analyzed
+until reports and alerts are generated. Because GnuCoMo can combine data
+from multiple sources and longer timespans than common IDSs it is able
+to recognize attacks that previously remained undetected.
+
+[TODO: current status]
+
+
+ About this Document
+
+This document aims to guide you through the installation of GnuCoMo on
+a Unix (Linux) workstation. When we have completed the installation this
+document will give a quick guided tour through the functionality GnuCoMo
+offers. The procedures described here aim at getting the GnuCoMo demo
+up and running as quickly as possible and may not be suited for your
+production environment. I assume you have some experience with installing
+software on your system.
+
+Gnucomo is released under the Gnu General Public License, see the
+file COPYING.
+
+
+ Reporting Bugs
+
+If you think you have found a bug in GnuCoMo, this tutorial or the
+other GnuCoMo documentation, please report it by sending an e-mail to:
+bugs@gnucomo.org. Please include in your bug report:
+ - the GnuCoMo version you've found the bug in
+ - what you did to provoke the error
+ - the output (or error message) you got
+ - (if relevant) which output you expected
+ - processor type and kernel version you use
+ - the versions of the packages that gnucomo depends on
+
+[TODO: Check with Brenno over e-mail adress]
+
+
+ Installation
+
+Most of the GnuCoMo installation can be done from an ordinary Unix
+account; when you need root rights you will be told so explicitly. It is
+however a good idea to create a gnucomo account.
+
+
+ Getting the software
+
+GnuCoMo can be downloaded from the GnuCoMo website
+http://www.gnucomo.org/. If you read this file you are likely to have a
+copy of GnuCoMo on your system. If you are serious about using GnuCoMo
+it would be a good idea to periodicly check the website for updates
+and bugfixes.
+
+To be able to install and run GnuCoMo you'll need several other packages:
+
+PostgreSQL
+ PostgreSQL is the database we use for GnuCoMo. Most
+ linux distributions provide ready to install packages for
+ PostgreSQL. We need at least the postgresql, postgresql-server,
+ postgresql-libs and postgresql-devel packages.
+ If you want to compile PostgreSQL from source: go to the
+ PostgreSQL homepage (http://www.postgresql.org/) and download
+ the sources via one of the ftp sites. We need libpq++ support
+ for GnuCoMo.
+ Though we appreciate the performance improvements that the
+ PostgreSQL 7.3 server provides, we recommend sticking to the
+ PostgreSQL 7.2 client versions for now; at least until we've
+ solved the problems with the libpq++ libraries and PostgreSQL 7.3.
+
+PHP
+ PHP is used as programming language for gcm_deamon. If you
+ have packages you would want to install at least the php and
+ php-pgsql packages.
+ You can get PHP sources and documentation from the PHP website:
+ http://www.php.net/. If you're compiling yourself, don't forget
+ to include PostgreSQL support.
+
+libxml2
+ We use XML for configuration that we can't (or don't want
+ to) store in the database and for documentation in XMLDOC
+ format. The libxml2 library usually comes with your linux
+ system and you would want to install both the libxml2 and
+ libxml2-devel packages. The libxml2 sources can be downloaded
+ via http://xmlsoft.org/downloads.html
+
+AXE
+ It's not likely that you'll find precompiled AXE packages on
+ the net, so you'll have to compile from source. Get the AXE
+ sources from http://www.andromeda.nl/projects/AXE/AXE.html;
+ you'll need version 0.3 or better.
+ Instructions on compiling and installing AXE are given later in
+ this document.
+
+
+The following packages are optional and provide additional functionality
+to GnuCoMo:
+
+GnuPG
+ Recommended for encryption and signing of data that is transported
+ over the network. Not used at this moment.
+
+XMLDOC
+ We use XMLDOC to process our documentation. Download
+ and installation instructions can be found on
+ http://www.andromeda.nl/projects/xmldoc/xmldoc.html
+
+Apache
+ [HELPME: basic instructions]
+
+Python + tkinter
+ A GUI based configuration tool named MalfisInter (mi) is being
+ worked upon. This tool is programmed in Python and requires XML
+ and TkInter support.
+
+
+ Compiling
+
+If you're lucky enough to find precompiled packages for your system and
+have root permissions to install them, things are easy for you; otherwise
+you would have to compile from source, which takes a bit more time if
+you allready have the standard developer tools (C and C++ compilers,
+make, (f)lex and yacc or bison) installed. You will need those tools
+for GnuCoMo anyway.
+Another essential utility is the bzip compressor package; you will need
+it to unpack the archives. bzip2 and bunzip2 come standard with Linux,
+but may not be available on older Unix distributions. Sources for bzip2
+can be found at http://sources.redhat.com/bzip2/.
+Most of the packages mentioned in this document come with detailed
+compilation and installation instructions and I recommend to read the
+README and INSTALL files before compiling and installing them.
+
+
+ Compiling AXE
+
+For compiling AXE you need the X-windows (X11) headers and
+libraries. Under Linux you might need to install the XFree86-devel
+package, but these headers are usualy available whenever the C compiler
+is installed (also on propriatary unixes).
+[TODO]
+
+
+ Compiling GnuCoMo
+
+[TODO]
+
+
+ A few notes on PostgreSQL configuration
+
+ - PostgreSQL authentication
+[TODO]
+
+
+ Creating the database
+
+ - start up postgres
+ - login as postgres administrator and create a postgres user
+ - createdb
+ - create.sql
+
+
+ Getting the web interface up and running
+
+The web interface is convenient (optional?)
+[TODO]
+
+
+ Performing a test run
+
+ - add object id
+ - gcm_input
+ - gcm_deamon
+ - view results
+
+ Cleaning up
+
+ dropdb
+ dropuser
+
+
+ And now...
+
+If you like GnuCoMo [TODO]
+Report success under Non-Linux [TODO]
projects / gnucomo.git / commitdiff