From df6f42656af0eb72a3d9d66cde89d78a7ce300be Mon Sep 17 00:00:00 2001 From: arjen Date: Wed, 5 Feb 2003 10:35:43 +0000 Subject: [PATCH] A tutorial on how to install and use GnuCoMo. --- TUTORIAL | 197 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 197 insertions(+) create mode 100644 TUTORIAL diff --git a/TUTORIAL b/TUTORIAL new file mode 100644 index 0000000..749f896 --- /dev/null +++ b/TUTORIAL @@ -0,0 +1,197 @@ +$Id: TUTORIAL,v 1.1 2003-02-05 10:35:43 arjen Exp $ + + Tutorial for GnuCoMo + + + What is GnuCoMo + +The aim of the GnuCoMo (GNU COmputer MOnitoring) project is to build a +set of applications that will help administrators to monitor networks as +a whole for errors, attacks and security-breaches in a very user-friendly +way. It is free (GPL) software, sources are available and you are free +to modify it to suit your needs. + +GnuCoMo collects system and application logfiles from the monitored +systems (this can be computers, routers and other devices) and stores them +in a database. This collected data is further interpreted and analyzed +until reports and alerts are generated. Because GnuCoMo can combine data +from multiple sources and longer timespans than common IDSs it is able +to recognize attacks that previously remained undetected. + +[TODO: current status] + + + About this Document + +This document aims to guide you through the installation of GnuCoMo on +a Unix (Linux) workstation. When we have completed the installation this +document will give a quick guided tour through the functionality GnuCoMo +offers. The procedures described here aim at getting the GnuCoMo demo +up and running as quickly as possible and may not be suited for your +production environment. I assume you have some experience with installing +software on your system. + +Gnucomo is released under the Gnu General Public License, see the +file COPYING. + + + Reporting Bugs + +If you think you have found a bug in GnuCoMo, this tutorial or the +other GnuCoMo documentation, please report it by sending an e-mail to: +bugs@gnucomo.org. Please include in your bug report: + - the GnuCoMo version you've found the bug in + - what you did to provoke the error + - the output (or error message) you got + - (if relevant) which output you expected + - processor type and kernel version you use + - the versions of the packages that gnucomo depends on + +[TODO: Check with Brenno over e-mail adress] + + + Installation + +Most of the GnuCoMo installation can be done from an ordinary Unix +account; when you need root rights you will be told so explicitly. It is +however a good idea to create a gnucomo account. + + + Getting the software + +GnuCoMo can be downloaded from the GnuCoMo website +http://www.gnucomo.org/. If you read this file you are likely to have a +copy of GnuCoMo on your system. If you are serious about using GnuCoMo +it would be a good idea to periodicly check the website for updates +and bugfixes. + +To be able to install and run GnuCoMo you'll need several other packages: + +PostgreSQL + PostgreSQL is the database we use for GnuCoMo. Most + linux distributions provide ready to install packages for + PostgreSQL. We need at least the postgresql, postgresql-server, + postgresql-libs and postgresql-devel packages. + If you want to compile PostgreSQL from source: go to the + PostgreSQL homepage (http://www.postgresql.org/) and download + the sources via one of the ftp sites. We need libpq++ support + for GnuCoMo. + Though we appreciate the performance improvements that the + PostgreSQL 7.3 server provides, we recommend sticking to the + PostgreSQL 7.2 client versions for now; at least until we've + solved the problems with the libpq++ libraries and PostgreSQL 7.3. + +PHP + PHP is used as programming language for gcm_deamon. If you + have packages you would want to install at least the php and + php-pgsql packages. + You can get PHP sources and documentation from the PHP website: + http://www.php.net/. If you're compiling yourself, don't forget + to include PostgreSQL support. + +libxml2 + We use XML for configuration that we can't (or don't want + to) store in the database and for documentation in XMLDOC + format. The libxml2 library usually comes with your linux + system and you would want to install both the libxml2 and + libxml2-devel packages. The libxml2 sources can be downloaded + via http://xmlsoft.org/downloads.html + +AXE + It's not likely that you'll find precompiled AXE packages on + the net, so you'll have to compile from source. Get the AXE + sources from http://www.andromeda.nl/projects/AXE/AXE.html; + you'll need version 0.3 or better. + Instructions on compiling and installing AXE are given later in + this document. + + +The following packages are optional and provide additional functionality +to GnuCoMo: + +GnuPG + Recommended for encryption and signing of data that is transported + over the network. Not used at this moment. + +XMLDOC + We use XMLDOC to process our documentation. Download + and installation instructions can be found on + http://www.andromeda.nl/projects/xmldoc/xmldoc.html + +Apache + [HELPME: basic instructions] + +Python + tkinter + A GUI based configuration tool named MalfisInter (mi) is being + worked upon. This tool is programmed in Python and requires XML + and TkInter support. + + + Compiling + +If you're lucky enough to find precompiled packages for your system and +have root permissions to install them, things are easy for you; otherwise +you would have to compile from source, which takes a bit more time if +you allready have the standard developer tools (C and C++ compilers, +make, (f)lex and yacc or bison) installed. You will need those tools +for GnuCoMo anyway. +Another essential utility is the bzip compressor package; you will need +it to unpack the archives. bzip2 and bunzip2 come standard with Linux, +but may not be available on older Unix distributions. Sources for bzip2 +can be found at http://sources.redhat.com/bzip2/. +Most of the packages mentioned in this document come with detailed +compilation and installation instructions and I recommend to read the +README and INSTALL files before compiling and installing them. + + + Compiling AXE + +For compiling AXE you need the X-windows (X11) headers and +libraries. Under Linux you might need to install the XFree86-devel +package, but these headers are usualy available whenever the C compiler +is installed (also on propriatary unixes). +[TODO] + + + Compiling GnuCoMo + +[TODO] + + + A few notes on PostgreSQL configuration + + - PostgreSQL authentication +[TODO] + + + Creating the database + + - start up postgres + - login as postgres administrator and create a postgres user + - createdb + - create.sql + + + Getting the web interface up and running + +The web interface is convenient (optional?) +[TODO] + + + Performing a test run + + - add object id + - gcm_input + - gcm_deamon + - view results + + Cleaning up + + dropdb + dropuser + + + And now... + +If you like GnuCoMo [TODO] +Report success under Non-Linux [TODO] -- 2.11.0