diff options
author | Lockywolf <for_sbo.ntopng_2023-11-20@lockywolf.net> | 2023-11-22 23:52:39 +0700 |
---|---|---|
committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2023-11-25 21:43:04 +0700 |
commit | 9936592c0cc914a95d48c5d27227f8b2b48aeb80 (patch) | |
tree | 26ede4c91511c00931eaafb7ce718511e32f166e /system/ntopng | |
parent | 2ee487bf379f0650ff9b64d05159220fd08fb9f2 (diff) |
system/ntopng: Added (system monitoring).
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'system/ntopng')
-rw-r--r-- | system/ntopng/README | 99 | ||||
-rw-r--r-- | system/ntopng/doinst.sh | 25 | ||||
-rw-r--r-- | system/ntopng/ntopng.SlackBuild | 187 | ||||
-rw-r--r-- | system/ntopng/ntopng.info | 14 | ||||
-rw-r--r-- | system/ntopng/ntopng.logrotate | 11 | ||||
-rw-r--r-- | system/ntopng/rc.ntopng | 104 | ||||
-rw-r--r-- | system/ntopng/slack-desc | 19 |
7 files changed, 459 insertions, 0 deletions
diff --git a/system/ntopng/README b/system/ntopng/README new file mode 100644 index 0000000000000..90ce3d179d0de --- /dev/null +++ b/system/ntopng/README @@ -0,0 +1,99 @@ +ntopng is a network probe that shows network usage in a way similar to +what top does for processes. It acts as a Web +server, creating an HTML dump of the network status. + +It is a successor to ntop, which is discontinued. Main differences seem +to be: + +a. No terminal interface present. Only web. +b. No built-in flow collector, at least not for NetFlow or sFlow. + +When installing ntopng, pay attention to the following: + +1. UID/GID +ntopng needs to run under its own user/group. This has been assigned to +the following by SlackBuilds.org, but feel free to change it on your +system for consistency with local assignments. + User: ntopng UID: 212 GID: 212 + group: ntopng GID: 212 +You can change pass alternate values for the user and group using +NTOPUSER and NTOPGROUP variables when running the build script. + +The build script will suggest creating these groups if they are not +present. + +2. Log rotation. + +Logs are placed in /var/log/ntopng/ and will be rotated every week. The +log rotation will restart the ntopng server which will reset the ntopng +statistics. If you want to keep the statistics you have to edit or +delete the /etc/logrotate.d/ntopng file. + +3. Flow collection + +ntopng now uses a custom flow collection format, based on zeromq. To +convert a standard NetFlow or sFlow into this format, the developer +suggess bying their commercial tool called nProbe. + +However, there exists a free software flow collection (supporting only) +NetFlowV9, called netflow2ng. It is not available on SBo, but there is +an unfinished SlackBuild for it, which can be found on + +https://gitlab.com/Lockywolf/lwfslackbuilds/-/raw/master/\ +10_unfit-for-sbo-require-network/netflow2ng/\ +netflow2ng.SlackBuild?ref_type=heads + +4. Geoidentification and dynamic data + +ntopng depends on some dynamic data in order to display relevant +information about the flows. + +a. Geographical distribution of IP addresses. ntopng can use both + maxmind, and db-ip information, both free-low-quality, and + paid-high-quality. Maxmind data can be updated by running + geoipupdate from cron on a weekly basis. These data are usually + installed globally, into /var/lib/GeoIP/. For more information, + consult doc/README.geolocation.md, and keep in mind that ntopng-data + does not exist on Slackware, but geoipupdate does. +b. Various lists: +'Abuse.ch URLhaus' [https://urlhaus.abuse.ch/downloads/hostfile/] +'Emerging Threats' [https://rules.emergingthreats.net/fwrules/\ +emerging-Block-IPs.txt] +'NoCoin Filter List' [https://raw.githubusercontent.com/hoshsadiq/\ +adblock-nocoin-list/master/hosts.txt] +'SSLBL Botnet C2 IP Blacklist' [https://sslbl.abuse.ch/blacklist/\ +sslipblacklist.txt] +'Stratosphere Lab' [https://mcfp.felk.cvut.cz/publicDatasets/\ +CTU-AIPP-BlackList/Todays-Blacklists/\ +AIP_historical_blacklist_prioritized_by_newest_attackers.csv] +'ThreatFox' [https://threatfox.abuse.ch/downloads/hostfile/] +'dshield 7 days' [https://raw.githubusercontent.com/firehol/\ +blocklist-ipsets/master/dshield_7d.netset] + Those lists are updated automatically by ntopng, periodically. + There is a configuration option to disable these updates. + + +5. nDPI + +ntopng depends on nDPI, a Deep Packet Inspection library. SBo has a +SlackBuild for nDPI, however, in recent versions ntopng prefers to use +its own version of nDPI, linked-in statically. If you find that the +built-in version deviates in features from the standalone one, you are +welcome to report this. + +6. redis + +ntopng requires redis. The version on SBo is enough, but it needs to +be running before ntopng can be started. + +7. ntopng crashes when started as a daemon. I am not sure why. The +initscript at the moment just starts it in the background and disowns. +ntopng also does not terminate on sigterm normally, hence the rc script +kill-9's it. If you have better ideas, submit a patch to the slackbuild. +Due to all this stupidities, rc.ntopng is a .new script, so it will not +be overwritten on upgrade. We really need a better version. + +8. ntopng goes insane when it sees "virtual ethernets" that are usually +created to communicate between network namespaces. Do not be surprised +if weird effect appear, and possibly remove those virtual ethernets +from the listening list. diff --git a/system/ntopng/doinst.sh b/system/ntopng/doinst.sh new file mode 100644 index 0000000000000..1250e7e18ce69 --- /dev/null +++ b/system/ntopng/doinst.sh @@ -0,0 +1,25 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.ntopng.new +config etc/logrotate.d/ntopng.new diff --git a/system/ntopng/ntopng.SlackBuild b/system/ntopng/ntopng.SlackBuild new file mode 100644 index 0000000000000..f0e662cb468fd --- /dev/null +++ b/system/ntopng/ntopng.SlackBuild @@ -0,0 +1,187 @@ +#!/bin/bash + +# Slackware build script for ntopng + +# Copyright 2023, Lockywolf +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PRGNAM=ntopng +PRGNAM2=nDPI +VERSION=${VERSION:-6.0} +VERSION2=${VERSION2:-4.8} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} +PKGTYPE=${PKGTYPE:-tgz} + +MUID=${MUID:-212} +MGID=${MGID:-212} +NTOPUSER=${NTOPUSER:-ntopng} +NTOPGROUP=${NTOPGROUP:-ntopng} + +if ! getent group ntopng 2>&1 > /dev/null; then + echo " You must have an ntopng group to run this script." + echo " # groupadd -g $MGID ntopng" + exit 1 +elif ! getent passwd ntopng 2>&1 > /dev/null; then + echo " You must have a ntopng user to run this script." + echo " # useradd -u $MUID -g $MGID -d /var/lib/ntopng ntopng" + exit 1 +fi + + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i586 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE" + exit 0 +fi + +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O0 -fPIC -ggdb" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION $PRGNAM2-$VERSION2 +#tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +tar xvf $CWD/$PRGNAM2-$VERSION2.tar.gz +cd $PRGNAM2-$VERSION2 +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} + -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} + + +./autogen.sh +CXX='ccache g++' \ +CC='ccache gcc' \ + CFLAGS="$SLKCFLAGS" \ + CXXFLAGS="$SLKCFLAGS" ./configure --with-pcre \ + --with-maxminddb +make + +export NDPI_HOME=$TMP/$PRGNAM2-$VERSION2 + +rm -rf ntopng-dist-222d5a0e9ce7b60689b014898f3fc84b3c493687 +tar xvf $CWD/ntopng-dist-222d5a0e9ce7b60689b014898f3fc84b3c493687.tar.gz + +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION + +#cd ../$PRGNAM-$VERSION +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} + -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} + + +rmdir httpdocs/dist +mv ../ntopng-dist-222d5a0e9ce7b60689b014898f3fc84b3c493687 httpdocs/dist + +./autogen.sh +CXX='ccache g++' \ +CC='ccache gcc' \ +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --datadir=/var/lib/ntopng \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PRGNAM-$VERSION \ + --disable-static \ + --with-pcre \ + --with-maxminddb \ + --build=$ARCH-slackware-linux +sed -i 's|-lhiredis|-lhiredis -lpcre|g' Makefile + +sed -i 's|callbacks_dir = ntop->getValidPath(callbacks_dir);|callbacks_dir = "/usr/share/ntopng/scripts/callbacks";|g' src/Prefs.cpp + +make +make install DESTDIR=$PKG +cp packages/wizard/ntopng-config $PKG/usr/bin + +strip $PKG/usr/bin/ntopng + +rm $PKG/usr/share/ntopng/httpdocs/geoip/README.geolocation.md + +install -D -m 0644 $CWD/rc.$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM.new + +mkdir -p $PKG/var/{lib,log}/$PRGNAM +chown ntopng:ntopng $PKG/var/{lib,log}/$PRGNAM + +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/etc/logrotate.d $PKG/etc/rc.d +install -m 0644 $CWD/$PRGNAM.logrotate $PKG/etc/logrotate.d/$PRGNAM.new +# sed \ +# -e "s%@NTOPUSER@%$NTOPUSER%" \ +# -e "s%@NTOPGROUP@%$NTOPGROUP%" \ +# $CWD/rc.ntopng > $PKG/etc/rc.d/rc.ntopng.new +cat $CWD/rc.ntopng > $PKG/etc/rc.d/rc.ntopng.new + + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/nDPI + +cp -a *.md COPYING LICENSE $PKG/usr/doc/$PRGNAM-$VERSION + +( cd $TMP/$PRGNAM2-$VERSION2 + cp -a *.md COPYING $PKG/usr/doc/$PRGNAM-$VERSION/nDPI ) +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE diff --git a/system/ntopng/ntopng.info b/system/ntopng/ntopng.info new file mode 100644 index 0000000000000..02764f6a2119d --- /dev/null +++ b/system/ntopng/ntopng.info @@ -0,0 +1,14 @@ +PRGNAM="ntopng" +VERSION="6.0" +HOMEPAGE="https://www.ntop.org" +DOWNLOAD="https://github.com/ntop/ntopng/archive/6.0/ntopng-6.0.tar.gz \ +https://github.com/ntop/nDPI/archive/4.8/nDPI-4.8.tar.gz \ +https://github.com/ntop/ntopng-dist/archive/222d5a0e9ce7b60689b014898f3fc84b3c493687/ntopng-dist-222d5a0e9ce7b60689b014898f3fc84b3c493687.tar.gz" +MD5SUM="a6f2a09a3114841ea020b23de6db9081 \ +41a5437fa7d274f59f852b17b776558f \ +488fe73c0a221bdab7c74f21720dbe41" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="GeoIP graphviz rrdtool redis hiredis zeromq libmaxminddb" +MAINTAINER="Lockywolf" +EMAIL="for_sbo.ntopng_2023-11-20@lockywolf.net" diff --git a/system/ntopng/ntopng.logrotate b/system/ntopng/ntopng.logrotate new file mode 100644 index 0000000000000..05c75dea396f1 --- /dev/null +++ b/system/ntopng/ntopng.logrotate @@ -0,0 +1,11 @@ +/var/log/ntopng { + # based on ntopng.logrotate included in the ntopng/debian source. + weekly + missingok + rotate 4 + # ntopng doesn't handle SIGHUP + copytruncate + nocompress + notifempty + create 640 root wheel +} diff --git a/system/ntopng/rc.ntopng b/system/ntopng/rc.ntopng new file mode 100644 index 0000000000000..b05335359dd90 --- /dev/null +++ b/system/ntopng/rc.ntopng @@ -0,0 +1,104 @@ +#!/bin/sh + +# /etc/rc.d/rc.ntopng : start/stop/restart ntopng +# usage: ./rc.ntopng { start | stop | restart } + +# Thanks to andarius <andarius@errantnutron.com> for donating +# time and the various cleanups in the script and the start|stop|restart +# functions. + +NTOPUID=ntopng +NTOPGID=ntopng +NTOPLOG=/var/log/ntopng/ntopng.log +DATE=$(date +%a\ %b\ %d\ %T\ %Y) +RETVAL=0 + +# Sanity Checking +if [ ! -r "/var/lib/ntopng/" ]; then + echo "Can not read ntopng state directory. Exiting..." + exit 1 +fi + +ntopng_start() { + echo -n $"Starting ntopng ... " + if [ -r /var/run/ntopng.pid ]; then + if $(! /sbin/pidof ntopng > /dev/null 2>&1 ) ; then + echo "Removing an old /var/run/ntopng.pid" + rm -f /var/run/ntopng.pid + fi + fi + + /usr/bin/ntopng --scripts-dir=/usr/share/ntopng/scripts \ + --install-dir=/usr/share/ntopng \ + --httpdocs-dir=/usr/share/ntopng/httpdocs \ + --user=$NTOPUID \ + --daemon \ + --pid=/var/run/ntopng.pid >> $NTOPLOG 2>&1 & + disown + return 0 + RETVAL=$? + + if [ $RETVAL -eq 0 ]; then + touch /var/lock/ntopng + sleep 2 + echo "Done" + else + echo "Failed" + fi + return $RETVAL +} + +ntopng_stop() { + echo -n $"Stopping ntopng ... " + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + if [ -r /var/run/ntopng.pid ]; then + pkill ntopng + # Give it some time to die gracefully + for second in 0 1 2 3 4 5 6 7 8 9 10 ; do + if $(! /sbin/pidof ntopng > /dev/null 2>&1 ) ; then + # ntopng is a dirty little daemon: + rm -f /var/run/ntopng.pid + break + fi + sleep 1 + done + + if [ "$second" = "10" ]; then + echo "\nWARNING: ntopng did not exit normally, killing!" + pkill ntopng + sleep 10 + else + # Yes there are two spaces as this is the way ntopng writes + # their logfiles. + echo "$DATE EXIT: ntopng stopped by user: $USER (UID: $EUID)" >> $NTOPLOG + echo "Done" + fi + fi + rm -f /var/lock/ntopng + fi + return $RETVAL +} + +# Lets see how we are being called: +case "$1" in + start) + ntopng_start + ;; + stop) + ntopng_stop + ;; + restart|reload) + ntopng_stop + # Takes a few to recover and be able to start again: + sleep 10 + ntopng_start + ;; + *) + echo "" + echo "Usage: $(basename $0) {start | stop | restart }" + RETVAL=1 +esac + +exit $RETVAL +#EOF diff --git a/system/ntopng/slack-desc b/system/ntopng/slack-desc new file mode 100644 index 0000000000000..2d610c8b73734 --- /dev/null +++ b/system/ntopng/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +ntopng: ntopng (Network usage with shiny graphs) +ntopng: +ntopng: ntopng is a network probe that shows network usage in a way similar to +ntopng: what top does for processes. In interactive mode, it displays the +ntopng: network status on the user's terminal. In Web mode, it acts as a Web +ntopng: server, creating an HTML dump of the network status. +ntopng: +ntopng: It sports a NetFlow/sFlow emitter/collector, an HTTP-based client +ntopng: interface for creating ntopng-centric monitoring applications, and +ntopng: RRD for persistently storing traffic statistics. +ntopng: |