From 80c67ef078e689479bb2b65c828d35fb9783940b Mon Sep 17 00:00:00 2001 From: Niels Horn Date: Mon, 30 Aug 2010 05:59:18 -0500 Subject: network/ntop: Updated for version 4.0.1. Signed-off-by: Erik Hanson --- network/ntop/README.SLACKWARE | 82 ++++++++----------------------------------- 1 file changed, 15 insertions(+), 67 deletions(-) (limited to 'network/ntop/README.SLACKWARE') diff --git a/network/ntop/README.SLACKWARE b/network/ntop/README.SLACKWARE index 0186ed3daacf..fc5a9731886a 100644 --- a/network/ntop/README.SLACKWARE +++ b/network/ntop/README.SLACKWARE @@ -22,58 +22,10 @@ If you want to use a different user and/or group under which to run ntop, you can pass alternate values to the NTOPUSER and NTOPGROUP variables when running the build script. -1) Download extra databases ---------------------------- - -After building & installing the ntop package, you might want to -follow these extra steps: - -1.1) GeoIP tables - -To identify the location of the external hosts your netwerk connects -to, ntop uses GeoIP. You will need to download the latest tables to -your ntop server and store them in /etc/ntop: - - # cd /etc/ntop - # wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz - # gunzip -c GeoLiteCity.dat.gz > GeoLiteCity.dat - # wget http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz - # gunzip -c GeoIPASNum.dat.gz > GeoIPASNum.dat - -Both files are updated regularly (about once a month). There are some -suggestions below on how to keep your ntop server up-to-date. - -1.2) OS fingerprint database - -ntop tries to identify the Operating System from the captures packages by -searching for a "fingerprint". It uses a table that needs to be downloaded -from the ettercap project on SourceForge: - - # cd /etc/ntop - # wget -O etter.finger.os http://ettercap.cvs.sourceforge.net/ettercap/ettercap_ng/share/etter.finger.os?rev=HEAD - -This file hasn't been updated since 2005, so it doesn't identify the more -modern OSs (Slackware 13.0 is identified as "Debian Linux" :-/ ) but it still -might be helpful. - -1.3) OUI database - -All MAC addresses contain a "Organizationally Unique Identifier" (OUI) to -identify the manufacturer. These OUIs are assigned by the IEEE Standards -Association. A table is included with ntop, but new OUIs are assigned almost -every day, so you might want to update the file now, before starting ntop: - - # cd /etc/ntop - # wget http://standards.ieee.org/regauth/oui/oui.txt - # gzip -c oui.txt > oui.txt.gz - -Since this file changes frequently, check the suggestions later in this file -on how to keep your ntop server up-to-date. - -2) Start & Stop scripts for ntop +1) Start & Stop scripts for ntop -------------------------------- -2.1) Automatic startup and shutdown +1.1) Automatic startup and shutdown If you want to start ntop on system bootup, include these lines in your /etc/rc.d/rc.local: @@ -93,14 +45,14 @@ To guarantee a clean shutdown of ntop, include this in /etc/rc.d/rc.ntop stop fi -2.2) Make /etc/rc.d/rc.ntop executable +1.2) Make /etc/rc.d/rc.ntop executable Additionally, you'll have to set the rc script to be executable just like any other Slackware rc script: # chmod +x /etc/rc.d/rc.ntop -3) Set the administrator password +2) Set the administrator password --------------------------------- When ntop is installed at the first time, you MUST set the administration @@ -113,7 +65,7 @@ For example: It will prompt you for the password and then exit. -4) Starting ntop +3) Starting ntop ---------------- Now you are ready to start ntop by calling the startup script: @@ -135,21 +87,11 @@ Fore more documentation on ntop, check: There are also some mailing lists you can subscribe to, that can be found on the pages mentioned above. -*** NOTE *** -* There have been some reports about ntop crashing (segfault) after any -* period between a couple of minutes to several hours. -* If this happens on your system, try disabling DNS resolution either from -* the menu (admin/configure/startup options/IP Prefs) or changing the rc.ntop -* file, adding the "-n" option to the line that starts ntop: -* /usr/bin/ntop --w3c -u $NTOPUID -n -d >> $NTOPLOG 2>&1 -* ^^ -*** end *** - -5) Keeping your ntop tables up-to-date +4) Keeping your ntop tables up-to-date -------------------------------------- -Now that your ntop server is running, you might want to keep the tables we -installed earlier updated automatically. +Now that your ntop server is running, you might want to keep some of the +tables that are installed updated automatically. I do this with a few simple shell scripts I copy to the /etc/cron.xxxx/ directories, where xxxx stands for: @@ -168,7 +110,13 @@ My suggestions are: Don't forget to make the script executable. -The following scripts are examples, feel free to adapt them to your reality: +The following scripts are examples for the GeoIP and OUI tables, feel free +to adapt them to your reality. + +The "OS Fingerprint" table has not changed for over five years, so I did not +create a script for it. +It you want, you can check for updates at: +http://ettercap.cvs.sourceforge.net/ettercap/ettercap_ng/share/etter.finger.os?rev=HEAD ============================================================================= ********************* -- cgit v1.2.3