README.Slackware ================ This file contains some specific instructions to complete the installation of ntop on Slackware. 0) Before running the SlackBuild script --------------------------------------- 0.1) ntop group & user Before running the ntop.SlackBuild script, you will need to create the 'ntop' user and group. The script won't run if these do not exist. The suggested UID and GID is 212, but you can change this as needed: # groupadd -g 212 ntop # useradd -u 212 -g ntop -d /var/lib/ntop -s /bin/false ntop If you want to use a different user and/or group under which to run ntop, you can pass alternate values to the NTOPUSER and NTOPGROUP variables when running the build script. 1) Start & Stop scripts for ntop -------------------------------- 1.1) Automatic startup and shutdown If you want to start ntop on system bootup, include these lines in your /etc/rc.d/rc.local: # Start ntop if [ -x /etc/rc.d/rc.ntop ]; then echo "Starting ntop..." /etc/rc.d/rc.ntop start fi To guarantee a clean shutdown of ntop, include this in /etc/rc.d/rc.local_shutdown: # Stop ntop if [ -x /etc/rc.d/rc.ntop ]; then echo "Stopping ntop..." /etc/rc.d/rc.ntop stop fi 1.2) Make /etc/rc.d/rc.ntop executable Additionally, you'll have to set the rc script to be executable just like any other Slackware rc script: # chmod +x /etc/rc.d/rc.ntop 2) Set the administrator password --------------------------------- When ntop is installed at the first time, you MUST set the administration password for ntop (user 'admin'). You do that by running ntop with the option -A (or --set-admin-password) as root: # /usr/bin/ntop -P <ntop_homedirectory> -u <ntopuser> -A For example: # /usr/bin/ntop -P /var/lib/ntop -u ntop -A It will prompt you for the password and then exit. 3) Starting ntop ---------------- Now you are ready to start ntop by calling the startup script: # /etc/rc.d/rc.ntop start Once ntop has started and configured correctly, you should be able to look at all the data it's collected by pointing your browser at: http://(ip-of-your-ntop-server):3000/ Browse through the configuration menu (Admin / Configure / Startup options) to set the interfaces you want to capture and many more parameters. Fore more documentation on ntop, check: - http://www.ntop.org/documentation.html - http://www.ntop.org/needHelp.html There are also some mailing lists you can subscribe to, that can be found on the pages mentioned above. 4) Keeping your ntop tables up-to-date -------------------------------------- Now that your ntop server is running, you might want to keep some of the tables that are installed updated automatically. I do this with a few simple shell scripts I copy to the /etc/cron.xxxx/ directories, where xxxx stands for: - hourly - daily - weekly - monthly So saving a script in /etc/cron.weekly/ means it will be run every week. Saving it in /etc/cron/monthly/ means it will run once a month, etc. My suggestions are: - save ntop_update_geoip in /etc/cron.weekly - save ntop_update_oui in /etc/cron.daily Don't forget to make the script executable. The following scripts are examples for the GeoIP and OUI tables, feel free to adapt them to your reality. The "OS Fingerprint" table has not changed since 2005, so I did not create a script for it. If you want, you can check for updates at: http://ettercap.cvs.sourceforge.net/ettercap/ettercap_ng/share/etter.finger.os?rev=HEAD ============================================================================= ********************* * ntop_update_geoip * - Suggestion: save in /etc/cron.weekly ********************* ----------------------------------------------------------------------------- #!/bin/sh # # ntop_update_geoip: update GeoIP tables UPDATE_DIR="/etc/ntop" UPDATE_LOG="/var/log/ntop_update.log" UPDATE_OUT="wget.out" UPDATES="\ http://geolite.maxmind.com/download/geoip/database/,GeoLiteCity.dat \ http://geolite.maxmind.com/download/geoip/database/asnum/,GeoIPASNum.dat" cd $UPDATE_DIR for update in $UPDATES; do update_url=`echo $update | awk -F , {'print $1'}` update_file=`echo $update | awk -F , {'print $2'}` wget -o $UPDATE_OUT -N ${update_url}${update_file}.gz WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?) if [ $WGET_TEST -eq "0" ]; then tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG gunzip -c ${update_file}.gz > ${update_file} fi done rm $UPDATE_OUT ============================================================================= ******************* * ntop_update_oui * - Suggestion: save in /etc/cron.daily ******************* ----------------------------------------------------------------------------- #!/bin/sh # # ntop_update_oui: update OUI table UPDATE_DIR="/etc/ntop" UPDATE_LOG="/var/log/ntop_update.log" UPDATE_OUT="wget.out" UPDATES="\ http://standards.ieee.org/regauth/oui/,oui.txt" cd $UPDATE_DIR for update in $UPDATES; do update_url=`echo $update | awk -F , {'print $1'}` update_file=`echo $update | awk -F , {'print $2'}` wget -o $UPDATE_OUT -N ${update_url}${update_file} WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?) if [ $WGET_TEST -eq "0" ]; then tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG gzip -c ${update_file} > ${update_file}.gz fi done rm $UPDATE_OUT ============================================================================= (Note that there are some subtle differences between the scripts, so beware when copying)