aboutsummaryrefslogtreecommitdiff
path: root/network/ntop/README.SLACKWARE
blob: fc5a9731886a75591baae29c466a95987e9d8b24 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
README.Slackware
================

This file contains some specific instructions to complete the
installation of ntop on Slackware.

0) Before running the SlackBuild script
---------------------------------------

0.1) ntop group & user

Before running the ntop.SlackBuild script, you will need to create
the 'ntop' user and group. The script won't run if these do not
exist.

The suggested UID and GID is 212, but you can change this as needed:

  # groupadd -g 212 ntop
  # useradd -u 212 -g ntop -d /var/lib/ntop -s /bin/false ntop

If you want to use a different user and/or group under which to run
ntop, you can pass alternate values to the NTOPUSER and NTOPGROUP variables
when running the build script.

1) Start & Stop scripts for ntop
--------------------------------

1.1) Automatic startup and shutdown

If you want to start ntop on system bootup, include these lines in your
/etc/rc.d/rc.local:

  # Start ntop
  if [ -x /etc/rc.d/rc.ntop ]; then
    echo "Starting ntop..."
    /etc/rc.d/rc.ntop start
  fi

To guarantee a clean shutdown of ntop, include this in 
/etc/rc.d/rc.local_shutdown:

  # Stop ntop
  if [ -x /etc/rc.d/rc.ntop ]; then
    echo "Stopping ntop..."
    /etc/rc.d/rc.ntop stop
  fi

1.2) Make /etc/rc.d/rc.ntop executable

Additionally, you'll have to set the rc script to be executable just like 
any other Slackware rc script:

  # chmod +x /etc/rc.d/rc.ntop

2) Set the administrator password
---------------------------------

When ntop is installed at the first time, you MUST set the administration 
password for ntop (user 'admin'). You do that by running ntop with the 
option -A (or --set-admin-password) as root:
# /usr/bin/ntop -P <ntop_homedirectory> -u <ntopuser> -A
For example:

  # /usr/bin/ntop -P /var/lib/ntop -u ntop -A

It will prompt you for the password and then exit. 

3) Starting ntop
----------------

Now you are ready to start ntop by calling the startup script:

  # /etc/rc.d/rc.ntop start

Once ntop has started and configured correctly, you should be able to look 
at all the data it's collected by pointing your browser at:

  http://(ip-of-your-ntop-server):3000/

Browse through the configuration menu (Admin / Configure / Startup options)
to set the interfaces you want to capture and many more parameters.

Fore more documentation on ntop, check:
- http://www.ntop.org/documentation.html
- http://www.ntop.org/needHelp.html

There are also some mailing lists you can subscribe to, that can be found on
the pages mentioned above.

4) Keeping your ntop tables up-to-date
--------------------------------------

Now that your ntop server is running, you might want to keep some of the
tables that are installed updated automatically.

I do this with a few simple shell scripts I copy to the /etc/cron.xxxx/
directories, where xxxx stands for:

  - hourly
  - daily
  - weekly
  - monthly

So saving a script in /etc/cron.weekly/ means it will be run every week.
Saving it in /etc/cron/monthly/ means it will run once a month, etc.

My suggestions are:
  - save ntop_update_geoip	in /etc/cron.weekly
  - save ntop_update_oui	in /etc/cron.daily

Don't forget to make the script executable.

The following scripts are examples for the GeoIP and OUI tables, feel free 
to adapt them to your reality.

The "OS Fingerprint" table has not changed for over five years, so I did not
create a script for it.
It you want, you can check for updates at:
http://ettercap.cvs.sourceforge.net/ettercap/ettercap_ng/share/etter.finger.os?rev=HEAD

=============================================================================
*********************
* ntop_update_geoip * - Suggestion: save in /etc/cron.weekly
*********************
-----------------------------------------------------------------------------
#!/bin/sh
#
# ntop_update_geoip:    update GeoIP tables

UPDATE_DIR="/etc/ntop"
UPDATE_LOG="/var/log/ntop_update.log"
UPDATE_OUT="wget.out"
UPDATES="\
http://geolite.maxmind.com/download/geoip/database/,GeoLiteCity.dat \
http://geolite.maxmind.com/download/geoip/database/asnum/,GeoIPASNum.dat"

cd $UPDATE_DIR

for update in $UPDATES; do
         update_url=`echo $update | awk -F , {'print $1'}`
        update_file=`echo $update | awk -F , {'print $2'}`

        wget -o $UPDATE_OUT -N ${update_url}${update_file}.gz
        WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
        if [ $WGET_TEST -eq "0" ]; then
                tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
                gunzip -c ${update_file}.gz > ${update_file}
        fi
done

rm $UPDATE_OUT
=============================================================================
*******************
* ntop_update_oui * - Suggestion: save in /etc/cron.daily
*******************
-----------------------------------------------------------------------------
#!/bin/sh
#
# ntop_update_oui:      update OUI table

UPDATE_DIR="/etc/ntop"
UPDATE_LOG="/var/log/ntop_update.log"
UPDATE_OUT="wget.out"
UPDATES="\
http://standards.ieee.org/regauth/oui/,oui.txt"

cd $UPDATE_DIR

for update in $UPDATES; do
         update_url=`echo $update | awk -F , {'print $1'}`
        update_file=`echo $update | awk -F , {'print $2'}`

        wget -o $UPDATE_OUT -N ${update_url}${update_file}
        WGET_TEST=$(grep "saved" $UPDATE_OUT > /dev/null 2> /dev/null; echo $?)
        if [ $WGET_TEST -eq "0" ]; then
                tail -n2 $UPDATE_OUT | head -n1 >> $UPDATE_LOG
                gzip -c ${update_file} > ${update_file}.gz
        fi
done
 
rm $UPDATE_OUT
=============================================================================

(Note that there are some subtle differences between the scripts, so beware
when copying)