-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathREADME
70 lines (48 loc) · 2.3 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
Installation
* Install zc.buildout:
At Ubuntu this is done via the command below
$ sudo apt-get install python-zc.build
* Run the buildout command to initialize and install the requirements
$ cp buildout.cfg.org buildout.cfg
$ python bootstrap.py
$ buildout2.7
* install mongodb server
$ sudo apt-get install mongodb-server
You may test the mongodb running my writing mongo to he command line
it you see an shell like below then you may continue with bro installation
$ mongo
MongoDB shell version: 2.0.4
connecting to: test
Requirements for Bro installation
$ sudo apt-get install libmagic-dev libgeoip-dev libpcap-dev libssl-dev libncurses5-dev g++ bison flex cmake swig2.0 make gcc g++ python-dev swig zlib1g-dev
$ ./configure --enable-debug
$ make
$ sudo make install
$ cd /usr/local/bro/bin
$ sudo broctl
$ install
$ start
$ stop
$ check
$ exit
$ /usr/local/bro/bin/bro -C -r pcap_fille.name should be working
* Bro is used both for protocol detection and TCP reassembly. To let Bro handle assemble the contents, a file should be changed. If you installed Bro to /usr/local/bro/ then edit the file /usr/local/bro/share/bro/base/protocols/conn/contents.bro as below
## If this variable is set to ``T``, then all contents of all connections
## will be extracted.
const default_extract = T &redef;
* make a directory named "uploads" where the setting.py file is.
$ mkdir uploads
$ chown a+w uploads
* tshark is required for an alternative method to detect application layer protocols where bro fails
$ sudo apt-get install tshark
* If you got backend errors like "django.core.exceptions.ImproperlyConfigured: 'django_mongodb_engine' isn't an available database backend."
install the django-mongodb backend manually
$ pip install hg+https://bitbucket.org/wkornewald/django-nonrel
$ pip install hg+https://bitbucket.org/wkornewald/djangotoolbox
$ pip install git+https://github.com/django-nonrel/mongodb-engine
Django projects requires a table creation first
$ bin/django syncdb
The project uses hachoir Python library, install them also
$ sudo apt-get install python-hachoir-* (i should add this part to the buildout configuration also)
* to handle smtp, it is required to install tcpflow. After checking the results of Bro and Tcpflow, for smtp, the created flows files seem more manageable.
$ sudo apt-get install tcpflow