Saturday, February 11, 2006

Monitoring system in 3 hours?

yeah .. i just managed to install a new monitoring system in 3 hours, using FreeBSD 6.0, PHP4.x, Mysql 4.x, Apache 1.3.x, BASE, SNORT2.3.x,Cacti 0.8x.

Here's are the step taken.

1) Install FreeBSD 6.0 with minimum packages
2) After configuring the new installed FreeBSD 6.0, update ports using cvsup.
here's the cvs-supfile

*default host=cvsup.jp.freebsd.org
*default base=/usr/local/etc/cvsup
*default prefix=/usr
*default tag=RELENG_6_0_0_RELEASE
*default release=cvs delete use-rel-suffix compress
# src-all //i dont want to update the source so i comment it out
ports-all tag=.
#doc-all tag=. //same goes to doc


3) since my network is firewalled, i need to tunnel cvsup through ssh.

ssh -L 5999:cvsup.jp.freebsd.org:5999 admin@p0rn.org
cvsup -g -L2 -h localhost

4)after a while (depend on your internet connection speed), updating will finish.
5) then i install mysql41-client and server using ports. Before perform mysql installation, makesure your hostname is localhost. After finished installing;

mysql_install_db
chown -R mysql /var/db/mysql/
chgrp -R mysql /var/db/mysql/
mysqld_safe & #now mysql running in the background.

6) Then change the password for the root

mysqladmin -u root password new-password

7)Installing apache1.3.x using ports also. Then configure it.
You just need to change entry with ServerName in httpd.conf before fire up your apache.
8)Installing php4.x using port.
9)Installing snort 2.3.x using port. Then configure snort.conf
define HOMENET and log type.

snort -T /usr/local/etc/snort.conf -i fxp0 #to test snort config -> off course not working

10) Import snort data schema into mysql

mysqladmin -u root -p create snort
mysql -u root -p snort <>GRANT ALL ON snort.* TO snortman@localhost IDENTIFIED BY 'shithead';
mysql>flush privileges;
mysql>quit

12) Install BASE also using port. Then browse to http://my-ip/base/; do some configurtion there and that.
13) Run snort as daemon and monitor from BASE.

snort -D -i fxp0

14)Time for cacti. It's very straight forward, no thinking needed, only balls required! Install everything using port.
15) Configure database for cacti

mysqladmin -u root -p create cacti
mysql -u root -p
mysql> GRANT ALL ON cacti.* TO www@localhost IDENTIFIED BY 'shitagain';
mysql>flush privileges;
mysql>quit

16) Configure /cacti_path/cacti/include/config.php
17) Browse to cacti http://my-ip/cacti/
18) Done.


Let teh system running over the weekend to see how's it going to perform. Before this, i used OBSD 3.7 and i have a lot of trouble keeping mysqld running. Let see how my new FreeBSD system perform..?

No comments: