Crash-Override.net

Benjamin 'blindcoder' Schieder - Code Collection

Home | Who am I?

Prerequisites

First, there are prerequisites to match.

Try these commands as root:

 

iptables -A INPUT -p tcp -m owner --uid-owner 0

iptables -D INPUT -p tcp -m owner --uid-owner 0

 

If this command succeeds without an error message, you can skip this paragraph. On Linux Kernel 2.6.17.7 (plus/minus a few versions) this command will succeed, but not account any data. You need to apply the kernel patch from the patches/ directory anyway.

Otherwise you need to patch your kernel and iptables. If you don't know how to do this, best contact your distributor.

The patches you need for iptables-1.3.3 and Linux 2.6.11.9 are contained in the patches/ directory in dragon.

Installing Dragon

Installation of Dragon is very straightforward.

First, you need to create a database for dragon in your MySQL server.

The MySQL command to create its necessary tables look like this:

 

CREATE TABLE `cache` (

`timestamp` bigint(20) default '0',

`ip` varchar(15) NOT NULL default '',

`flow` char(3) NOT NULL default '',

`protocol` varchar(4) NOT NULL default '',

`port` int(11) NOT NULL default '0',

`byte` bigint(20) NOT NULL default '0',

`pkts` bigint(20) NOT NULL default '0',

`uid` int(11) NOT NULL default '0',

`process` varchar(255) NOT NULL default ''

);

ALTER TABLE `cache` ADD INDEX ( `timestamp` );

 

CREATE TABLE `traffic` (

`timestamp` bigint(20) default '0',

`ip` varchar(15) NOT NULL default '',

`flow` char(3) NOT NULL default '',

`protocol` varchar(4) NOT NULL default '',

`port` int(11) NOT NULL default '0',

`byte` bigint(20) NOT NULL default '0',

`pkts` bigint(20) NOT NULL default '0',

`uid` int(11) NOT NULL default '0',

`process` varchar(255) NOT NULL default ''

);

ALTER TABLE `traffic` ADD INDEX ( `timestamp` );

 

Then you put the file "dragon.pl" somewhere where the root user can find it.

Copy the file etc/dragon.conf to /etc/ and adjust it. See UTA Configuration for details.

 

For the web frontend that displays the collected data in a human readable form just copy the files in the www/ subdirectory somewhere where your webserver can find it. At the top of functions.inc.php you have to enter information about hostname, database name, username and password of your MySQL database.

 

If you also want to use the caching (and yes, you DO want to use it) then add these cronjobs:

0 * * * * /usr/bin/wget -O /dev/null -o /dev/null server/dragon/cacheme.php

0 1 * * * /usr/bin/wget -O /dev/null -o /dev/null server/dragon/cacheme.php

 

That's all.