Ejemplos de configuración para squid-snort-nagios-ntop
Nota: no sé de dónde afané esto hace mil años... pero no consigo encontrarlo nuevamemte, así que, sigo copiándolo y pegándolo...
Tabla de Contenidos
In this paper we'll discuss how to make daemontools deafult "daemon starter" for four important services:
- squid (www.squid-cache.org)
- snort (www.snort.org)
- nagios (www.nagios.org)
- ntop (www.ntop.org)
Daemontools is a DJB powerful tool to make a service virtually invulnerable 
let's start, install it:
download: http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
gunzip daemontools-0.76.tar
tar -xpf daemontools-0.76.tar
rm daemontools-0.76.tarREAD THE INSTALLATION DOCUMENTATION and:
cd admin/daemontools-0.76
Compile and set up the daemontools programs:
package/install
after that, you must reboot if you have a DBS system.
The installation process have created the /service directory, and started svscan and other tools, now this document will not explain you the daemontools funcionality, but only standard configurations.
squid
Ok, I assume that you have correctly installed squid into /usr/squid prefix (./configure --prefix=/usr/squid etc. etc.) for example... and that squid works correctly (for squid problems, please read the FAQ).
now create the run file, needed by supervise to keep squid up.
the run file will appear like this:
exec ./bin/squid -d 1 -N -D \ -f ./etc/squid.conf \ 2>&1 | /usr/local/bin/multilog t s10000000000 n20 ./log
Ideally a | (pipe) must not appear in a run file, but we are not smart as djb, so we use it! :-))))
Important!!! Naturally you can put what options you want into the run script except cancel "-N", squid infact does not run in daemon mode whenever is started by daemontools. You'll see normal squid logs into the ./log directory, normal logging will be found in the logs directory (access.log etc. etc.)
after that,
root@norad:~# chmod 755 /usr/squid/run root@norad:~# ln -s /usr/squid /service
wait few seconds... and that's all squid is working and never stops!!!!
you can see if squid is running doing:
root@norad:~# svstat /service/squid
snort
Ok, I assume that you have correctly installed snort into /usr/snort prefix (./configure --prefix=/usr/snort etc. etc.) for example... and that snort works correctly (for snort problems, please read the FAQ).
Is suggested that you create an user and a group called "snort"
Now, choose your snort bootstrap options to put in your "run" script (snort --help command will help you). After that plase create a run file like this:
exec ./bin/snort -o -g snort -u snort \ -p -t /usr/snort \ -c ./etc/snort.conf \ -i eth0 \ 2>&1 | /usr/local/bin/multilog t s10000000000 n20 ./log
Ideally a | (pipe) must not appear in a run file, but we are not smart as djb, so we use it! :-))))
Important!!! Naturally you can put what options you want into the run script except "-D", snort infact does not run in daemon mode whenever is started by daemontools. You'll see normal snort logs into the ./log directory, normal logging and alerting will be found where you've configured it (snort.conf)
after that,
root@norad:~# chmod 700 /usr/snort/run /usr/snort root@norad:~# chown -R snort.snort /usr/snort root@norad:~# ln -s /usr/snort /service
wait few seconds... and that's all snort is working and never stops!!!!
you can see if snort is running doing:
root@norad:~# svstat /service/snort
nagios
Nagios... our network monitor!!!! so we need it to be always up to monitor our services and our serverz... Please install Nagios into a prefix adding --prefix=/some/where/nagios argument to the configure script
After installation, please make sure you nagios installation work correctly! we don't provide nagios support... read FAQ for these issues.
create our boring "run" script into /some/where/nagios with these lines:
exec ./bin/nagios \ ./etc/nagios.cfg \ 2>&1 | multilog t s10000000000 n20 ./log
put your favorite options... to use or not to use multilog...
root@norad:~# chmod 700 /some/where/nagios/run root@norad:~# ln -s /some/where/nagios /service
wait few seconds... and that's all nagios is working and never stops!!!!
you can see if nagios is running doing:
root@norad:~# svstat /service/nagios
ntop
Ntop... our network monitor!!!! so we need it to be always up to monitor our networks... Please install Ntop into a prefix adding --prefix=/some/where/ntop argument to the configure script
After installation, please make sure you ntop installation work correctly! we don't provide nagios support... read FAQ for these issues.
create our boring "run" script into /some/where/ntop with these lines:
exec ./bin/ntop -u unprivilegeduser \ -i eth0 -E -w 3000 -S 1 \ 2>&1 | multilog t s10000000000 n20 ./log #-b 192.168.0.3:4000 per il db
put your favorite options... to use or not to use multilog...
root@norad:~# chmod 700 /some/where/ntop/run root@norad:~# ln -s /some/where/ntop /service
wait few seconds... and that's all nagios is working and never stops!!!!
you can see if nagios is running doing:
root@norad:~# svstat /service/ntop
GOOD LUCK!!!!
None Copyright, Lombardo Federico 2002