-
Notifications
You must be signed in to change notification settings - Fork 4
/
INSTALL
180 lines (147 loc) · 6.79 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
=head1 INSTALLATION
These are the steps needed to install Healthcheck on a pristine Ubuntu Server 10.04LTS machine:
=over
=item *
Install and configure the engine part of DNSCheck (ignore the web part). See
L<http://github.com/dotse/dnscheck/>
=item *
Install the packages: libcrypt-openssl-random-perl libdbd-mysql-perl
libdigest-bubblebabble-perl libio-socket-inet6-perl libmime-lite-perl
libmail-rfc822-address-perl libnet-dns-perl libnet-dns-sec-perl
libtext-template-perl libyaml-perl libconfig-any-perl libgeo-ip-perl
libio-socket-ssl-perl libtext-csv-xs-perl couchdb libmodule-install-perl
libjson-any-perl libfile-slurp-perl libfile-copy-recursive-perl
libcatalyst-perl libcatalyst-modules-perl libtry-tiny-perl liburi-perl
libwww-perl git-core
The CouchDB version installed this way is ancient (0.10.0), but it should
work. If you can arrange to install a more modern version, that is definitely
a bonus. An easy way that I've found to work quite well is
L<https://github.com/iriscouch/build-couchdb>
=item *
Clone git://github.com/dotse/healthcheck.git into a suitable directory, the
checkout the couchdb branch.
=item *
Clone the git repositories git://github.com/cdybedahl/CDBHelper.git and
git://github.com/cdybedahl/couchdb-client.git
=item *
Do "perl Makefile.PL && sudo make install" in each of the two repositories.
=item *
Go to the F<healthcheck/Zonestat> directory and do it there too.
=item *
Install the perl module C<Catalyst::Plugin::Unicode::Encoding>, either from CPAN
directly or a debian-package built with C<dh-make-perl>.
=item *
Go to the F<healthcheck/Statweb> directory. Run C<perl Makefile.PL> and C<make>.
Both should run without errors or complaints.
=back
=head1 CONFIGURATION
At this point, the software should be able to run properly. What
remains is configuration. This resides in the directory F<share/zonestat>
in the directory that's set as the site prefix in Perl. You can see
what directory will be used by running the following at a command
line:
perl -MConfig -le 'print $Config{siteprefix} . "/share/zonestat"'
The configuration file will be loaded into a hash using the
L<Config::Any> perl module, so it can be written in a variety of
different formats, like JSON, YAML or XML. It should be stored in a
file in the directory mentioned above, and the file should be named
"config" with a suffix matching its format. So if it's an XML file, it
should be "config.xml". The example config here is in JSON, so it
would be in a file called F<config.json>.
Example config, with explanatory comments:
{
// Under this key are listed some programes and files needed for
// the gathering process.
"zonestat" : {
// If you want to use WhatWeb, set this to where the main script is
"whatweb" : "/some/proper/path/WhatWeb/whatweb",
// The following two keys are for a proprietary tool.
"python" : "/opt/local/bin/python",
"pageanalyzer" : "/some/proper/path/pageanalyzer",
// The plain old OpenSSL binary
"openssl" : "/opt/local/bin/openssl",
// A file with root certs, used together with openssl to check
// HTTPS certs.
"cacertfile" : "/opt/local/share/dnscheck/cacerts.pem",
// A tool to test SSL servers.
// http://sourceforge.net/projects/sslscan/
"sslscan" : "/some/proper/path/sslscan-win/sslscan"
},
// Connection information for the CouchDB instance to use. A
// number of databases will be created, all with names starting
// with "zonestat".
"couchdb" : {
"url" : "http://127.0.0.1:5984/",
"password" : null,
"username" : null
},
// If you use the functionality to import a zone via AXFR, this is
// where to store the data on disk.
"zone" : {
"datafile" : "/var/tmp/se.zone"
},
// How should we log things?
"syslog" : {
"ident" : "zonestat",
"facility" : "local2"
},
// Network-related information. Not all are used by Zonestat at
// the moment.
"net" : {
// The following three are flags, true if we may use the relevant protocol.
"ipv4" : "1",
"ipv6" : "1",
"smtp" : "1",
// The following two should be lists of proper suffixes to look
// up AS numbers for IP addresses via a Cymru-compatible DNS
// database. See http://asn.cymru.com/
"v6root" : [
"origin6.asn.cymru.com"
],
"v4root" : [
"origin.asn.cymru.com"
]
},
// Settings for the dispatcher.
"daemon" : {
// Where to stor the main process PID on startup.
"pidfile" : "/var/tmp/zonestat_dispatcher.pid",
// What user to change to after opening files, if started as root.
"user" : "called",
// Where is the GeoIP data file?
"geoip" : "/opt/local/share/GeoIP/GeoLiteCity.dat",
// Where to write error messages, if we can't send them to syslog for some reason
"errorlog" : "/var/tmp/zonestat_errors.log",
// Maximum number of concurrent gathering processes. How high
// you can set this depends heavily on how many (and how heavy)
// gathering tools you use (WhatWeb is the worst, for now), how
// many writes per second your database server can take and how
// much traffic the ISPs of the domains you're scanning will
// accept before they blacklist you.
"maxchild" : "20"
}
}
=head2 Modifying the DNSCheck configuration
In order to make the DNSCheck system record all the information we need, we
have to adjust the severity level of two of its messages. Go to the directory
where it stores its configuration files (it should be a sibling directory to
the one used by Zonestat) and see if there is a file called
C<site_policy.yaml>. If there isn't create it. If there is, edit it. In either
case, it should contain the following entries:
loglevels:
DNS:NAMESERVER_FOUND: info
DNS:FIND_MX_RESULT: info
=head1 RUNNING
The system has two main parts, the web interface and the gathering system. The
first is a plain old L<Catalyst> application, with no special needs. It does talk
to the CouchDB database, but it does so via the Zonestat modules, so as long
as those are correctly configured it should just work. The Statweb application
has been tested both as a FastCGI application and as running under mod_perl2.
The gathering part mainly consists of the C<zonestat-dispatcher.pl> script. It
can be copied to and run from wherever you like. When run without arguments it
will place itself in the background and run as a daemon, logging via syslog.
It will periodically poll the queue table in the database, and if it finds
something there it will spawn child processes to do the data collection. The
children will insert the data into the database.
And that's about it. The L<Statweb> Catalyst application needs to be run by some
sort of webserver, and the C<zonestat-dispatcher.pl> script needs to be running.