This repository has been archived by the owner on Jun 27, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathsetup.sh
executable file
·108 lines (87 loc) · 3.09 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#!/bin/sh
set -e
MAKE_FLAGS="-j$(nproc --all)"
apt-get update
#BRO deps
apt-get -y install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev
#BRO optional deps
apt-get -y install libgeoip-dev curl git libgoogle-perftools-dev sendmail python-pip
#PF RING deps
apt-get -y install build-essential linux-headers-$(uname -r) libnuma-dev
#Install the geoip db
curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoLiteCity.dat.gz
mv GeoLiteCity.dat /usr/share/GeoIP/
#CAF is required for BRO
git clone -b '0.14.6' --single-branch --depth 1 https://github.com/actor-framework/actor-framework.git
cd actor-framework
./configure
make $MAKE_FLAGS
make test
make install
cd ..
#IPSumdump is an optional dependency for BRO
curl -O http://www.read.seas.harvard.edu/~kohler/ipsumdump/ipsumdump-1.86.tar.gz
tar -xzf ipsumdump-1.86.tar.gz
cd ipsumdump-1.86
./configure
make $MAKE_FLAGS
make install
cd ..
#PF Ring is for FAST packet captures
git clone -b '6.6.0' https://github.com/ntop/PF_RING.git
#Install kernel module
cd PF_RING/kernel
make $MAKE_FLAGS
make install
modprobe pf_ring enable_tx_capture=0 min_num_slots=32768
echo "pf_ring enable_tx_capture=0 min_num_slots=32768" >> /etc/modules
#Install userland libraries
#PF Ring library
cd ../userland/lib
./configure --prefix=/usr/local/pfring
make $MAKE_FLAGS
make install
#PF Ring version of libpcap
cd ../libpcap
./configure --prefix=/usr/local/pfring
make $MAKE_FLAGS
make install
#Install PF Ring's tcpdump
cd ../tcpdump
./configure --prefix=/usr/local/pfring
make $MAKE_FLAGS
make install
#Add PF Ring's executables to the PATH
echo 'PATH=$PATH:/usr/local/pfring/bin:/usr/local/pfring/sbin' >> /etc/bash.bashrc
#Get BRO
cd ../../../
git clone -b 'v2.5.1' --recursive https://github.com/bro/bro.git
cd bro
./configure --prefix=/usr/local/bro --with-pcap=/usr/local/pfring
make $MAKE_FLAGS
make install
#Add Bro's executables to the PATH
echo 'PATH=$PATH:/usr/local/bro/bin' >> /etc/bash.bashrc
#Install Bro plugin manager
pip install bro-pkg
#Install and configure interface-setup plugin
bro-pkg install --force bro-interface-setup
cat << EOF >> /usr/local/bro/etc/broctl.cfg
###############################################
# Interface Setup Plugin Options
#interfacesetup.enabled=1
# To change the default mtu that is configured
interfacesetup.mtu=1500
# To change the default commands that are used to bring up the interface
#interfacesetup.up_command=/sbin/ifconfig {interface} up mtu {mtu}
#interfacesetup.flags_command=/sbin/ethtool -K {interface} gro off lro off rx off tx off gso off
# For FreeBSD systems uncomment this line
#interfacesetup.flags_command=/sbin/ifconfig {interface} -rxcsum -txcsum -tso4 -tso6 -lro -rxcsum6 -txcsum6 -vlanhwcsum -vlanhwtso
EOF
echo.
echo "Please edit /usr/local/bro/etc/node.cfg. The worker config must set lb_method=pf_ring.
Additionally, you must specify how many capture processes to run with lb_procs.
See https://www.bro.org/sphinx/configuration/index.html"
echo.
echo "To tune your interfaces for monitoring edit /usr/local/bro/etc/broctl.cfg and uncomment 'interfacesetup.enabled=1'."