source: trunk/docs/HOWTO-samhain-on-windows.html@ 236

Last change on this file since 236 was 18, checked in by rainer, 19 years ago

Optimized version of tiger algorithm, and basic ingredients for unit testing (part 2)

File size: 12.3 KB
RevLine 
[1]1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
2<html>
3<head>
4<title>HOWTO Samhain on Windows</title>
5<style type="text/css">
6<!--
7
8html { background: #eee; color: #000; }
9
10body { background: #eee; color: #000; margin: 0; padding: 0;}
11
12div.body {
13 background: #fff; color: #000;
14 margin: 0 1em 0 1em; padding: 1em;
15 font-family: serif;
16 font-size: 1em; line-height: 1.2em;
17 border-width: 0 1px 0 1px;
18 border-style: solid;
19 border-color: #aaa;
20}
21
22div.block {
23 background: #b6c5f2; color: #000;
24 margin: 1em; padding: 0 1em 0 1em;
25 border-width: 1px;
26 border-style: solid;
27 border-color: #2d4488;
28}
29
30div.warnblock {
31 background: #b6c5f2; color: #000;
32 margin: 1em; padding: 0 1em 0 1em;
33 border-width: 1px;
34 border-style: solid;
35 border-color: #FF9900;
36}
37
38table {
39 background: #F8F8F8; color: #000;
40 margin: 1em;
41 border-width: 0 0 0 1px;
42 border-style: solid;
43 border-color: #C0C0C0;
44}
45
46td {
47 border-width: 0 1px 1px 0;
48 border-style: solid;
49 border-color: #C0C0C0;
50}
51
52th {
53 background: #F8F8FF;
54 border-width: 1px 1px 2px 0;
55 border-style: solid;
56 border-color: #C0C0C0;
57}
58
59
60/* body text, headings, and rules */
61
62p { margin: 0; text-indent: 0em; margin: 0 0 0.5em 0 }
63
64h1, h2, h3, h4, h5, h6 {
65 color: #206020; background: transparent;
66 font-family: Optima, Arial, Helvetica, sans-serif;
67 font-weight: normal;
68}
69
70h1 { font-size: 1.69em; margin: 1.4em 0 0.4em 0; }
71h2 { font-size: 1.44em; margin: 1.4em 0 0.4em 0; }
72h3 { font-size: 1.21em; margin: 1.4em 0 0.4em 0; }
73h4 { font-size: 1.00em; margin: 1.4em 0 0.4em 0; }
74h5 { font-size: 0.81em; margin: 1.4em 0 0.4em 0; }
75h6 { font-size: 0.64em; margin: 1.4em 0 0.4em 0; }
76
77hr {
78 color: transparent; background: transparent;
79 height: 0px; margin: 0.6em 0;
80 border-width: 1px ;
81 border-style: solid;
82 border-color: #999;
83}
84
85/* bulleted lists and definition lists */
86
87ul { margin: 0 1em 0.6em 2em; padding: 0; }
88li { margin: 0.4em 0 0 0; }
89
90dl { margin: 0.6em 1em 0.6em 2em; }
91dt { color: #285577; }
92
93tt { color: #602020; }
94
95/* links */
96
97a.link {
98 color: #33c; background: transparent;
99 text-decoration: none;
100}
101
102a:hover {
103 color: #000; background: transparent;
104}
105
106body > a {
107 font-family: Optima, Arial, Helvetica, sans-serif;
108 font-size: 0.81em;
109}
110
111h1, h2, h3, h4, h5, h6 {
112 color: #2d5588; background: transparent;
113 font-family: Optima, Arial, Helvetica, sans-serif;
114 font-weight: normal;
115}
116
117 -->
118</style></head>
119<body>
120<div class="body">
121<p style="text-align: center; background: #ccc; border: 1px solid #2d5588;"><a
122 style="text-decoration: none;"
123 href="http://www.la-samhna.de/samhain/">samhain file integrity
124 scanner</a>&nbsp;|&nbsp;<a style="text-decoration: none;"
125 href="http://www.la-samhna.de/samhain/s_documentation.html">online
126 documentation</a></p>
127<br><center>
128<h1>Using Samhain on Windows</h1>
129</center>
130<br>
131<hr>
132<p>
133This document aims to explain how to compile and run
134samhain on Windows with the
135<b>Cygwin</b> POSIX emulation layer, and how to install it as a service.
136These instructions have been written by Kris Dom,
[18]137who has tested this on WinXP Professional, with additions by Geries Handal
138and Jorge Morgado.
[1]139</p>
140<div class="block">
141<h3>Interix / Services For UNIX</h3>
142<p>
143Samhain can also be used with Interix/SFU 3.5. Note that in Interix,
144the Windows
145filesystem is referred as <tt>/dev/fs/C</tt>, while in Cygwin it
146is <tt>/cygdrive/c</tt> (both refers to the <tt>C:</tt> drive; other drives
147are analogous).
148</p><p>
149Older versions of samhain would need to be built with
150<tt>./configure&nbsp;--disable-mail</tt> (i.e. without support for email
151logging) because Interix does not provide some of the required functionality
152to build the email module. This issue should be fixed as of samhain
[18]153version 2.0.7 (not tested).<br />
154[Based on information kindly provided by Geries Handal].
[1]155</p>
156</div>
157
158<h2>Cygwin installation procedure to compile samhain</h2>
159
160<h3>Cygwin download</h3>
161
162<ul>
163<li>
164Make a temporary directory to store cygwin installer (e.g. c:\temp\cygwin)
165</li>
166<li>
167Surf to <a href="http://www.cygwin.com">http://www.cygwin.com</a>
168to download cygwin
169</li>
170<li>
171Use the &quot;install or update now (using setup.exe)&quot; to
172download the installer in c:\temp\cygwin
173</li>
174<li>
175Execute &quot;setup.exe&quot; in c:\temp\cygwin
176</li>
177<li>
178Choose the &quot;download from the Internet&quot; option
179</li>
180<li>
181Choose &quot;c:\temp\cygwin&quot; as 'Local Package Directory'
182</li>
183<li>
184Choose an FTP site
185</li>
186<li>
187Click on 'Default' just after 'All' to change the installation type
188from 'Default' to 'Install'. This will most likely install way too much
189stuff but I am not familiar with Cygwin, so this way I know that all libs and
190compilers are installed.
191</li>
192<li>
193Let it download the stuff (there is a lot to download so be patient).
194</li>
195</ul>
[18]196<div class="block">
197<p>
198You don't need to download and install All packages. It is enough to keep
199the Default and then add the following additional packages:
200</p>
201<p>
202 Category Devel -> gcc: C compiler upgrade helper<br/>
203 Category Devel -> make: The GNU version of the 'make' utility<br/>
204 Category Libs -> minires: A simple synchronous non caching stub resolver<br/>
205</p>
206<p>
207When selecting these packages, Cygwin installer will automatically add
208other packages based on their dependencies.
209The package minires is only necessary for a minimal Cygwin installation
210(below). [Kindly pointed out by Jorge Morgado].
211</p>
212</div>
[1]213
214<h3>Cygwin installation</h3>
215
216<ul>
217<li>
218When the download is complete you have the Cygwin software in the
219temporary directory, however, it still needs to be installed.
220</li>
221<li>
222To install, execute the &quot;setup.exe&quot; in &quot;c:\temp\cygwin&quot;
223</li>
224<li>
225Choose the &quot;Install from local directory&quot; option.
226</li>
227<li>
228Choose &quot;C:\Cygwin&quot; as root directory (this will be the Unix '/')
229</li>
230<li>
231Choose the Local Package Directory: &quot;c:\temp\cygwin&quot;
232</li>
233<li>
234Click on 'Default' just after 'All' to change the installation type
235from 'Default' to 'Install'.
236</li>
237<li>
238Let it install Cygwin (this will take some time so be patient).
239</li>
240</ul>
241
242<h3>Samhain install procedure (used 'samhain 1.8.7a' in this procedure)</h3>
243<p>
244(in the following procedure I use my personal preferences)
245</p>
246
247<ul>
248<li>
249Start up Cygwin using the &quot;Cygwin&quot; icon on the desktop (a classic
250Unix environment will be started).
251</li>
252<li>
253Download the 'samhain' gzip/tar (I always put in my home directory)
254</li>
255<li>
256Make directories to install samhain (taking into account the configure
257options):<br />
258&nbsp; &nbsp;<tt>$ mkdir /usr/local/sbin</tt><br />
259&nbsp; &nbsp;<tt>$ mkdir /usr/local/var</tt><br />
260&nbsp; &nbsp;<tt>$ mkdir /usr/local/log</tt><br />
261&nbsp; &nbsp;<tt>$ mkdir /usr/local/tmp</tt><br />
262</li>
263<li>Go to the home directory:<br />
264&nbsp; &nbsp;<tt>$ cd $HOME</tt>
265</li>
266<li>Un-gzip and untar the samhain package:<br />
267&nbsp; &nbsp;<tt>$ gunzip samhain-1.8.7a.tar.gz</tt><br />
268&nbsp; &nbsp;<tt>$ tar xvf samhain-1.8.7a.tar</tt><br />
269</li>
270<li>Go to the samhain directory:<br />
271&nbsp; &nbsp;<tt>$ cd samhain-1.8.7a</tt><br />
272</li>
273<li>Configure:<br />
274&nbsp; &nbsp;<tt>$ ./configure --enable-xml-log=yes --with-tmp-dir=/usr/local/tmp --with-config-file=/usr/local/etc/samhainrc --with-log-file=/usr/local/log/samhain.log --with-pid-file=/usr/local/var/samhain.pid --with-state-dir=/usr/local/var</tt><br />
275</li>
276<li>Make the binary:<br />
277&nbsp; &nbsp;<tt>$ make</tt><br />
278</li>
279<li>Install samhain:<br />
280&nbsp; &nbsp;<tt>$ make install</tt><br />
281</li>
282<li>Now configure the &quot;/usr/local/etc/samhainrc&quot; file.<br />
283Remember: &quot;C:\&quot; -&gt; &quot;/cygdrive/c/&quot;
284</li>
285<li>Initialize the samhain local baseline database:<br />
286&nbsp; &nbsp;<tt>$ /usr/local/sbin/samhain -t init</tt><br />
287</li>
288<li>Start it up:<br />
289&nbsp; &nbsp;<tt>$ /usr/local/sbin/samhain -t check</tt><br />
290</li>
291</ul>
292
293
294<h2>Cygwin minimal installation procedure to run samhain</h2>
295
296<ul>
297<li>
298Files needed to create a service (from NT/W2K Resource Kit):
299 <ul>
300 <li>
301 instsrv.exe
302 </li>
303 <li>
304 srvany.exe
305 </li>
306 </ul>
307</li>
308<li>
309First copy these files to the &quot;%winnt%\system32&quot; directory.
310</li>
311<li>
312Files needed to run the 'samhain.exe'. Copy the following .dll from the
313Cygwin setup (c:\Cygwin\bin) to the &quot;%winnt%\system32&quot; directory:
314 <ul>
315 <li>
316 cygwin1.dll
317 </li>
318 <li>
319 cygminires.dll
320 </li>
321 </ul>
322</li>
323<li>
[18]324Files needed from c:\Cygwin\bin to create the /etc/passwd and /etc/group files:
325 <ul>
326 <li>
327 mkpasswd.exe
328 </li>
329 <li>
330 mkgroup.exe
331 </li>
332 </ul>
333<p>
334To generate these files on a minimal Cygwin installation execute - on a
335Windows Command Prompt:
336</p><p>
337&nbsp; &nbsp;<tt>mkdir c:\etc</tt><br />
338&nbsp; &nbsp;<tt>path\to\mkpasswd.exe -l > c:\etc\passwd</tt><br />
339&nbsp; &nbsp;<tt>path\to\mkgroup.exe -l > c:\etc\group</tt>
340</p><p>
341IMPORTANT NOTE: You should re-create these two files, each time the
342Windows users and groups accounts database changes. Failing to do this
343might generate critical log messages (depending on your configuration
344file).
345</p>
346</li>
347<li>
[1]348Create a directory structure for samhain (following the compilation options
349you used)<br />
350&nbsp; &nbsp;- in a DOS box (or via Windows Explorer)<br />
351&nbsp; &nbsp;<tt>mkdir c:\usr</tt><br />
352&nbsp; &nbsp;<tt>mkdir c:\usr\local</tt><br />
353&nbsp; &nbsp;<tt>mkdir c:\usr\local\sbin</tt><br />
354&nbsp; &nbsp;<tt>mkdir c:\usr\local\var</tt><br />
355&nbsp; &nbsp;<tt>mkdir c:\usr\local\tmp</tt><br />
356&nbsp; &nbsp;<tt>mkdir c:\usr\local\log</tt><br />
357&nbsp; &nbsp;<tt>mkdir c:\usr\local\etc</tt><br />
358</li>
359<li>
360Use the &quot;instsrv.exe&quot; binary to create a new service:<br />
361&nbsp; &nbsp;<tt>instsrv.exe samhain c:\windows\system32\srvany.exe</tt><br />
362&nbsp; &nbsp;(this will create a service called &quot;Samhain&quot; that will
363start the &quot;srvany.exe&quot; process).
364</li>
365<li>Now edit the registry to change the startup parameters for the newly
366created service:
367 <ul>
368 <li>regedit</li>
369 <li>HKEY_LOCAL_MACHINE-&gt;SYSTEM-&gt;CurrentControlSet-&gt;Services-&gt;Samhain</li>
370 <li>Add a String value (type: REG_SZ called: &quot;Description&quot;) under the 'Samhain' key</li>
371 <li>Open the newly created &quot;Description&quot; value and fill in a description for the 'Samhain' service</li>
372 <li>Add a key to specify what file the &quot;srvany.exe&quot; process must start:<br />
373 &nbsp; &nbsp;Edit-&gt;New-&gt;Key called &quot;Parameters&quot;
374 </li>
375 <li>Under the newly created &quot;Parameters&quot; key, add a new String
[18]376 value called &quot;Application&quot;.<br />
377 &nbsp; &nbsp;The value for &quot;Application&quot;
[1]378 should be &quot;c:\usr\local\sbin\samhain.exe&quot;.</li>
379 </ul>
380</li>
381<li>
382Make sure that in the &quot;samhainrc&quot; file, you have used
383&quot;/cygdrive/c&quot; to refer to &quot;c:&quot;
384</li>
385<li>
386Initialize the samhain baseline database first:<br />
387&nbsp; &nbsp;<tt>c:\usr\local\sbin\samhain -t init</tt><br />
388</li>
389<li>
390Reboot (it is Windows so ...)
391</li>
392</ul>
393<p>
[18]394Also see <a href="http://support.microsoft.com/kb/q137890/">http://support.microsoft.com/kb/q137890/</a> for information regarding the creation of a
395user-defined service.
396</p>
397<p>
[1]398Note: the first time I tried to install samhain as an NT service, I first
399installed a default Cygwin on the system. This however made things much more
400complex. I think when there is no Cygwin installed, it is more easy to install
401Samhain as a service.
402</p>
[18]403
404
405<h2>Troubleshooting samhain</h2>
406
407<p>
408[Tip from Jorge Morgado] If you, like me, have a Windows server not part of any domain and (for
409security reasons) you even turn off DNS resolution, you might probably get
410the following error when initializing the baseline database:
411</p>
412<pre>
413 --------- sh_unix.c --- 1487 ---------
414 According to uname, your nodename is yourcomputername, but your resolver
415 library cannot resolve this nodename to a FQDN.
416 Rather, it resolves this to yourcomputername.
417 For more information, see the entry about self-resolving under
418 'Most frequently' in the FAQ that you will find in the docs/ subdirectory
419 ----------------------------------------------
420</pre>
421<p>
422To fix this problem open the Registry Editor and create the following
423entries under the key
424HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
425</p>
426<p>
427<tt>
428Name: Domain<br/>
429Type: REG_SZ<br/>
430Data: your.domain.name
431</tt>
432</p><p>
433<tt>
434Name: NV Domain<br/>
435Type: REG_SZ<br/>
436Data: your.domain.name
437</tt>
438</p><p>
439The NV Domain registry value contains the computer's primary DNS suffix
440while the Domain registry value contains the computer's primary DNS
441domain. This will make the warning message go away.
442</p>
[1]443</div>
444</body>
445</html>
Note: See TracBrowser for help on using the repository browser.