1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
---|
2 | <html>
|
---|
3 | <head>
|
---|
4 | <title>HOWTO Samhain on Windows</title>
|
---|
5 | <style type="text/css">
|
---|
6 | <!--
|
---|
7 |
|
---|
8 | html { background: #eee; color: #000; }
|
---|
9 |
|
---|
10 | body { background: #eee; color: #000; margin: 0; padding: 0;}
|
---|
11 |
|
---|
12 | div.body {
|
---|
13 | background: #fff; color: #000;
|
---|
14 | margin: 0 1em 0 1em; padding: 1em;
|
---|
15 | font-family: serif;
|
---|
16 | font-size: 1em; line-height: 1.2em;
|
---|
17 | border-width: 0 1px 0 1px;
|
---|
18 | border-style: solid;
|
---|
19 | border-color: #aaa;
|
---|
20 | }
|
---|
21 |
|
---|
22 | div.block {
|
---|
23 | background: #b6c5f2; color: #000;
|
---|
24 | margin: 1em; padding: 0 1em 0 1em;
|
---|
25 | border-width: 1px;
|
---|
26 | border-style: solid;
|
---|
27 | border-color: #2d4488;
|
---|
28 | }
|
---|
29 |
|
---|
30 | div.warnblock {
|
---|
31 | background: #b6c5f2; color: #000;
|
---|
32 | margin: 1em; padding: 0 1em 0 1em;
|
---|
33 | border-width: 1px;
|
---|
34 | border-style: solid;
|
---|
35 | border-color: #FF9900;
|
---|
36 | }
|
---|
37 |
|
---|
38 | table {
|
---|
39 | background: #F8F8F8; color: #000;
|
---|
40 | margin: 1em;
|
---|
41 | border-width: 0 0 0 1px;
|
---|
42 | border-style: solid;
|
---|
43 | border-color: #C0C0C0;
|
---|
44 | }
|
---|
45 |
|
---|
46 | td {
|
---|
47 | border-width: 0 1px 1px 0;
|
---|
48 | border-style: solid;
|
---|
49 | border-color: #C0C0C0;
|
---|
50 | }
|
---|
51 |
|
---|
52 | th {
|
---|
53 | background: #F8F8FF;
|
---|
54 | border-width: 1px 1px 2px 0;
|
---|
55 | border-style: solid;
|
---|
56 | border-color: #C0C0C0;
|
---|
57 | }
|
---|
58 |
|
---|
59 |
|
---|
60 | /* body text, headings, and rules */
|
---|
61 |
|
---|
62 | p { margin: 0; text-indent: 0em; margin: 0 0 0.5em 0 }
|
---|
63 |
|
---|
64 | h1, h2, h3, h4, h5, h6 {
|
---|
65 | color: #206020; background: transparent;
|
---|
66 | font-family: Optima, Arial, Helvetica, sans-serif;
|
---|
67 | font-weight: normal;
|
---|
68 | }
|
---|
69 |
|
---|
70 | h1 { font-size: 1.69em; margin: 1.4em 0 0.4em 0; }
|
---|
71 | h2 { font-size: 1.44em; margin: 1.4em 0 0.4em 0; }
|
---|
72 | h3 { font-size: 1.21em; margin: 1.4em 0 0.4em 0; }
|
---|
73 | h4 { font-size: 1.00em; margin: 1.4em 0 0.4em 0; }
|
---|
74 | h5 { font-size: 0.81em; margin: 1.4em 0 0.4em 0; }
|
---|
75 | h6 { font-size: 0.64em; margin: 1.4em 0 0.4em 0; }
|
---|
76 |
|
---|
77 | hr {
|
---|
78 | color: transparent; background: transparent;
|
---|
79 | height: 0px; margin: 0.6em 0;
|
---|
80 | border-width: 1px ;
|
---|
81 | border-style: solid;
|
---|
82 | border-color: #999;
|
---|
83 | }
|
---|
84 |
|
---|
85 | /* bulleted lists and definition lists */
|
---|
86 |
|
---|
87 | ul { margin: 0 1em 0.6em 2em; padding: 0; }
|
---|
88 | li { margin: 0.4em 0 0 0; }
|
---|
89 |
|
---|
90 | dl { margin: 0.6em 1em 0.6em 2em; }
|
---|
91 | dt { color: #285577; }
|
---|
92 |
|
---|
93 | tt { color: #602020; }
|
---|
94 |
|
---|
95 | /* links */
|
---|
96 |
|
---|
97 | a.link {
|
---|
98 | color: #33c; background: transparent;
|
---|
99 | text-decoration: none;
|
---|
100 | }
|
---|
101 |
|
---|
102 | a:hover {
|
---|
103 | color: #000; background: transparent;
|
---|
104 | }
|
---|
105 |
|
---|
106 | body > a {
|
---|
107 | font-family: Optima, Arial, Helvetica, sans-serif;
|
---|
108 | font-size: 0.81em;
|
---|
109 | }
|
---|
110 |
|
---|
111 | h1, h2, h3, h4, h5, h6 {
|
---|
112 | color: #2d5588; background: transparent;
|
---|
113 | font-family: Optima, Arial, Helvetica, sans-serif;
|
---|
114 | font-weight: normal;
|
---|
115 | }
|
---|
116 |
|
---|
117 | -->
|
---|
118 | </style></head>
|
---|
119 | <body>
|
---|
120 | <div class="body">
|
---|
121 | <p style="text-align: center; background: #ccc; border: 1px solid #2d5588;"><a
|
---|
122 | style="text-decoration: none;"
|
---|
123 | href="http://www.la-samhna.de/samhain/">samhain file integrity
|
---|
124 | scanner</a> | <a style="text-decoration: none;"
|
---|
125 | href="http://www.la-samhna.de/samhain/s_documentation.html">online
|
---|
126 | documentation</a></p>
|
---|
127 | <br><center>
|
---|
128 | <h1>Using Samhain on Windows</h1>
|
---|
129 | </center>
|
---|
130 | <br>
|
---|
131 | <hr>
|
---|
132 | <p>
|
---|
133 | This document aims to explain how to compile and run
|
---|
134 | samhain on Windows with the
|
---|
135 | <b>Cygwin</b> POSIX emulation layer, and how to install it as a service.
|
---|
136 | These instructions have been written by Kris Dom,
|
---|
137 | who has tested this on WinXP Professional.
|
---|
138 | </p>
|
---|
139 | <div class="block">
|
---|
140 | <h3>Interix / Services For UNIX</h3>
|
---|
141 | <p>
|
---|
142 | Samhain can also be used with Interix/SFU 3.5. Note that in Interix,
|
---|
143 | the Windows
|
---|
144 | filesystem is referred as <tt>/dev/fs/C</tt>, while in Cygwin it
|
---|
145 | is <tt>/cygdrive/c</tt> (both refers to the <tt>C:</tt> drive; other drives
|
---|
146 | are analogous).
|
---|
147 | </p><p>
|
---|
148 | Older versions of samhain would need to be built with
|
---|
149 | <tt>./configure --disable-mail</tt> (i.e. without support for email
|
---|
150 | logging) because Interix does not provide some of the required functionality
|
---|
151 | to build the email module. This issue should be fixed as of samhain
|
---|
152 | version 2.0.7 (not tested).<br />[Based on information kindly provided by Geries Handal].
|
---|
153 | </p>
|
---|
154 | </div>
|
---|
155 |
|
---|
156 | <h2>Cygwin installation procedure to compile samhain</h2>
|
---|
157 |
|
---|
158 | <h3>Cygwin download</h3>
|
---|
159 |
|
---|
160 | <ul>
|
---|
161 | <li>
|
---|
162 | Make a temporary directory to store cygwin installer (e.g. c:\temp\cygwin)
|
---|
163 | </li>
|
---|
164 | <li>
|
---|
165 | Surf to <a href="http://www.cygwin.com">http://www.cygwin.com</a>
|
---|
166 | to download cygwin
|
---|
167 | </li>
|
---|
168 | <li>
|
---|
169 | Use the "install or update now (using setup.exe)" to
|
---|
170 | download the installer in c:\temp\cygwin
|
---|
171 | </li>
|
---|
172 | <li>
|
---|
173 | Execute "setup.exe" in c:\temp\cygwin
|
---|
174 | </li>
|
---|
175 | <li>
|
---|
176 | Choose the "download from the Internet" option
|
---|
177 | </li>
|
---|
178 | <li>
|
---|
179 | Choose "c:\temp\cygwin" as 'Local Package Directory'
|
---|
180 | </li>
|
---|
181 | <li>
|
---|
182 | Choose an FTP site
|
---|
183 | </li>
|
---|
184 | <li>
|
---|
185 | Click on 'Default' just after 'All' to change the installation type
|
---|
186 | from 'Default' to 'Install'. This will most likely install way too much
|
---|
187 | stuff but I am not familiar with Cygwin, so this way I know that all libs and
|
---|
188 | compilers are installed.
|
---|
189 | </li>
|
---|
190 | <li>
|
---|
191 | Let it download the stuff (there is a lot to download so be patient).
|
---|
192 | </li>
|
---|
193 | </ul>
|
---|
194 |
|
---|
195 | <h3>Cygwin installation</h3>
|
---|
196 |
|
---|
197 | <ul>
|
---|
198 | <li>
|
---|
199 | When the download is complete you have the Cygwin software in the
|
---|
200 | temporary directory, however, it still needs to be installed.
|
---|
201 | </li>
|
---|
202 | <li>
|
---|
203 | To install, execute the "setup.exe" in "c:\temp\cygwin"
|
---|
204 | </li>
|
---|
205 | <li>
|
---|
206 | Choose the "Install from local directory" option.
|
---|
207 | </li>
|
---|
208 | <li>
|
---|
209 | Choose "C:\Cygwin" as root directory (this will be the Unix '/')
|
---|
210 | </li>
|
---|
211 | <li>
|
---|
212 | Choose the Local Package Directory: "c:\temp\cygwin"
|
---|
213 | </li>
|
---|
214 | <li>
|
---|
215 | Click on 'Default' just after 'All' to change the installation type
|
---|
216 | from 'Default' to 'Install'.
|
---|
217 | </li>
|
---|
218 | <li>
|
---|
219 | Let it install Cygwin (this will take some time so be patient).
|
---|
220 | </li>
|
---|
221 | </ul>
|
---|
222 |
|
---|
223 | <h3>Samhain install procedure (used 'samhain 1.8.7a' in this procedure)</h3>
|
---|
224 | <p>
|
---|
225 | (in the following procedure I use my personal preferences)
|
---|
226 | </p>
|
---|
227 |
|
---|
228 | <ul>
|
---|
229 | <li>
|
---|
230 | Start up Cygwin using the "Cygwin" icon on the desktop (a classic
|
---|
231 | Unix environment will be started).
|
---|
232 | </li>
|
---|
233 | <li>
|
---|
234 | Download the 'samhain' gzip/tar (I always put in my home directory)
|
---|
235 | </li>
|
---|
236 | <li>
|
---|
237 | Make directories to install samhain (taking into account the configure
|
---|
238 | options):<br />
|
---|
239 | <tt>$ mkdir /usr/local/sbin</tt><br />
|
---|
240 | <tt>$ mkdir /usr/local/var</tt><br />
|
---|
241 | <tt>$ mkdir /usr/local/log</tt><br />
|
---|
242 | <tt>$ mkdir /usr/local/tmp</tt><br />
|
---|
243 | </li>
|
---|
244 | <li>Go to the home directory:<br />
|
---|
245 | <tt>$ cd $HOME</tt>
|
---|
246 | </li>
|
---|
247 | <li>Un-gzip and untar the samhain package:<br />
|
---|
248 | <tt>$ gunzip samhain-1.8.7a.tar.gz</tt><br />
|
---|
249 | <tt>$ tar xvf samhain-1.8.7a.tar</tt><br />
|
---|
250 | </li>
|
---|
251 | <li>Go to the samhain directory:<br />
|
---|
252 | <tt>$ cd samhain-1.8.7a</tt><br />
|
---|
253 | </li>
|
---|
254 | <li>Configure:<br />
|
---|
255 | <tt>$ ./configure --enable-xml-log=yes --with-tmp-dir=/usr/local/tmp --with-config-file=/usr/local/etc/samhainrc --with-log-file=/usr/local/log/samhain.log --with-pid-file=/usr/local/var/samhain.pid --with-state-dir=/usr/local/var</tt><br />
|
---|
256 | </li>
|
---|
257 | <li>Make the binary:<br />
|
---|
258 | <tt>$ make</tt><br />
|
---|
259 | </li>
|
---|
260 | <li>Install samhain:<br />
|
---|
261 | <tt>$ make install</tt><br />
|
---|
262 | </li>
|
---|
263 | <li>Now configure the "/usr/local/etc/samhainrc" file.<br />
|
---|
264 | Remember: "C:\" -> "/cygdrive/c/"
|
---|
265 | </li>
|
---|
266 | <li>Initialize the samhain local baseline database:<br />
|
---|
267 | <tt>$ /usr/local/sbin/samhain -t init</tt><br />
|
---|
268 | </li>
|
---|
269 | <li>Start it up:<br />
|
---|
270 | <tt>$ /usr/local/sbin/samhain -t check</tt><br />
|
---|
271 | </li>
|
---|
272 | </ul>
|
---|
273 |
|
---|
274 |
|
---|
275 | <h2>Cygwin minimal installation procedure to run samhain</h2>
|
---|
276 |
|
---|
277 | <ul>
|
---|
278 | <li>
|
---|
279 | Files needed to create a service (from NT/W2K Resource Kit):
|
---|
280 | <ul>
|
---|
281 | <li>
|
---|
282 | instsrv.exe
|
---|
283 | </li>
|
---|
284 | <li>
|
---|
285 | srvany.exe
|
---|
286 | </li>
|
---|
287 | </ul>
|
---|
288 | </li>
|
---|
289 | <li>
|
---|
290 | First copy these files to the "%winnt%\system32" directory.
|
---|
291 | </li>
|
---|
292 | <li>
|
---|
293 | Files needed to run the 'samhain.exe'. Copy the following .dll from the
|
---|
294 | Cygwin setup (c:\Cygwin\bin) to the "%winnt%\system32" directory:
|
---|
295 | <ul>
|
---|
296 | <li>
|
---|
297 | cygwin1.dll
|
---|
298 | </li>
|
---|
299 | <li>
|
---|
300 | cygminires.dll
|
---|
301 | </li>
|
---|
302 | </ul>
|
---|
303 | </li>
|
---|
304 | <li>
|
---|
305 | Create a directory structure for samhain (following the compilation options
|
---|
306 | you used)<br />
|
---|
307 | - in a DOS box (or via Windows Explorer)<br />
|
---|
308 | <tt>mkdir c:\usr</tt><br />
|
---|
309 | <tt>mkdir c:\usr\local</tt><br />
|
---|
310 | <tt>mkdir c:\usr\local\sbin</tt><br />
|
---|
311 | <tt>mkdir c:\usr\local\var</tt><br />
|
---|
312 | <tt>mkdir c:\usr\local\tmp</tt><br />
|
---|
313 | <tt>mkdir c:\usr\local\log</tt><br />
|
---|
314 | <tt>mkdir c:\usr\local\etc</tt><br />
|
---|
315 | </li>
|
---|
316 | <li>
|
---|
317 | Use the "instsrv.exe" binary to create a new service:<br />
|
---|
318 | <tt>instsrv.exe samhain c:\windows\system32\srvany.exe</tt><br />
|
---|
319 | (this will create a service called "Samhain" that will
|
---|
320 | start the "srvany.exe" process).
|
---|
321 | </li>
|
---|
322 | <li>Now edit the registry to change the startup parameters for the newly
|
---|
323 | created service:
|
---|
324 | <ul>
|
---|
325 | <li>regedit</li>
|
---|
326 | <li>HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Services->Samhain</li>
|
---|
327 | <li>Add a String value (type: REG_SZ called: "Description") under the 'Samhain' key</li>
|
---|
328 | <li>Open the newly created "Description" value and fill in a description for the 'Samhain' service</li>
|
---|
329 | <li>Add a key to specify what file the "srvany.exe" process must start:<br />
|
---|
330 | Edit->New->Key called "Parameters"
|
---|
331 | </li>
|
---|
332 | <li>Under the newly created "Parameters" key, add a new String
|
---|
333 | value called "Applications".<br />
|
---|
334 | The value for "Applications"
|
---|
335 | should be "c:\usr\local\sbin\samhain.exe".</li>
|
---|
336 | </ul>
|
---|
337 | </li>
|
---|
338 | <li>
|
---|
339 | Make sure that in the "samhainrc" file, you have used
|
---|
340 | "/cygdrive/c" to refer to "c:"
|
---|
341 | </li>
|
---|
342 | <li>
|
---|
343 | Initialize the samhain baseline database first:<br />
|
---|
344 | <tt>c:\usr\local\sbin\samhain -t init</tt><br />
|
---|
345 | </li>
|
---|
346 | <li>
|
---|
347 | Reboot (it is Windows so ...)
|
---|
348 | </li>
|
---|
349 | </ul>
|
---|
350 | <p>
|
---|
351 | Note: the first time I tried to install samhain as an NT service, I first
|
---|
352 | installed a default Cygwin on the system. This however made things much more
|
---|
353 | complex. I think when there is no Cygwin installed, it is more easy to install
|
---|
354 | Samhain as a service.
|
---|
355 | </p>
|
---|
356 | </div>
|
---|
357 | </body>
|
---|
358 | </html>
|
---|