source: trunk/docs/HOWTO-samhain-on-windows.html@ 9

Last change on this file since 9 was 1, checked in by katerina, 19 years ago

Initial import

File size: 9.7 KB
Line 
1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
2<html>
3<head>
4<title>HOWTO Samhain on Windows</title>
5<style type="text/css">
6<!--
7
8html { background: #eee; color: #000; }
9
10body { background: #eee; color: #000; margin: 0; padding: 0;}
11
12div.body {
13 background: #fff; color: #000;
14 margin: 0 1em 0 1em; padding: 1em;
15 font-family: serif;
16 font-size: 1em; line-height: 1.2em;
17 border-width: 0 1px 0 1px;
18 border-style: solid;
19 border-color: #aaa;
20}
21
22div.block {
23 background: #b6c5f2; color: #000;
24 margin: 1em; padding: 0 1em 0 1em;
25 border-width: 1px;
26 border-style: solid;
27 border-color: #2d4488;
28}
29
30div.warnblock {
31 background: #b6c5f2; color: #000;
32 margin: 1em; padding: 0 1em 0 1em;
33 border-width: 1px;
34 border-style: solid;
35 border-color: #FF9900;
36}
37
38table {
39 background: #F8F8F8; color: #000;
40 margin: 1em;
41 border-width: 0 0 0 1px;
42 border-style: solid;
43 border-color: #C0C0C0;
44}
45
46td {
47 border-width: 0 1px 1px 0;
48 border-style: solid;
49 border-color: #C0C0C0;
50}
51
52th {
53 background: #F8F8FF;
54 border-width: 1px 1px 2px 0;
55 border-style: solid;
56 border-color: #C0C0C0;
57}
58
59
60/* body text, headings, and rules */
61
62p { margin: 0; text-indent: 0em; margin: 0 0 0.5em 0 }
63
64h1, h2, h3, h4, h5, h6 {
65 color: #206020; background: transparent;
66 font-family: Optima, Arial, Helvetica, sans-serif;
67 font-weight: normal;
68}
69
70h1 { font-size: 1.69em; margin: 1.4em 0 0.4em 0; }
71h2 { font-size: 1.44em; margin: 1.4em 0 0.4em 0; }
72h3 { font-size: 1.21em; margin: 1.4em 0 0.4em 0; }
73h4 { font-size: 1.00em; margin: 1.4em 0 0.4em 0; }
74h5 { font-size: 0.81em; margin: 1.4em 0 0.4em 0; }
75h6 { font-size: 0.64em; margin: 1.4em 0 0.4em 0; }
76
77hr {
78 color: transparent; background: transparent;
79 height: 0px; margin: 0.6em 0;
80 border-width: 1px ;
81 border-style: solid;
82 border-color: #999;
83}
84
85/* bulleted lists and definition lists */
86
87ul { margin: 0 1em 0.6em 2em; padding: 0; }
88li { margin: 0.4em 0 0 0; }
89
90dl { margin: 0.6em 1em 0.6em 2em; }
91dt { color: #285577; }
92
93tt { color: #602020; }
94
95/* links */
96
97a.link {
98 color: #33c; background: transparent;
99 text-decoration: none;
100}
101
102a:hover {
103 color: #000; background: transparent;
104}
105
106body > a {
107 font-family: Optima, Arial, Helvetica, sans-serif;
108 font-size: 0.81em;
109}
110
111h1, h2, h3, h4, h5, h6 {
112 color: #2d5588; background: transparent;
113 font-family: Optima, Arial, Helvetica, sans-serif;
114 font-weight: normal;
115}
116
117 -->
118</style></head>
119<body>
120<div class="body">
121<p style="text-align: center; background: #ccc; border: 1px solid #2d5588;"><a
122 style="text-decoration: none;"
123 href="http://www.la-samhna.de/samhain/">samhain file integrity
124 scanner</a>&nbsp;|&nbsp;<a style="text-decoration: none;"
125 href="http://www.la-samhna.de/samhain/s_documentation.html">online
126 documentation</a></p>
127<br><center>
128<h1>Using Samhain on Windows</h1>
129</center>
130<br>
131<hr>
132<p>
133This document aims to explain how to compile and run
134samhain on Windows with the
135<b>Cygwin</b> POSIX emulation layer, and how to install it as a service.
136These instructions have been written by Kris Dom,
137who has tested this on WinXP Professional.
138</p>
139<div class="block">
140<h3>Interix / Services For UNIX</h3>
141<p>
142Samhain can also be used with Interix/SFU 3.5. Note that in Interix,
143the Windows
144filesystem is referred as <tt>/dev/fs/C</tt>, while in Cygwin it
145is <tt>/cygdrive/c</tt> (both refers to the <tt>C:</tt> drive; other drives
146are analogous).
147</p><p>
148Older versions of samhain would need to be built with
149<tt>./configure&nbsp;--disable-mail</tt> (i.e. without support for email
150logging) because Interix does not provide some of the required functionality
151to build the email module. This issue should be fixed as of samhain
152version 2.0.7 (not tested).<br />[Based on information kindly provided by Geries Handal].
153</p>
154</div>
155
156<h2>Cygwin installation procedure to compile samhain</h2>
157
158<h3>Cygwin download</h3>
159
160<ul>
161<li>
162Make a temporary directory to store cygwin installer (e.g. c:\temp\cygwin)
163</li>
164<li>
165Surf to <a href="http://www.cygwin.com">http://www.cygwin.com</a>
166to download cygwin
167</li>
168<li>
169Use the &quot;install or update now (using setup.exe)&quot; to
170download the installer in c:\temp\cygwin
171</li>
172<li>
173Execute &quot;setup.exe&quot; in c:\temp\cygwin
174</li>
175<li>
176Choose the &quot;download from the Internet&quot; option
177</li>
178<li>
179Choose &quot;c:\temp\cygwin&quot; as 'Local Package Directory'
180</li>
181<li>
182Choose an FTP site
183</li>
184<li>
185Click on 'Default' just after 'All' to change the installation type
186from 'Default' to 'Install'. This will most likely install way too much
187stuff but I am not familiar with Cygwin, so this way I know that all libs and
188compilers are installed.
189</li>
190<li>
191Let it download the stuff (there is a lot to download so be patient).
192</li>
193</ul>
194
195<h3>Cygwin installation</h3>
196
197<ul>
198<li>
199When the download is complete you have the Cygwin software in the
200temporary directory, however, it still needs to be installed.
201</li>
202<li>
203To install, execute the &quot;setup.exe&quot; in &quot;c:\temp\cygwin&quot;
204</li>
205<li>
206Choose the &quot;Install from local directory&quot; option.
207</li>
208<li>
209Choose &quot;C:\Cygwin&quot; as root directory (this will be the Unix '/')
210</li>
211<li>
212Choose the Local Package Directory: &quot;c:\temp\cygwin&quot;
213</li>
214<li>
215Click on 'Default' just after 'All' to change the installation type
216from 'Default' to 'Install'.
217</li>
218<li>
219Let it install Cygwin (this will take some time so be patient).
220</li>
221</ul>
222
223<h3>Samhain install procedure (used 'samhain 1.8.7a' in this procedure)</h3>
224<p>
225(in the following procedure I use my personal preferences)
226</p>
227
228<ul>
229<li>
230Start up Cygwin using the &quot;Cygwin&quot; icon on the desktop (a classic
231Unix environment will be started).
232</li>
233<li>
234Download the 'samhain' gzip/tar (I always put in my home directory)
235</li>
236<li>
237Make directories to install samhain (taking into account the configure
238options):<br />
239&nbsp; &nbsp;<tt>$ mkdir /usr/local/sbin</tt><br />
240&nbsp; &nbsp;<tt>$ mkdir /usr/local/var</tt><br />
241&nbsp; &nbsp;<tt>$ mkdir /usr/local/log</tt><br />
242&nbsp; &nbsp;<tt>$ mkdir /usr/local/tmp</tt><br />
243</li>
244<li>Go to the home directory:<br />
245&nbsp; &nbsp;<tt>$ cd $HOME</tt>
246</li>
247<li>Un-gzip and untar the samhain package:<br />
248&nbsp; &nbsp;<tt>$ gunzip samhain-1.8.7a.tar.gz</tt><br />
249&nbsp; &nbsp;<tt>$ tar xvf samhain-1.8.7a.tar</tt><br />
250</li>
251<li>Go to the samhain directory:<br />
252&nbsp; &nbsp;<tt>$ cd samhain-1.8.7a</tt><br />
253</li>
254<li>Configure:<br />
255&nbsp; &nbsp;<tt>$ ./configure --enable-xml-log=yes --with-tmp-dir=/usr/local/tmp --with-config-file=/usr/local/etc/samhainrc --with-log-file=/usr/local/log/samhain.log --with-pid-file=/usr/local/var/samhain.pid --with-state-dir=/usr/local/var</tt><br />
256</li>
257<li>Make the binary:<br />
258&nbsp; &nbsp;<tt>$ make</tt><br />
259</li>
260<li>Install samhain:<br />
261&nbsp; &nbsp;<tt>$ make install</tt><br />
262</li>
263<li>Now configure the &quot;/usr/local/etc/samhainrc&quot; file.<br />
264Remember: &quot;C:\&quot; -&gt; &quot;/cygdrive/c/&quot;
265</li>
266<li>Initialize the samhain local baseline database:<br />
267&nbsp; &nbsp;<tt>$ /usr/local/sbin/samhain -t init</tt><br />
268</li>
269<li>Start it up:<br />
270&nbsp; &nbsp;<tt>$ /usr/local/sbin/samhain -t check</tt><br />
271</li>
272</ul>
273
274
275<h2>Cygwin minimal installation procedure to run samhain</h2>
276
277<ul>
278<li>
279Files needed to create a service (from NT/W2K Resource Kit):
280 <ul>
281 <li>
282 instsrv.exe
283 </li>
284 <li>
285 srvany.exe
286 </li>
287 </ul>
288</li>
289<li>
290First copy these files to the &quot;%winnt%\system32&quot; directory.
291</li>
292<li>
293Files needed to run the 'samhain.exe'. Copy the following .dll from the
294Cygwin setup (c:\Cygwin\bin) to the &quot;%winnt%\system32&quot; directory:
295 <ul>
296 <li>
297 cygwin1.dll
298 </li>
299 <li>
300 cygminires.dll
301 </li>
302 </ul>
303</li>
304<li>
305Create a directory structure for samhain (following the compilation options
306you used)<br />
307&nbsp; &nbsp;- in a DOS box (or via Windows Explorer)<br />
308&nbsp; &nbsp;<tt>mkdir c:\usr</tt><br />
309&nbsp; &nbsp;<tt>mkdir c:\usr\local</tt><br />
310&nbsp; &nbsp;<tt>mkdir c:\usr\local\sbin</tt><br />
311&nbsp; &nbsp;<tt>mkdir c:\usr\local\var</tt><br />
312&nbsp; &nbsp;<tt>mkdir c:\usr\local\tmp</tt><br />
313&nbsp; &nbsp;<tt>mkdir c:\usr\local\log</tt><br />
314&nbsp; &nbsp;<tt>mkdir c:\usr\local\etc</tt><br />
315</li>
316<li>
317Use the &quot;instsrv.exe&quot; binary to create a new service:<br />
318&nbsp; &nbsp;<tt>instsrv.exe samhain c:\windows\system32\srvany.exe</tt><br />
319&nbsp; &nbsp;(this will create a service called &quot;Samhain&quot; that will
320start the &quot;srvany.exe&quot; process).
321</li>
322<li>Now edit the registry to change the startup parameters for the newly
323created service:
324 <ul>
325 <li>regedit</li>
326 <li>HKEY_LOCAL_MACHINE-&gt;SYSTEM-&gt;CurrentControlSet-&gt;Services-&gt;Samhain</li>
327 <li>Add a String value (type: REG_SZ called: &quot;Description&quot;) under the 'Samhain' key</li>
328 <li>Open the newly created &quot;Description&quot; value and fill in a description for the 'Samhain' service</li>
329 <li>Add a key to specify what file the &quot;srvany.exe&quot; process must start:<br />
330 &nbsp; &nbsp;Edit-&gt;New-&gt;Key called &quot;Parameters&quot;
331 </li>
332 <li>Under the newly created &quot;Parameters&quot; key, add a new String
333 value called &quot;Applications&quot;.<br />
334 &nbsp; &nbsp;The value for &quot;Applications&quot;
335 should be &quot;c:\usr\local\sbin\samhain.exe&quot;.</li>
336 </ul>
337</li>
338<li>
339Make sure that in the &quot;samhainrc&quot; file, you have used
340&quot;/cygdrive/c&quot; to refer to &quot;c:&quot;
341</li>
342<li>
343Initialize the samhain baseline database first:<br />
344&nbsp; &nbsp;<tt>c:\usr\local\sbin\samhain -t init</tt><br />
345</li>
346<li>
347Reboot (it is Windows so ...)
348</li>
349</ul>
350<p>
351Note: the first time I tried to install samhain as an NT service, I first
352installed a default Cygwin on the system. This however made things much more
353complex. I think when there is no Cygwin installed, it is more easy to install
354Samhain as a service.
355</p>
356</div>
357</body>
358</html>
Note: See TracBrowser for help on using the repository browser.