Dependencies - dave-leblanc/razorback GitHub Wiki

Dependencies

API and Dispatcher

The API and dispatcher require the following packages to be installed.

Debian 6.0	FreeBSD	RHEL 6.0	Ubuntu 10.4
uuid-dev	misc/e2fsprogs-uuid	libuuid-devel	uuid-dev
libmagic-dev	N/A	file-devel	libmagic-dev
libmemcached-dev	database/libmemcached	libmemcached-devel	libmemcached-dev
libssl-dev	N/A	openssl-devel	libssl-dev
libconfig8-dev	devel/libconfig	libconfig-devel	libconfig8-dev
libpcre3-dev	devel/pcre	pcre-devel	libpcre3-dev
libmysqlclient-dev	databases/mysql51-client	mysql-libs	libmysqlclient-dev
make	devel/gmake	make	make
libtool	devel/libtool	libtool	libtool
autoconf	devel/autoconf	autoconf	autoconf
automake	devel/automake	automake	automake
libcurl4-openssl-dev	ftp/curl	libcurl-devel	libcurl4-openssl-dev
libcli-dev	devel/libcli	libcli-devel	libcli-dev
libjson0-dev	devel/json-c	json-c-devel	libjson0-dev

RHEL 6.0 Note

You will need to enable the EPEL repository to install the required packages.

For x86_64/amd64 installations install the RPM from here: http://download.fedora.redhat.com/pub/epel/6/x86_64/repoview/epel-release.html

For i386 installations install the RPM from here: http://download.fedora.redhat.com/pub/epel/6/i386/repoview/epel-release.html

Nuggets

Nuggets with other depenencies are listed here.

clamavNugget

Debian 6.0	FreeBSD	RHEL 6.0	Ubuntu 10.4
clamav	security/clamav	clamav	clamav
libclamav-dev	N/A	clamav-devel	libclamav-dev
N/A	N/A	clamav-update	N/A

Debian 6.0

After installing the packages run freshclam.

FreeBSD 8.1

After installing the clamav pacakge:

Run freshclam, then add the following to /etc/rc.conf:

clamav_freshclam_enable="YES"

Now start the daemon:

/usr/local/etc/rc.d/clamav-freshclam start

RHEL 6.0

Unfortunately RedHat? do not maintain up to date versions of clamav in the main repositories, so we recommend that you setup the ATrpms repository and install them from there.

Import the repo key:

rpm --import http://packages.atrpms.net/RPM-GPG-KEY.atrpms

Put the following in /etc/yum.repos.d/atrpms.repo

[atrpms]
name=RHEL $releasever - $basearch - ATrpms
baseurl=http://dl.atrpms.net/el$releasever-$basearch/atrpms/stable
gpgkey=http://ATrpms.net/RPM-GPG-KEY.atrpms
gpgcheck=1

You will also need the RHEL beta repos (/etc/yum.repos.d/beta.repo) :

[rhel-beta]
name=Red Hat Enterprise Linux $releasever Beta - $basearch
baseurl=ftp://ftp.redhat.com/pub/redhat/rhel/beta/6.0/$basearch/os/
enabled=1
gpgcheck=0
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta-2
priority=1
exclude=*release

[rhel-beta-optional]
name=Red Hat Enterprise Linux $releasever Beta (Optional) - $basearch
baseurl=ftp://ftp.redhat.com/pub/redhat/rhel/beta/6.0/optional/$basearch/os/
enabled=1
gpgcheck=0
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta-2
priority=1
exclude=*release

Update:

yum upgrade

Post installation of clamav packages:

Update /etc/freshclam.conf
Run freshclam
Install the freshclam init script from here
Make sure you start the freshclam daemon at the end.

Ubuntu 10.04

Ubuntu no longer maintains up to date clamav packages in the main repository. Here is how to get the most up to date packages:

Add the following line to /etc/apt/sources.list

deb http://ppa.launchpad.net/ubuntu-clamav/ppa/ubuntu lucid main

Add the key and update:

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xf80220d0e695a455e651ac4d8ab767895adc2037 
sudo apt-get update
sudo apt-get upgrade

Then install the packages.

Make sure freshclam is running:

/etc/init.d/freshclam status

Make sure the sigs are up to date:

sudo freshclam

fsMonitor

The file system monitor nugget has multiple backends, we recommend that users use the FAM backend as this is the most tested.

FAM backend:

Debian 6.0	FreeBSD	RHEL 6.0	Ubuntu 10.4
libfam-dev	devel/fam	N/A	libfam-dev
fam	N/A	N/A	fam

Inotify backend:

Debian 6.0	FreeBSD	RHEL 6.0	Ubuntu 10.4
libinotifytools0-dev	N/A	inotify-tools-devel	libinotifytools0-dev
libinotifytools0	N/A	N/A	libinotifytools0

FreeBSD 8.1

RHEL 6.0

The inotify packages are in the EPEL-testing repo. Unfortunately the fam backend is not available on this platform.

officeCat

Debian 6.0	FreeBSD	RHEL 6.0	Ubuntu 10.4
wine	emulators/wine	wine	wine

FreeBSD

FreeBSD doesn't support wine on amd64 out of the box, you will need to follow the instructions from here to build it:

http://wiki.freebsd.org/Wine

RHEL 6.0

Wine is not avaliable in the core repos you will need to setup both ATrmps-stable and ATrpms-testing Import the repo key:

rpm --import http://packages.atrpms.net/RPM-GPG-KEY.atrpms

Put the following in /etc/yum.repos.d/atrpms.repo

[atrpms]
name=RHEL $releasever - $basearch - ATrpms
baseurl=http://dl.atrpms.net/el$releasever-$basearch/atrpms/stable
gpgkey=http://ATrpms.net/RPM-GPG-KEY.atrpms
gpgcheck=1

[atrpms-testing]
name=RHEL $releasever - $basearch - ATrpms-testing
baseurl=http://dl.atrpms.net/el$releasever-$basearch/atrpms/testing
gpgkey=http://ATrpms.net/RPM-GPG-KEY.atrpms
gpgcheck=1

Then update followed by installing wine:

yum update
yum install wine

pdfDissector

IMPORTANT: This nugget requires a license for Zynamics PDF Dissector.

Debian 6.0	FreeBSD	RHEL 6.0	Ubuntu 10.4
Manual	lang/jython	Manual	Manual

FreeBSD 8.1

Make sure you install java/jdk16 before installing lang/jython.

Manual Install

Every other OS packages Jython 2.2.X. This is not compatible with this nugget, you will need to install at least 2.5.1 from www.jython.org.

snort

Debian 6.0	FreeBSD	RHEL 6.0	Ubuntu 10.4
libpcap-dev	net/libpcap	libpcap-devel	libpcap-dev
libdumbnet-dev	net/libdnet	libdnet-devel	libdumbnet-dev
flex	N/A	flex	flex
bison	devel/bison	bison	bison

Download and install daq 0.5 from here

./configure --prefix=/usr/local/razorback
make && make install