Back to 3rd Party Agents Installation
Note : NuFW has been renamed ufwi-filterd (see http://ufwi.org/). This page needs to be updated.
Installing NuFW¶
This section explains how to install NuFW, including Prelude support, from the tarball available from the main website. However, NuFW might be included with your distribution as a package and it would be easier to install it this way.
Get the sources¶
Prelude support is included in the vanilla NuFW distribution.
Download NuFW from http://www.nufw.org/-Telechargements-.html
Then, compile and install NuFW using the following:
$ ./configure [other args] --with-prelude-log $ make # make install
Configuration¶
In order to enable NuFW to send authentication events to Prelude-Manager, add nuprelude to the nuauth_auth_error_logs_module variable in $prefix/etc/nufw/nuauth.conf:
nuauth_auth_error_logs_module="mysql,nuprelude"
In order to enable NuFW to send connection/disconnection events to Prelude-Manager, add nuprelude to the nuauth_user_session_logs_module variable in $prefix/etc/nufw/nuauth.conf:
nuauth_user_session_logs_module="mysql,nuprelude"
In order to enable NuFW to generate events to Prelude-Manager for every packets caught (hint: you don't want to do that), add nuprelude to the nuauth_user_logs_module variable in $prefix/etc/nufw/nuauth.conf:
nuauth_user_logs_module="mysql,nuprelude"
Registering NuFW profile¶
You now you need to create NuFW profile with a command like:
$ prelude-admin register nufw "idmef:w admin:r" <manager address> --uid X --gid X
and follow the instructions. If the registration is successful - you are ready to test your installation. please check the Agents Registration Page for more details about sensors registration.
Running NuFW¶
Before running NuFW, please make sure to read the General Configuration Page. It is very important for the server-addr parameters to be set to the Prelude-Manager address.
/etc/init.d/nuauth start
See the NuFW manual pages and documentation for more details.