Project

General

Profile

Installing the PreludeDB Library

This section explains how to install the PreludeDB library libpreludedb from the tarball available from the Prelude website. However, libpreludedb might be included with your distribution as a package and it would be easier to install it this way.

Table of Contents

Install Dependencies

Ensure that you have libprelude installed. Instructions on installing libprelude can be found on the Prelude Library Installation Page.
Additionally, install any of the database software you would like the PreludeDB Library to support: MySQL, PostgreSQL, SQLite3.

Get the sources

Download the latest PreludeDB library

Configuration

The first step of the installation procedure is to configure the source tree for your system and choose the options you would like. This is done by running the configure script. For a default installation simply enter

./configure

This script will run a number of tests to guess values for various system dependent variables and detect some quirks of your operating system, and finally will create several files in the build tree to record what it found. (You can also run configure in a directory outside the source tree if you want to keep the build directory separate.)

You can customize the build and installation process by supplying one or more of the following command line options to configure:

Installation directories

  • --*prefix*=_PREFIX_
    Install all files under the directory PREFIX instead of /usr/local. The actual files will be installed into various subdirectories; no files will ever be installed directly into the PREFIX directory.

    If you have special needs, you can also customize the individual subdirectories with the following options.

  • --*exec-prefix*=_EXEC-PREFIX_

    You can install architecture-dependent files under a different prefix, EXEC-PREFIX, than what PREFIX was set to. This can be useful to share architecture-independent files between hosts. If you omit this, then EXEC-PREFIX is set equal to PREFIX and both architecture-dependent and independent files will be installed under the same tree, which is probably what you want.

  • --*bindir*=_DIRECTORY_

    Specifies the directory for executable programs. The default is EXEC-PREFIX/bin, which normally means /usr/local/bin.

  • --*datadir*=_DIRECTORY_

    Sets the directory for read-only data files used by the installed programs. The default is PREFIX/share.

  • --*sysconfdir*=_DIRECTORY_

    The directory for various configuration files, PREFIX/etc by default.

  • --*libdir*=_DIRECTORY_

    The location to install libraries and dynamically loadable modules. The default is EXEC-PREFIX/lib.

  • --*includedir*=_DIRECTORY_

    The directory for installing C and C++ header files. The default is PREFIX/include.

  • --*mandir*=_DIRECTORY_

    The man pages that come with the PreludeDB Library will be installed under this directory, in their respective man_N_ subdirectories. The default is PREFIX/man.

Path to dependencies

  • --*with-libprelude-prefix*=_PFX_

    The PreludeDB Library require libprelude in order to build. Using this option you can tell the configure script in which prefix the Prelude Library has been installed.

  • --*with-mysql-prefix*=_PFX_

    The PreludeDB Library can interoperate with MySQL database. Using this option you can tell the configure script in which prefix MySQL has been installed.

  • --*with-pgsql-prefix*=_PATH_

    The PreludeDB Library can interoperate with PostgreSQL database. Using this option you can tell the configure script in which prefix PostgreSQL has been installed.

  • --*with-sqlite3-prefix*=_PATH_

    The PreludeDB Library can interoperate with SQLite database. Using this option you can tell the configure script in which prefix SQLite has been installed.

  • --*with-perl*=_PATH_

    The Perl interpreter is necessary to enable support for Perl language bindings and is normally automatically detected. Using this option you can specify a specific path to Perl or disable its support using --*without-perl*.

  • --*with-python*=_PATH_

    The Python interpreter is necessary to enable support for Python language bindings and is normally automatically detected. Using this option you can specify a specific path to Pythonl or disable its support using --*without-python*.

Optional Features

  • --*enable-gtk-doc*

    Generate code documentation (note that distribution come with documentation generated).

Once finished, the configure script will dump a summary of the enabled features:

*** Dumping configuration ***
    - Generate documentation      : no
    - Enable [[MySQL]] plugin         : yes
    - Enable [[PostgreSQL]] plugin    : yes
    - Enable SQLite3 plugin       : yes
    - Perl binding                : yes
    - Python binding              : yes

If no languages bindings are activated, you will be unable to run agent using LibpreludeDB from the specified language.

Note: Prewikka require Python bindings to be available.

Note: You should always have one of the MySQL, PostgreSQL, or SQLite3 plugin enabled.

Build

To start the build, type

make

The build will take a few minutes depending on your hardware.

Regression Tests

If you want to test the newly built library before you install it, you can run the regression tests at this point. The regression tests are a test suite to verify that libpreludedb runs on your machine in the way the developers expected it to. Type

make check

Install

To install Libpreludedb enter

make install

This will install files into the directories that were specified in step 1. Make sure that you have appropriate permissions to write into that area. Normally you need to do this step as root. Alternatively, you could create the target directories in advance and arrange for appropriate permissions to be granted.

You can use make install-strip instead of make install to strip the executable files and libraries as they are installed. This will save some space. If you built with debugging support, stripping will effectively remove the debugging support, so it should only be done if debugging is no longer needed. install-strip tries to do a reasonable job saving space, but it does not have perfect knowledge of how to strip every unneeded byte from an executable file, so if you want to save all the disk space you possibly can, you will have to do manual work.

The standard installation provides all the header files needed for Prelude application development, such as custom functions or data types written in C.

Post-Installation Setup

On systems that have shared libraries (which most systems do) you need to tell your system how to find the newly installed shared libraries. The systems on which this is not necessary include BSD/OS, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Tru64 UNIX (formerly Digital UNIX), and Solaris.

The following step are necessary if you get the above message while running a program using libprelude:

preludedb-admin: error in loading shared libraries
libpreludedb.so.2.1: cannot open shared object file: No such file or directory

If you are on BSD/OS, Linux, or SunOS 4 and you have root access you can run the following command after installation to enable the run-time linker to find the shared libraries faster. Refer to the manual page of ldconfig for more information:

/sbin/ldconfig /usr/local/lib

On FreeBSD, NetBSD, and OpenBSD the command is:

/sbin/ldconfig -m /usr/local/lib

The method to set the shared library search path varies between platforms, but the most widely usable method is to set the environment variable LD_LIBRARY_PATH like so: In Bourne shells (sh, ksh, bash, zsh):

LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH

Or in csh or tcsh:

setenv LD_LIBRARY_PATH /usr/local/lib

Note: Replace /usr/local/lib with whatever you set --libdir to in step 1. On some systems it might be preferable to set the environment variable LD_RUN_PATH before building. If in doubt, refer to the manual pages of your system (perhaps ld.so or rld).

Create Database

Once you have installed libpreludedb, the next step is to create a database that will be used by prelude-manager to store the IDMEF alerts gathered from your sensors. Three databases are currently supported by libpreludedb: MySQL, PostgreSQL and SQLite:

MySQL
PostgreSQL
Sqlite

MySQL

Note : MySQL >= 4.0.18 is required.

Database creation

Connect to your database server using the mysql client like this:

$ mysql -u root -p
Enter password:

where "root" is the name of the database administrator (this is the default account on mysql) and -p will prompt you for a password (by default the root account has no password on mysql and is only accessible from localhost).

Then, if everything is ok, you should see something like this:

Welcome to the [[MySQL]] monitor.  Commands end with ; or \g.
Your [[MySQL]] connection id is 303 to server version: 4.0.22-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

To create a new database named 'prelude' (for example):

mysql> CREATE database prelude;
Query OK, 1 row affected (0.05 sec)

Create a dedicated user to access the database (optional)

You might want to access your database through a dedicated user (if you don't have already one).
If you want to create a new user called 'prelude' with the password 'passwd' that we will have full access on a database called 'prelude' but only from localhost, use the following query:

GRANT ALL PRIVILEGES ON prelude.* TO prelude@'localhost' IDENTIFIED BY 'passwd';

Tables creation

The final step (supposing you have libpreludedb installed in /usr):

$ mysql -u prelude prelude -p < /usr/local/share/libpreludedb/classic/mysql.sql
Enter password:

Enter your password, and the tables will be created.

For more details about MySQL databases/tables/users creation, please refer to BR</a>
Updating tables
If you already have created your tables but that a new libpreludedb version comes with an updated schema, you must update your schema this way, supposing that your current version of schema is 14 and the new one is 14.1:

$ mysql -u prelude prelude -p < /usr/share/libpreludedb/classic/mysql-update-14-1.sql
Enter password:

PostgreSQL

Database creation

Connect to your database server using the psql client like this:

$ PGPASSWORD=your_password psql -U postgres

where "postgres" is the name of the database administrator (this is the default account on postgresql) and the PGPASSWORD environnement variable is set to the correct password.

Then, if everything is ok, you should see something like this:

Welcome to psql 7.3.4, the [[PostgreSQL]] interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help on internal slash commands
       \g or terminate with semicolon to execute query
       \q to quit

postgres=# 

To create a new database named 'prelude' (for example):

postgres=# CREATE database prelude;
CREATE DATABASE

Create a dedicated user to access the database (optional)

You might want to access your database through a dedicated user (if you don't have already one).
If you want to create a new user called 'prelude' with the password 'prelude' that we will have full access on a database called 'prelude', use the following query:

CREATE USER prelude WITH ENCRYPTED PASSWORD 'prelude' NOCREATEDB NOCREATEUSER;

Tables creation

The final step (supposing you have libpreludedb installed in /usr):

$ psql -U prelude -d prelude -W -f /usr/share/libpreludedb/classic/pgsql.sql

For more details about PostgreSQL databases/tables/users creation, please refer to BR</a>
Updating tables
If you already have created your tables but that a new libpreludedb version comes with an updated schema, you must update your schema this way, supposing that your current version of schema is 14 and the new one is 14.1:

$ PGPASSWORD=prelude psql -U prelude -d prelude < /usr/share/libpreludedb/classic/pgsql-update-14-1.sql
Enter password:

PostGreSQL 9 compatibility

Beginning with PostGreSQL 9, bytea are returned in hex format by default (see http://www.postgresql.org/docs/devel/static/release-9-0.html).
To work with Prelude, the following parameter must be specified in postgresql.conf.

bytea_output='escape'

SQLite3

SQLite is a very good choice if you don't expect lots of data to store. It is a convenient format that doesn't imply database user/password access, since it is a simple file in your system. You have to make sure no unprivileged users have read access to this file.

Database and tables creation

Once you have installed libpreludedb, simply create the SQLite3 database using the following:

$ sqlite3 /path/to/your/sqlite-prelude.db < /usr/share/libpreludedb/classic/sqlite.sql