-
Notifications
You must be signed in to change notification settings - Fork 5
/
INSTALL
107 lines (77 loc) · 2.63 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
================================
PyFLAG Installation instructions
================================
PyFlag is shipped with an autoconf build system. For most systems
you should be able to do:
./configure
make
make install
On Debian this installs pyflag into /usr/local/:
/usr/local/bin
/usr/local/lib/pyflag
/usr/local/share/pyflag
/usr/local/lib/python2.5/site-packages/pyflag
--------------
Pre-Requisites
--------------
The following pre-requisites are required. Debian/Ubuntu package names are
shown in brackets.
build environment (build-essential)
python dev files (python-dev)
libz (libz-dev)
libmagic (libmagic-dev)
MySQLdb (python-mysqldb)
PIL (python-imaging)
pexpect (python-pexpect)
dateutil (python-dateutil)
urwid (python-urwid)
If the database server will be on the same box:
mysql server (mysql-server)
The following optional dependancies enable additional features:
geoip (libgeoip-dev) for Maxmind GeoIP support.
libjpeg (libjpeg62-dev) for Advanced JPEG Carving support.
afflib for AFF image support.
libewf for EWF (Encase E01) image support.
clamd (clamav-daemon) for Virus Scanning support.
---------
Database Setup
---------
Database setup is handled automatically by pyflag when it is first run.
To make mysql aware of timezone information (recommended), use the script
which comes with mysql. e.g.:
mysql_tzinfo_to_sql /usr/share/zoneinfo/ | mysql -uroot -p mysql
----------
Run PyFlag
----------
Run pyflag with:
pyflag
(For help on command line parameters try pyflag --help)
Run the pyflag shell (pyflash) with:
pyflash
=================
Optional Features
=================
The following steps are recommended to do prior to using Flag.
1) Flag may use the NSRL when loading new filesystems. If you have the
NSRL ISOs, you can mount them somewhere and then use the
utilities/NSRL_load.sh script to load the NSRL into the database.
2) Flag can download the whois databases for use when displaying IP addresses.
By Downloading the whois databases its possible to do very fast whois lookups
on every IP in imported logs and then see the contact details for each network
owner.
=================
Debug/Development
=================
If you want to tinker with the source you should probably install to a
different location (so you don't need to be root to edit files). The scripts
in the test directory are set-up to work with this install process:
(first ensure you have darcs, autoconf, automake and libtool)
darcs get http://www.pyflag.net/pyflag
cd pyflag
./autogen.sh
./configure --prefix=/var/tmp/build/pyflag
make
make install
Now run pyflag and pyflash like:
~/pyflag/tests$ ./pyflag
~/pyflag/tests$ ./pyflash