NetSA (Network Situational Awareness) Portal is a web-based tool for presenting network data and analysis results.
Version: 0.8.0NetSA (Network Situational Awareness) Portal is a web-based tool for presenting network data and analysis results obtained from NAF, YAF, SiLK and other analysis tools (such as relational databases). The Portal uses RAVE to manage analysis results.
License: GPL
Operating System: Linux
Homepage: tools.netsa.cert.org
Developed by:
The portal provides its capabilities in modules; adding new capabilities to the portal is a matter of adding a new module (and a corresponding set of analyses in RAVE).
The NetSA Portal software and analyses are released under the GPL.
Requirements:
· SiLK 0.11.7
· Python 2.4.4
· RAVE 1.9.5
· Python Imaging Library (PIL) 1.1.6
· numpy 1.0.2
· scipy 0.5.2
· matplotlib 0.90.0
· PostgreSQL 8.2.4
· psycopg2 2.0.6
· mod_python 3.3.1
Quick Installation
$ python install.py install --prefix=${prefix}
This will create several subdirectories under ${prefix}.
${prefix}/htdocs will be served by your web server.
${prefix}/analyses will be served by RAVE.
In ${prefix}/etc, you will find a number of template files which
have had as much information as possible placed into them. Some
of these files should be installed in other portions of the
system.
portal.conf.sample should be placed in /etc/portal.conf NOTE:
There are a number of items in this file that absolutely
should be changed for your site. Specifically, site_name must
be changed. The sensor_groups and sensor_display_groups and
so on should be changed to match your locally installed sensor
names.
portal-httpd.conf should be loaded into your Apache HTTP
server. On some systems, this may be done by placing the file
into an /etc/httpd/conf.d directory. On other systems, you
might choose to add an Include directive to include this file
from the portal install directory.
raved.init is an init script that should be run at startup
time in whatever way is appropriate for your system.
start-raved can also be used to run it by hand instead of as a
service.
All of the other configuration files in this directory are read
directly by the portal system and do not need to be installed
elsewhere.
You should also read the installation instructions in
doc/port_database/README-sql in order to correctly configuring the
PostgreSQL database for this sub-system.
Make sure to restart your Apache HTTP server and start RAVE, and
the system should be oprational.
Advanced Installation
The install.py script in this directory handles installation of
the system. The following flags and optional arguments are
allowed by install.py:
You can give this script a --prefix argument to specify where the
portal should be installed. You may optionally give it an
--htdocs-prefix argument to specify a different location from the
default for the HTML document directory to be installed. You may
also use --root to specify an overall replacement root directory,
for certain specialized installations.
The --debug switch will display more verbose information while
processing.
By using --force-install, you may tell the system to ignore the
results of checking for required software and install anyway.
In addition to the configuration parameters listed above, you must
also give one or more commands to install.py. The following
commands are implemented:
"check" runs automated tests to determine whether software
that the portal requires is installed and behaving correctly.
Check will run automatically if you ask for an install.
"check-analysis" and "check-web" run checks for the portions
of the software that will be used on analysis or web host
machines. See details below regarding "split installation".
"install" installs the software underneath the chosen
directory prefix. If --htdocs-prefix is given, HTML documents
will be installed at a different location (perhaps under the
document root of your web server.)
"install-analysis" and "install-web" separately install the
components required for an analysis or web host machine,
respectively. See details below regarding "split
installation".
"link" sets up symlink trees all of the installation areas in
the source area, which is an appropriate style of installation
for development purposes. See doc/developing.txt for more
details.
"clean" removes the symlink trees produced by "link".
If you make changes to the installation, you should do it *only*
under the ${prefix}/modules/ subdirectory, specifically in modules
you create yourself. If you make changes in ${prefix}/analyses/
or other install locations, then the next time the "install"
command is run (for an upgrade, for example), those changes will
be destroyed.
If you make changes to the configuration files under
${prefix}/etc/, however, these changes are guaranteed not to be
overwritten by a later installation of the portal. As a result,
you should be sure to read through the upgrade notes in any future
version of the portal software in order to be sure you add
appropriate configuration information for new features.
Split Installation
In order to maintain a greater separation between potentially
sensitive flow data and web users, some people prefer to run the
analysis software (which requires direct access to flow data) and
the web server software (which does not) on separate machines.
In order to install in this sort of environment, you should use
the install-analysis command on the analysis host, and the
install-web command on the web server host. Make sure that you
keep /etc/portal.conf the same across both machines, and that RAVE
is installed on both machines.
There are two separate portal-httpd.conf files for the split
installation. portal-httpd-split-web.conf contains the
configuration needed for the web server host, while
portal-httpd-split-analysis.conf contains the configuration for
the analysis host.
Also make sure that the portal-httpd.conf file on the web host is
configured to look for the RAVE service in the correct location.
(The portal.proxy.rave-service URL should point at the analysis
host, and the appropriate port on that host should allow access
from the web host.)
You may also wish to change the URL_BASE in raved.init and
start-raved to use https instead of http in a split configuration,
so that this information does not transit wires in the clear.
Individual Feature Requirements
Core system:
mod_python 3.3.1
Python 2.4.4
RAVE 1.9.5
network_map module:
Python Imaging Library (PIL) 1.1.6
SiLK 0.11.7
port_database module:
matplotlib 0.90.0
PostgreSQL 8.2.4
psycopg2 2.0.6
SiLK 0.11.7
sensor_health module:
SiLK 0.11.7
watchlists module:
numpy 1.0.2
Python Imaging Library (PIL) 1.1.6
scipy 0.5.2
SiLK 0.11.7