NetSA Portal - Installing
Documentation | Downloads | Installing | License

This page gives an overview of the portal installation process. For more information, see the documentation.

Prerequisites

The NetSA Portal core depends on the following software:

The NetSA Portal core modules depend on the following software.

Although most of the requirements are available in the newer versions of most Linux and *BSD systems (and Mac OS X, via MacPorts), they can be difficult to build and configure by hand. install.py will run tests before installing to ensure a proper system configuration.

Installation for the Impatient

The NetSA Portal is distributed as a TAR archive. To install the system on a single machine configured to run both the webserver and raved, extract the archive, change into the newly-created directory, and run:

python ./install.py install --prefix=$PREFIX

In place of $PREFIX in the above example, use the path to a directory which will contain portal configuration files and modules.

The installation script will run a series of tests to ensure that you have installed the requirements correctly, and will install the files in the archive to the path specified by $PREFIX.

After installation, be sure to look at the module-specific configuration information.

install.py

install.py is the portal installation script. In addition to installing the software, it will run a series of diagnostics to ensure that the environment is set up correctly. It's syntax is similar to the Python distutils' setup.py:

python install.py <command> <options>

Type python install.py help at the command line for a complete list of options.

Split and Unified Installation

The portal can be installed in two ways, based on where you expect to run the raved analysis server. (See the RAVE page for more details.) The simplest thing to do is to install the portal on the same machine as the one running raved. However, this means that user request processing and analysis processing will both occur on the same machine. This is the so-called "unified installation."

It is more scalable to install the web components of the portal to one machine, and install the RAVE-related components on a different machine, in a "split installation". However, this is more complicated to maintain.

The optimal choice between these installation types will depend on your environment. The unified installation is a better choice if you are unsure or if you are installing the portal for the first time, and is the default supported installation.

Module-Specific Configuration

Individual analysis modules have specific configuration considerations:

Watchlists

The watchlist analyses depend on the existence of three SiLK ipset files. ipsets are (as the name implies) files describing sets of related IP addresses. You can generate these sets using the SiLK rwset and rwsetbuild commands.

The required ipsets are:

internal.set
A set of IP addresses internal to the monitored network
darkspace.set
A set of IP addresses that no activity should occur on. If you have a block of allocated addresses that are known not to be occupied, this would be an appropriate use. Otherwise, you might use addresses that are reserved by Internet standards. (E.g., Addresses reserved in RFC 1918 and RFC 3927)
blacklist.set
A set of IP addresses that none of your hosts should ever talk to. This would include addresses of known "corrupt" sites. (For example sites that are known to be used for collecting illicit information.) Potential sources of information for this informtion include spam and phishing blacklists.

Each of these files should be in the $PREFIX/modules/watchlists/etc directory, where "$PREFIX" is the path specified by the --prefix option of install.py.

Port Database

This module relies on the existance of a PostgreSQL database. The SQL to set up this database is in $PREFIX/modules/port_database/sql. More detailed information on setting up this database, including examples of setting up a dedicated database user for the portal, are in $PREFIX/modules/port_database/etc/README-sql, also available here.