NOAHDB Documentation
Installation
- Compile and install the NOAHDB tool
./configure
make
make install
- Install the MySQL database
apt-get install mysql-server
- Change the root password of MySQL database
mysqladmin -u root -p password NEW_PASSWORD
Whatever password you use you must update the file etc/noahdb-mysql.conf. Specifically, you must update the line database passwd "NEW_PASSWORD".
- Create database tables
- If speed is an issue use the ISSAM storage engine (no consistency during deletes)
mysql -u root -p < schemas/create_db_issam.mysql
- If consistency during deletes is important use the INNODB storage engine (slow)
mysql -u root -p < schemas/create_db_innodb.mysql
mysql -u root -p < schemas/insert_db.mysql
- If speed is an issue use the ISSAM storage engine (no consistency during deletes)
- Set the honeypot ID
Edit the file etc/noahdb-mysql.conf and update the line honeypot id NEW_ID.
Validating Installation
- Download sample Argos attack logs
- Unzip and untar them in some directory
- Edit the file script/test.sh and modify the LOG_PATH variable
- Run the validation test
sh scripts/test.sh
Known Bugs
Sometimes the following error message appears.
nh_cargos.c:289: No ethernet frame for this packet id (x)
nh_proc.c:165: cargos_process_packet failed
cargos_process failed
To correct this error, edit the file src/nh_cargos.c, go to the function cargos_process_packet, uncomment the line in comments and comment the next one. The cause is that in some systems the counting of packets starts at zero (0) and in other at one (1). When i find out why, i will fix this bug.