PF_Ring - Page 2

The sudo command allows regular users to run higher privilege operations. To enable it for a user account, you need to edit as root the file /etc/sudoers. Instructions on that can be found in the sudoers man page, and comments in the default /etc/sudoers file (lines that start with #) are also helpful.

Dear Rubberman,
Thank you for the sudo.Correct me here ya make basically compile the different files together right. Then what do make install function and why this PF_RING need to make in normal user and but make install must be root?

First, read the README file in the top level:

This directory contains:

kernel/ Kernel related patches
userland/ User space code
userland/lib/ User space library used to manpulate PF_RING
userland/libpcap-XXX-ring/ Libpcap enhanced with PF_RING support
userland/examples/ P(acket)count application (use it for your tests)

See also:

- PF_RING and Snort
http://synfulpacket.blogspot.com/2006/11/pfring-and-snort.html
See the new daq library

- Advanced Packet Capturing Howto: PF_RING, NAPI and extended libpcap on Debian Sarge
http://bjou.homeunix.net/blog/2006/12/advanced-packet-capturing-howto-pf_ring-napi-and-extended-libpcap-on-debian-sarge/

NOTE
As of PF_RING 4.x you NO LONGER NEED to patch the linux kernel. If you are using
a patched kernel, please revert the patch otherwise you will capture the same
packet twice

------------
(C) Luca Deri 2004-10

The top level Makefile has to install target, although components do. Once you execute the make command without arguments, to install the libraries, go to the lib directory and as root or sudo execute the command "make install". Note that you do NOT want to install the kernel patches with this version, per the README file's instructions.

Dear Rubberman,
I am kind of confuse here. What is the target here I saw quite a number of times too? So about the kernel I guess I did a mistake right because I went into the kernel folder and typed make install? The make file is the file with all the information. So what difference will make and make install do?

According to the README file, you should uninstall the kernel patches. Try running "make uninstall" and see what happens. In any case, grub should let you boot to the previous kernel if necessary. As the README says, if you install the kernel patches on a system that doesn't need them, then you will see repeated packets when using the tools - not necessarily a "good thing"... :-)

Dear Rubberman,
Ok will do it accordingly. So I must run make uninstall in the kernel folder right? So how to know when to run make and when to run make install quite confuse even I have google it.

I don't know if you need the driver modules or not. If so, go into the drivers directory and execute make. Then you can install the .ko files that are created with insmod or modprobe. Also, go into the userland directory and execute make, and then as root "make install". That will install the libraries that your user applications will utilize, as well as other utilities such as tcpdump, etc. I think that the snort version to use these libraries has to be built separately, so go into userland/snort/daq-0.5 and execute ./configure and then make to get a set of libraries that snort can use. See all the various README files for more details.

At this point, that is as much as I can tell you. I haven't used these libraries and haven't determined what issues may arise in attempting to use them. Good luck.

Dear Rubberman,
I am confuse why make in user but make install in root? IS this commonly done everytime make install for others too? The rest I will try out and update here for others benefit too.

To install software on the system for everyone to use, it has to be done by root since the installation has to place files in locations that are only writable by root. You can install as a regular user, but you would have to configure the package (edit the userland Makefiles in the case of PF_RING) to install to the user's directory. However, in the case of the PF_RING drivers or kernel modules, those DO have to be installed by root since you are modifying the operating system.

So, the userland tools and libraries can be installed to a user's directory tree (/home/username) if you edit the makefiles to do so. The kernel mods and drivers have to be installed by root.

I hope this makes things a bit clearer.

Dear Rubberman,
Ok getting more clear. So when I press make in user account what happens actually? Then what happens when I press make install in root? What will be the output from both?

The make command always (or should always) generate the binary or other components in the local directory space. The "make install" command will, in the case of PF_RING userland tools and libraries, install those libraries, executables, configuration files, etc. into the /usr/local tree. At least, that's what it did on my system.

Dear Rubberman,
Can I conclude make is to create the binary and make install is to install the binary? Normally the binary is a compiled code rite ?Then how will make install plays its role then?

Your conclusion is correct. If you aren't familiar with how makefiles work, you might want to do some reading on the subject. The short answer to how make install works is that there is a "target" in the make file called "install", and following that are directions of what to do, such as copying files from A to B, etc. There can also be associated target dependencies, such as "install_part1", "install_part2", etc. Example:

# sample Makefile
# Note that leading spaces in the lines below should be hard tabs
install_part1:
    cp dira/part1 /usr/local/bin

install_part2:
    cp dirb/part2.so dirb/part2.a /usr/local/lib

install: install_part1 install_part2

Dear Rubbernman,
Ok getting better with the idea of make,makefile and make install I notice is something crucial in linux. But some times I notice this als is done like rpm -Uvh .... .rpm file? What is this compare to make install?

There are pre-compiled packages that, for Red Hat derived distributions (RHEL, Fedora, CentOS, SL), are distributed as RPM files. The package manager for those distributions, yum, run some scripts that verify that the package can be installed, will install dependent packages, and then install the package components in the correct places for you. Theses RPM files are (unless source code files) precompiled so you don't have to run make. They can also be uninstalled with yum. This is the preferred method of getting software for your system. Source packages that you have to configure and make / install yourself are either not available from your package repositories, or that have newer/older features that require a manual build/install.

You mention rpm -Uvh ... rpm file - using the rpm command is normally not recommended in current systems as it does not deal with missing dependencies nicely. The yum package manager is much better at that and is the recommended way to install package files in rpm format, or from available repositories such as epel, atrpms, or rpmforge.

Dear Rubberman,
Actually I was using centos 6 on a new lenovo g470 laptop where the driver was not there so then I google around only this method was found to make the network card work (rpm -Uvh ..rpm). I first did yum update even then the driver was not able to be detected.

You can install an rpm file with yum. Just execute: yum install filename.rpm

Dear Rubberman,
For that to happen where must I store the file. Must the file be in any specific folder? Thank you.

Yum can install any rpm file from any directory. However, you do need to run the command as root. For example, the LibreOffice distribution is, for most systems, not available in the repositories so you have to download the rpm files and install them individually (or in groups). In fact, you can install multiple rpm files with one command just as you can with packages in a repository, as in: yum install filea.rpm fileb.rpm ...

or

yum install packageA packageB ...

Dear Rubberman,
Thank you really learnt a lot. Beside installation how best to protect say file viewing in linux. I want certain users to log in just able to view very limited directories. What best do you suggest for that?

Give the group ownership of those directories that the user is not a member of, and set group permissions to 0. Example, using directory /home/restricted, as root do this:

# create group "restricted"
groupadd restricted

# this next command is only used if /home/restricted does not yet exist
mkdir /home/restricted

# set group ownership of all files and directories in /home/restricted to "restricted"
chgrp --recursive restricted /home/restricted

# disable other privileges on /home/restricted
chmod --recursive o-rwx /home/restricted

# enable read privileges for group restricted
chmod --recursive g+r /home/restricted

Now, the only the owner of the files/directories, or members of the restricted group may access them.

Dear Rubbernman,
So after your steps I just did this
[root@localhost /]# useradd user1
[root@localhost /]# passwd user1
Changing password for user user1.
useradd -G restricted user1
but when I log in on winscp this user cannot even go into the restricted folder but he can go all other folder which I do not want him to be able to go there.

Try changing the permissions for /restricted and its sub-directories to g+rx and did you create the restricted group? Are you sure that user1 is in that group?

Dear Rubberman,
Yes I have a group called restricted because I tried to add again the user1 thinking I have not done but it told me the user is already in it.I have changed the permission as you suggeested but is still same user1 is not in the /home/restricted directory but can go all other directories.

Have you tried rebooting? It should not be necessary, but it's a good sanity check in case the system has cached old settings somehow. Anyway, I'll test this behavior myself. Just to know, what is the file system you are using for /home?

Dear Rubberman,
I have reboot still same no difference. What do you mean by filesystem? I am not too sure about that?

Post the output of the "mount" command (no arguments) here.

Dear Rubberman,
Here it is. So the file type is ext3 right?

mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

So the file type is ext3 right?

Right. If you cd to /home, execute the command "ls -l". The entry for the restricted directory should look something like this (though the owner may vary, it should be root):

drwxr-x---.   3 root      restricted       4096 Feb 10  2011 restricted

The first field are the directory permissions, the 3rd is the owner, 4th is the group, the fifth is the size, and the last is the directory/file name. Note that the owner has full permissions (rwx), the group has read/execute (on directories, execute == search permission) permissions, and everyone else has no access. This should be the settings for all the sub-directories under /home/restricted as well, though files should be (assuming you don't want people to be able to modify a file):

-rw-r-----.   1 root      restricted       4096 Feb 10  2011 filename

If you want to allow execute permission on a file, such as a script or other executable, then it should look like this:

-rwxr-x---.   1 root      restricted       4096 Feb 10  2011 filename

Dear Rubberman,
Below is the whole thing. So this means user1 is not part of the restricted group right. So my command here is wrong is it groupadd -g restricted user1 but it tells me user1 exists?

[root@localhost home]# useradd -g restricted user1
useradd: user user1 exists
[root@localhost home]# ls -la
total 32
drwxr-xr-x 6 root root 4096 Nov 8 02:27 .
drwxr-xr-x 23 root root 4096 Nov 9 07:09 ..
drwx------ 3 adam adam 4096 Oct 26 01:48 adam
drwxr-x--- 2 root restricted 4096 Nov 8 02:19 restricted
drwx------ 3 test1 test1 4096 Nov 8 02:27 test1
drwx------ 3 user1 user1 4096 Nov 8 02:39 user1
[root@localhost home]#