 
README for nabou 2.1
===================================



Introduction
------------

This is the script called "nabou". Parts of it
are based on another script called "thor.pl" by
Jerry Kilpatrick <jerry@linuxscripts.com>, which
itself is based on a program called sysmon.pl which
was written by a guy named Matthew George
<emoc@vortex.misterweb.com>.

I used thor.pl on several servers but realized
many bugs and found many things, that could be
solved much better. Since the app-record of thor.pl
on freshmeat does no more exist and the Homepage of
thor.pl does also no more exist(the domain still exists,
but there is a 'cking win2k site oberthere...), I
decided to take over maintenance of the script,
give it another name and enhance/debug it myself.
The result is nabou. If you are wondering about its
name - did you ever see episode I ? If you did, you
should know ... but it's nothing meaningful, just to
have a good name ;-)

Nabou is a system integrity checker. That means, it
runs every night and watches for changes on files.
If a file has changed in any way, it will inform you
by email(if you prefer that). Beside of this it can
also look for changed or added user accounts, cronjobs,
weird processes and suid files. And you can define your
own checks using inline scriptlets.

It stores the properties for each file in a dbm database
and will warn you if something has been changed on a
file. The most important thing to check for, is the
MD5-checksum. This checksum will never be the same if
the file content has changed even if only one letter
has changed. But you can also look for some other
properties, like ownership or filemode. See the
nabourc manpage for more details on that!

You can use nabou as an Intrusion Detection System or
simply as a system monitor.



Installation
------------

You will need to install some additional perl modules
depending on how you want to use nabou. Refer to the file
README.modules for details which modules you need.

Installation is really simple, just unpack the tarball,
which you have already done if you are reading this file.

Edit the provided Makefile to suit your needs, in most
cases you only need to change the variable PREFIX.

After you are done, type:

 make install

(as root), which will install nabou and a sample configuration,
the default is the file 'linuxrc', but you can change this in
the Makefile too. This will also create the database dir.

If you have an ext2 filesystem you might also protect
nabou using chattr: "chattr +i nabou", this makes it
immutable(read only). 
For the paranoid: protect it with LIDS (http://www.lids.org):
lidsadm -A -o /root/bin/nabou -j READ
Or, use the new RSA feature described in more detail in the
nabou manpage.

Finally Edit the config file.

That's all about installation :-)




Configuration
-------------

The configuration will be described more in-depth in the
nabourc manpage.



Availability
------------

You can find the latest versions of nabou on one of the following
locations:
http://www.daemon.de/software.html
http://www.nabou.org/





Support and Feedback
--------------------

If you encounter any problems using nabou or if you have some
suggestions or bug reports, feel free to drop me an email:

Thomas Linden <tom@daemon.de>.



License and Disclaimer
----------------------

nabou is Copyright (c) 1998-2002 by Thomas Linden. nabou may be
used and distributed under the terms of the GNU General Public
License. All other brand and product names are trademarks,
registered trademarks or service marks of their respective
holders.

These programs are distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this distribution; if not, write to the 
  Free Software Foundation, Inc.
  59 Temple Place
  Suite 330
  Boston, MA 02111
  USA

The source tarball contains a file COPYING which is a copy of
the license.


Finaly, thanks for choosing nabou - keep the world secure!

