 
README for nabou 2.2
===================================



Introduction
------------

This is the script called "nabou". Parts of it
are based on another script called "thor.pl" by
Jerry Kilpatrick <jerry@linuxscripts.com>, which
itself is based on a program called sysmon.pl which
was written by a guy named Matthew George
<emoc@vortex.misterweb.com>.

I used thor.pl on several servers but realized
many bugs and found many things, that could be
solved much better. Since the app-record of thor.pl
on freshmeat does no more exist and the Homepage of
thor.pl does also no more exist(the domain still exists,
but there is a 'cking win2k site oberthere...), I
decided to take over maintenance of the script,
give it another name and enhance/debug it myself.
The result is nabou. If you are wondering about its
name - did you ever see episode I ? If you did, you
should know ... but it's nothing meaningful, just to
have a good name ;-)

Nabou is a system integrity checker. That means, it
runs every night and watches for changes on files.
If a file has changed in any way, it will inform you
by email(if you prefer that). Beside of this it can
also look for changed or added user accounts, cronjobs,
weird processes and suid files. And you can define your
own checks using inline scriptlets.

It stores the properties for each file in a dbm database
and will warn you if something has been changed on a
file. The most important thing to check for, is the
MD5-checksum. This checksum will never be the same if
the file content has changed even if only one letter
has changed. But you can also look for some other
properties, like ownership or filemode. See the
nabourc manpage for more details on that!

You can use nabou as an Intrusion Detection System or
simply as a system monitor.



Installation
------------

You will need to install some additional perl modules
depending on how you want to use nabou. Refer to the file
README.modules for details which modules you need.

Installation is really simple, just unpack the tarball,
which you have already done if you are reading this file.

The first thing is to execute the configuration script:

 ./configure

You can tweak the installation using some commandline flags.
Use --help to find out, what can be modified. Here are the
most important flags:

 --prefix        the installation path prefix (default: /usr/local).
 --localstatedir where nabou will store its databases.
 --sysconfdir    where the configuration file(s) are installed.

The configure script also determines the location of the
required binaries and looks if all required perl modules
are installed. If all went well, you are ready to install:

 make install

Finally, if you have an ext2 filesystem you might also protect
nabou using chattr which makes it immutable(read only):

 chattr +i nabou

For the paranoid: protect it with LIDS (http://www.lids.org):

 lidsadm -A -o /root/bin/nabou -j READ

Or, use the new RSA feature described in more detail in the
nabou manpage.


Finally Edit the config file.

That's all about installation :-)




Configuration
-------------

The configuration will be described more in-depth in the
nabourc manpage.



Availability
------------

You can find the latest versions of nabou on one of the following
locations:
http://www.daemon.de/software.html
http://www.nabou.org/





Support and Feedback
--------------------

If you encounter any problems using nabou or if you have some
suggestions or bug reports, feel free to drop me an email:

Thomas Linden <tom@daemon.de>.



License and Disclaimer
----------------------

nabou is Copyright (c) 1998-2004 by Thomas Linden. nabou may be
used and distributed under the terms of the GNU General Public
License. All other brand and product names are trademarks,
registered trademarks or service marks of their respective
holders.

These programs are distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this distribution; if not, write to the 
  Free Software Foundation, Inc.
  59 Temple Place
  Suite 330
  Boston, MA 02111
  USA

The source tarball contains a file COPYING which is a copy of
the license.


Finaly, thanks for choosing nabou - keep the world secure!

