FlowTraq Server

1. Download and install FlowTraq Server by downloading the installer package, gunzipping it, and running it as root:

   # wget http://www.flowtraq.com/downloads/flowtraq/flowtraq_Q1_13/FlowTraq-Q1_13-server-unix.sh.gz
   # gunzip FlowTraq-Q1_13-server-unix.sh.gz
   # sh ./FlowTraq-Q1_13-server-unix.sh.gz
                       

   It will unpack the binaries and startup scripts relevant for your OS, and install (by default) in /opt/flowtraq. Command-line tools can be found in /opt/flowtraq/clitools, and the NBAD/NBI toolkit is in /opt/flowtraq/nbitools.

   For more information on installing FlowTraq Server, please see the FlowTraq User Manual.

2. Install a license key for FlowTraq Server. The quickest way is by appending it directly to the FlowTraq configuration file. Replace the placeholders below with your own license details:

   # echo -ne "user YOURUSERNAME\nlicense FlowTraq_FULL-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX\n\n" >> /opt/flowtraq/flowtraq.conf
   # killall -HUP flowtraq
                       

   Note that you can also install the license key through the desktop GUI.

FlowTraq Web

1. Using YaST, install the required software prerequisites:

   apache2
   apache2-mod_php5
   cphp5
                       

2. Download the web GUI and unpack in your webroot:

   # cd /srv/www/htdocs
   # wget http://www.flowtraq.com/downloads/flowtraq/flowtraq_Q1_13/FlowTraq-Q1_13-web.tar.gz
   # gunzip -c FlowTraq-Q1_13-web.tar.gz | tar xvf -
                       

   	Note
   	This will create a directory called flowtraq. You will be able to access the FlowTraq web user interface by browsing to the /flowtraq directory on your webserver. We recommend installing in /srv/www/htdocs/flowtraq. If you install elsewhere, be sure to configure the baseURL configuration option in config.php.

3. Configure and launch apache. Apache needs the 'MultiViews' option to be enabled. Edit the /etc/apache2/default-server.conf and change the line that reads:

   Options None
                       

   To:

   Options Indexes MultiViews
                       

   for the default <Directory "/srv/www/htdocs"> section.

4. In Yast->System->Services, 'ENABLE' apache2, which will start the apache webserver.

   Now point your browser at http://127.0.0.1/flowtraq to verify that your installation was successful. Log in with username admin and password admin by default. If the Dashboard appears, but the graphs and tables do not load, then you license key may have expired. Contact FlowTraq to obtain a new license key.

   You will notice that the 'Threats' page remains empty. In order to use the NBI tools from the GUI you must now install the FlowTraq NBI server.

FlowTraq NBI Server

1. Using YaST, install the following additional prerequisites:

   php5-pcntl
   php5-posix
   php5-pgsql
   postgresql
   postgresql-server
                       

2. In Yast->System->Services, 'ENABLE' postgresql, which will launch the database process. Also, restart the apache2 service, which will enable the newly installed php plugins.

3. The PostgreSQL database must be configured to work with FlowTraq. The installer of the NBI server will ask for details on the database configuration. This configuration should be created in advance:

   # su - postgres
   # psql
   psql> CREATE USER flowtraq WITH PASSWORD 'pleaseuseastrongpassword';
   psql> CREATE DATABASE flowtraq;
   psql> GRANT ALL PRIVILEGES ON DATABASE flowtraq TO flowtraq;
   psql> \q
   # createlang -d flowtraq plpgsql
                       

4. Next, enable password login for PostgreSQL connections. This is done by modifying the pg_hba.conf file. On SuSE this file is located at: /var/lib/pgsql/data/pg_hba.conf. Change the line that says:

   host all all 127.0.0.1/32 ident
                       

   To:

   host all all 127.0.0.1/32 md5
                       

   Now restart the PostgreSQL server, either through Yast->System->Services or by invoking:

   # service postgresql restart
                       

5. Download and run the FlowTraq NBI installer package:

   # wget http://demo.flowtraq.com/downloads/flowtraq/flowtraq_Q1_13/FlowTraq-Q1_13-nbi_unix.sh.gz
   # gunzip FlowTraq-Q1_13-nbi_unix.sh.gz
   # sh ./FlowTraq-Q1_13-nbi_unix.sh
                       

   The NBI installer will check to ensure that the proper prerequisites have been installed (PHP, PostgreSQL, etc).

   After this, it will ask a series of questions, including the install location of the PostgreSQL database (default: 127.0.0.1), the username (default: flowtraq), and the database name (default: flowtraq). You will have to give the password for this user also.

   Finally, the NBI installer will ask you for your FlowTraq server install location, which, by default is 127.0.0.1, port 9640. You will be asked to enter aministrator credentials, such that the NBI installer can create a special flowtraq user that will invoke the detectors. Use a strong password for this special user.

6. You will need to provide the PostgreSQL connection information to FlowTraq Web. Open 'config-sample.php' in the /srv/www/htdocs/flowtraq directory for editing, and find the NBISERVER variable. Modify the placeholders in this variable to provide the username (flowtraq) and password (which you provided above) to the PostgreSQL database. Finally, save the modified configuration as /srv/www/htdocs/flowtraq/config.php

7. Return to http://127.0.0.1/flowtraq and visit the 'Threats' page to verify that you can now create detectors.

FlowTraq Server

1. Download and install FlowTraq Server by downloading the installer package, gunzipping it, and running it as root:

   # wget http://www.flowtraq.com/downloads/flowtraq/flowtraq_Q1_13/FlowTraq-Q1_13-server-unix.sh.gz
   # gunzip FlowTraq-Q1_13-server-unix.sh.gz
   # sh ./FlowTraq-Q1_13-server-unix.sh.gz
                       

   It will unpack the binaries and startup scripts relevant for your OS, and install (by default) in /opt/flowtraq. Command-line tools can be found in /opt/flowtraq/clitools, and the NBAD/NBI toolkit is in /opt/flowtraq/nbitools.

   For more information on installing FlowTraq Server, please see the FlowTraq User Manual.

2. Install a license key for FlowTraq Server. The quickest way is by appending it directly to the FlowTraq configuration file. Replace the placeholders below with your own license details:

   # echo -ne "user YOURUSERNAME\nlicense FlowTraq_FULL-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX\n\n" >> /opt/flowtraq/flowtraq.conf
   # killall -HUP flowtraq
                       

   Note that you can also install the license key through the desktop GUI.

3. Modify your firewall settings to allow incoming NetFlow, sFlow, etc:

   # ufw allow 2055
                       

FlowTraq Web

1. Install the required software prerequisites:

   # apt-get install apache2 php5 libapache2-mod-php5 php5-cli
                       

2. Download the web GUI and unpack in your webroot:

   # cd /var/www
   # wget http://www.flowtraq.com/downloads/flowtraq/flowtraq_Q1_13/FlowTraq-Q1_13-web.tar.gz
   # gunzip -c FlowTraq-Q1_13-web.tar.gz | tar xvf -
                       

   	Note
   	This will create a directory called flowtraq. You will be able to access the FlowTraq web user interface by browsing to the /flowtraq directory on your webserver. We recommend installing in /var/www. If you install elsewhere, be sure to configure the baseURL configuration option in config.php.

3. Configure and launch apache. Apache needs the 'MultiViews' option to be enabled. Edit the /etc/apache2/sites-available/default file and, if needed change the block that reads:

   Options ...
   </Directory>
                       

   To:

   Options ... MultiViews
   </Directory>
                       

   in the <Directory "/var/www"> section.

4. Restart apache2, which will start the apache webserver and enable your changes:

   # /etc/init.d/apache2 restart
                       

   Now point your browser at http://127.0.0.1/flowtraq to verify that your installation was successful. Log in with username admin and password admin by default. If the Dashboard appears, but the graphs and tables do not load, then you license key may have expired. Contact FlowTraq to obtain a new license key.

   You will notice that the 'Threats' page remains empty. In order to use the NBI tools from the GUI you must now install the FlowTraq NBI server.

FlowTraq NBI Server

1. Install the following additional prerequisites:

   # apt-get install postgresql php5-pgsql postgresql-client
                       

2. Relaunch apache2, which will start the apache webserver and enable your changes:

   # /etc/init.d/apache2 restart
                       

3. The PostgreSQL database must be configured to work with FlowTraq. The installer of the NBI server will ask for details on the database configuration. This configuration should be created in advance:

   # su - postgres
   # psql
   psql> CREATE USER flowtraq WITH PASSWORD 'pleaseuseastrongpassword';
   psql> CREATE DATABASE flowtraq;
   psql> GRANT ALL PRIVILEGES ON DATABASE flowtraq TO flowtraq;
   psql> \q
   # createlang -d flowtraq plpgsql
                       

4. Next, enable password login for PostgreSQL connections. This is done by modifying the pg_hba.conf file. On Ubuntu this file is located at: /etc/postgresql/<version number>/main/pg_hba.conf. Edit the file and, if needed, change the line that says:

   host all all 127.0.0.1/32 ident
                       

   To:

   host all all 127.0.0.1/32 md5
                       

   Now restart the PostgreSQL server:

   # /etc/init.d/postgresql restart
                       

5. Download and run the FlowTraq NBI installer package:

   # wget http://demo.flowtraq.com/downloads/flowtraq/flowtraq_Q1_13/FlowTraq-Q1_13-nbi_unix.sh.gz
   # gunzip FlowTraq-Q1_13-nbi_unix.sh.gz
   # sh ./FlowTraq-Q1_13-nbi_unix.sh
                       

   The NBI installer will check to ensure that the proper prerequisites have been installed (PHP, PostgreSQL, etc).

   After this, it will ask a series of questions, including the install location of the PostgreSQL database (default: 127.0.0.1), the username (default: flowtraq), and the database name (default: flowtraq). You will have to give the password for this user also.

   Finally, the NBI installer will ask you for your FlowTraq server install location, which, by default is 127.0.0.1, port 9640. You will be asked to enter aministrator credentials, such that the NBI installer can create a special flowtraq user that will invoke the detectors. Use a strong password for this special user.

6. You will need to provide the PostgreSQL connection information to FlowTraq Web. Open 'config-sample.php' in the /var/www/flowtraq directory for editing, and find the NBISERVER variable. Modify the placeholders in this variable to provide the username (flowtraq) and password (which you provided above) to the PostgreSQL database. Finally, save the modified configuration as /var/www/flowtraq/config.php

7. Return to http://127.0.0.1/flowtraq and visit the 'Threats' page to verify that you can now create detectors.

FlowTraq Server

1. Download and install FlowTraq Server by downloading the installer package, gunzipping it, and running it as root:

   # yum install wget
   # wget http://www.flowtraq.com/downloads/flowtraq/flowtraq_Q1_13/FlowTraq-Q1_13-server-unix.sh.gz
   # gunzip FlowTraq-Q1_13-server-unix.sh.gz
   # sh ./FlowTraq-Q1_13-server-unix.sh.gz
                       

   It will unpack the binaries and startup scripts relevant for your OS, and install (by default) in /opt/flowtraq. Command-line tools can be found in /opt/flowtraq/clitools, and the NBAD/NBI toolkit is in /opt/flowtraq/nbitools.

   For more information on installing FlowTraq Server, please see the FlowTraq User Manual.

2. Install a license key for FlowTraq Server. The quickest way is by appending it directly to the FlowTraq configuration file. Replace the placeholders below with your own license details:

   # echo -ne "user YOURUSERNAME\nlicense FlowTraq_FULL-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX\n\n" >> /opt/flowtraq/flowtraq.conf
   # /etc/init.d/flowtraq restart
                       

   Note that you can also install the license key through the desktop GUI.

FlowTraq Web

1. Install the required software prerequisites:

   # yum install httpd mod_ssl php php-process
                       

2. Download the web GUI and unpack in your webroot:

   # cd /var/www/html/html
   # wget http://www.flowtraq.com/downloads/flowtraq/flowtraq_Q1_13/FlowTraq-Q1_13-web.tar.gz
   # gunzip -c FlowTraq-Q1_13-web.tar.gz | tar xvf -
                       

   	Note
   	This will create a directory called flowtraq. You will be able to access the FlowTraq web user interface by browsing to the /flowtraq directory on your webserver. We recommend installing in /var/www/html. If you install elsewhere, be sure to configure the baseURL configuration option in config.php.

3. Configure and launch apache. Apache needs the 'MultiViews' option to be enabled. Edit the /etc/httpd/conf/httpd.conf file and, if needed change the line that reads:

   Options Indexes FollowSymLinks
                       

   To:

   Options Indexes FollowSymLinks MultiViews
                       

   in the <Directory "/var/www/html"> section.

4. Start the apache webserver, and set it to start by default:

   # service httpd start
   # /sbin/chkconfig httpd on
                       

5. Turn off SELinux. CentOS 5 turns on SELinux by default, which prevents Apache from running outside tools via CGI, including the FlowTraq command line tools. Because /opt/flowtraq is outside the httpd_t domain, httpd cannot access it. More information can be found at http://wiki.centos.org/HowTos/SELinux

   The simplest way to deal with this is to put SELinux into permissive mode. To do so, edit /etc/selinux/config and change

   SELINUX=enforcing
                       

   To:

   SELINUX=permissive
                       

   Then run:

   # setenforce permissive
                       

   If you cannot put SELinux into permissive mode, please see the following knowledge base for a workaround which involves making FlowTraq part of the httpd security domain: Knowledge Base Article.

6. Now point your browser at http://127.0.0.1/flowtraq to verify that your installation was successful. Log in with username admin and password admin by default. If the Dashboard appears, but the graphs and tables do not load, then you license key may have expired. Contact FlowTraq to obtain a new license key.

   You will notice that the 'Threats' page remains empty. In order to use the NBI tools from the GUI you must now install the FlowTraq NBI server.

FlowTraq NBI Server

1. Install the following additional prerequisites:

   # yum install postgresql postgresql-server php-pgsql
                       

2. Initialize and start postgresql:

   # service postgresql initdb
   # service postgresql start
                       

   Set postgres to be started on reboot:

   # /sbin/chkconfig postgresql on
                       

   Also, restart the apache2 service, to enable the newly installed php plugins.

   # service httpd start
                       

3. The PostgreSQL database must be configured to work with FlowTraq. The installer of the NBI server will ask for details on the database configuration. This configuration should be created in advance:

   # su - postgres
   # psql
   psql> CREATE USER flowtraq WITH PASSWORD 'pleaseuseastrongpassword';
   psql> CREATE DATABASE flowtraq;
   psql> GRANT ALL PRIVILEGES ON DATABASE flowtraq TO flowtraq;
   psql> \q
   # createlang -d flowtraq plpgsql
                       

4. Next, enable password login for PostgreSQL connections. This is done by modifying the pg_hba.conf file. On CentOS this file is located at: /var/lib/pgsql/data/pg_hba.conf. Edit the file and, if needed, change the line that says:

   host all all 127.0.0.1/32 ident
                       

   To:

   host all all 127.0.0.1/32 md5
                       

   Now restart the PostgreSQL server:

   # service postgresql restart
                       

5. Download and run the FlowTraq NBI installer package:

   # wget http://demo.flowtraq.com/downloads/flowtraq/flowtraq_Q1_13/FlowTraq-Q1_13-nbi_unix.sh.gz
   # gunzip FlowTraq-Q1_13-nbi_unix.sh.gz
   # sh ./FlowTraq-Q1_13-nbi_unix.sh
                       

   The NBI installer will check to ensure that the proper prerequisites have been installed (PHP, PostgreSQL, etc).

   After this, it will ask a series of questions, including the install location of the PostgreSQL database (default: 127.0.0.1), the username (default: flowtraq), and the database name (default: flowtraq). You will have to give the password for this user also.

   Finally, the NBI installer will ask you for your FlowTraq server install location, which, by default is 127.0.0.1, port 9640. You will be asked to enter aministrator credentials, such that the NBI installer can create a special flowtraq user that will invoke the detectors. Use a strong password for this special user.

6. You will need to provide the PostgreSQL connection information to FlowTraq Web. Open 'config-sample.php' in the /var/www/html/flowtraq directory for editing, and find the NBISERVER variable. Modify the placeholders in this variable to provide the username (flowtraq) and password (which you provided above) to the PostgreSQL database. Finally, save the modified configuration as /var/www/html/flowtraq/config.php

7. Return to http://127.0.0.1/flowtraq and visit the 'Threats' page to verify that you can now create detectors.