/*
 * Copyright (c) 2000-2004 QoSient, LLC
 * All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2, or (at your option)
 * any later version.

 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.

 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
 *
 */

QUICK MAKE

If all things are ready, distribution untarred, and you have libpcap
and bison installed on your system, you should be able to make
argus by simply typing:

   % ./configure
   % make

If you have any problems with this procedure, read further, if not
congratulations.  You can proceed to INSTALLATION.




DEPENDENCIES

The Argus server is dependant on two public domain packages;
libpcap, which provides Argus's portable packet capture interface,
and bison().  Both of these packages must be installed in order
to compile argus.

Below is the offical source of libpcap:

LIBPCAP-0.6.2
http://www.tcpdump.org


And the official site for bison is:

bison-1.28
http://www.gnu.org/software/bison/bison.html


Because the Argus is dependant on libpcap and bison, you will
need to have installed these packages prior to building the
Argus server.  Please refer to the individual packages for
their specific installation instructions.  If you are not
interested in performing a system installtion for libpcap, then
we highly recommend untaring libpcap in the same directory
that you untared Argus.  Argus's ./configure can then easily
 find the package.

If your interest is to simply use the ra* tools on a chosen
platform, then libpcap is not needed.

Argus client tools are, however, dependant on bison.

Argus can link to the public domain package tcp_wrappers to provide
remote access control.  At this time, the lastest version is
tcp_wrappers-7.6.  If tcp_wrappers in not installed on your
system, then installing this package in the same directory
as libpcap and argus is recommended.

tcp_wrappers.7.6
Wietse Venema (wietse@wzv.win.tue.nl)
Department of Mathematics and Computing Science
Eindhoven University of Technology
P.O. Box 513
5600 MB Eindhoven
The Netherlands
ftp://ftp.porcupine.org/pub/security


Argus can also link to the cryptographic package SASL, the
Simple Authentication and Security Layer, which provides strong
authentication and wireline confidentiality for argus data.
Because of its features and flexibility, we highly recommend
using SASL, and becoming experienced with its administration.

cyrus-sasl-1.5.24
Carnegie Mellon Univeristy
http://asg.web.cmu.edu/sasl
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail


If you want to link Argus to  SASL, you'll need to have sasl
installed and configured for use.  This is not trivial, but
with newer linuxes, the process is painless.  To enable SASL
security, on a clean distribution, simply type:
 
   % ./configure --with-sasl=yes
   % make



CONFIGURE

The program, ./configure, will scan the file system, looking for
the libpcap and tcp_wrapper directories and libraries and make
assumptions about the platform.  ./configure will try to choose
between gcc, acc, cc, flex, lex, bison and yacc.  The choice of
libpcap interface, whether it is bpf, pf, enet, snit, nit, snoop
or dlpi, will be made automatically, based on the libpcap library
that is found.

If the libpcap or tcpwrapper packages are not discovered, the ./configure
script will create Makefiles so that you can build the client programs
for Argus, as these programs do not have dependancies on these packages.

Configure will create links for the libpcap.a and libwrap.a libraries
in ./lib, and will create links to the distribution directories as
./libpcap and ./wrapper.  Configure will attempt to find the libpcap
and tcp_wrappers distribution directories, and their corresponding
libraries.  The path used to find these dependancies is ./libpcap,
./wrapper, /usr/lib, /usr/local/lib, ../libpcap, ../wrapper, ../tcp_wrappers,
../libpcap-[0-9]*.[0-9ab]*, and ../tcp_wrappers[-.][0-9]*.[0-9ab]*.

Because of major changes between tcp_wrappers-6 and tcp_wrappers-7,
./configure needs to discover the tcp_wrappers version number.  It
does this by scanning the patchlevel.h file in the tcp_wrapper
distribution, as a result, ./configure will attempt to find and then
establish a link to your tcp_wrappers distribution directory.

Again, we recommend that you install your libpcap and tcp_wrappers
distribution directories, or links to them, in either the same
directory as the Argus distribution, or as the directories
./libpcap and ./wrapper, in the Argus directory.

Additionally, for linux, the linux-include directory available in 
the patched libpcap-0.0.6 distribution has been included in the 
distribution. It comes with comes with libpcap-0.0.6, however missing
some crucial files that have been added.

Configure will determine what interface will be used by Argus, by
scanning the libpcap.a library.  The resulting Argus server will be
named with an interface specific label.  This is done to assist those
who will build multiple versions of Argus from a single machine.



BUILDING ARGUS

So, after all that, to build Argus on a supported platform, first run
./configure.  ./configure will determine your system attributes and
generate subdirectories and the appropriate Makefiles from the Makefile.in
files found in the distribution.  After this, run "make".  If everything
goes well, appropriate libraries and binaries will be found in the ./bin
and ./lib subdirectories.  So, ....

   % ./configure
   % make

Argus will be found as ./bin/argus_"libpcap_interface_name".  So for
a libpcap.a that is built to support the /dev/snit interface, argus
will be named ./bin/argus_snit.  For linux, it will be name
./bin/argus_linux, for Solaris it will be named, ./bin/argus_dlpi.

The libpcap package library determines the interface type for argus, so
if you want to make argus for another interface, you will have to make
the appropriate libpcap.a for it, and install the appropriate libpcap
library in a place so that the ./configure script to find it.  After
you do that:

  % make clobber
  % ./configure
  % make


So, at this point you should have all the execuables needed.  But,
if you are having problems, it may be related to your compiler or
the flex and bison utilities.  So, ...

You will need an ANSI C compiler to build argus.  If your compiler
is not ANSI compliant, we highly recommend using the GNU C compiler,
available via anonymous ftp:

	ftp://prep.ai.mit.edu/pub/gnu/gcc-*.tar.gz


Argus requires bison and flex.  For flex, version 2.4.6 or higher
is recommended.  The current version of flex and bison are available
via anonymous ftp:

        ftp://prep.ai.mit.edu/pub/gnu/bison-*.tar.gz
        ftp://prep.ai.mit.edu/pub/non-gnu/flex/flex-*.tar.gz


Now, if you are still having problems, ..., well its hard to say
from here what it might be.  So, you may want to send us some
mail.




INSTALLATION

QUICK INSTALL

If all things are well at this point, and you will be using
the installation strategy that we use, all you need do now
is:

   # make install

This will create the /usr/argus directory and move all the
binaries, supporting programs, man pages and documenation
into /usr/local/bin, /usr/local/sbin, or /usr/argus.  At
the end, you will find argus as /usr/local/sbin/argus.

If you are unsure about the standard installtion, run

   % make -n install

to review what make will try to do.  If you would like to
do something other than the standard install, then please
continue to read through this file.


At this point your ready to run argus..


If you are planning on running argus as a persistant
daemon on your machine, then one additional step is
recommended, and that is setting up /etc/argus.conf.
 
   # cp ./support/Config/argus.conf /etc
 
You must edit /etc/argus.conf file for argus to work, as
the default configuration will have argus do a lot of work
but not output anything.

We recommend at least specifying a value for ARGUS_OUTPUT_FILE=.
If you want to attach to the running argus in realtime, then
also uncomment the line #ARGUS_ACCESS_PORT=561

 
But if you wanted to do something different, then read on.


INSTALLATION NOTES

Argus does not have any installation retrictions, so you can
install Argus anywhere.  There are some conventions that have
been established, and I'll present them here, but you can, of
course, do your own thing.

I have found it useful to have an argus home directory to hold
the binaries, argus configuration files, the argus output file,
and hold my argus data archive.  If you would like to use this
strategy, create your directory, and create the environment
variable ARGUSHOME and set it to this directory.

I have used /usr/argus on some systems, and people like that
as an alternative to the default of using /usr/local.  I prefer
putting the argus ra* client binaries in /usr/argus/bin and
argus itself, in /usr/argus/sbin, but that is just me.

After making, as root, I just:

   # mkdir /usr/argus /usr/argus/bin /usr/argus/sbin
   # cp bin/ra* /usr/argus/bin
   # cp bin/argusbug /usr/argus/bin
   # cp bin/argus_* /usr/argus/sbin/argus

It is convenient to chmod argus so that it is "setuid root",
but many feel that this is a major security problem, as any user
could then start an argus on the system, or worse, start any
program, using argus as a gate.  Although Argus is designed
to prevent this type of abuse, you never know, so use this
technique at at your discretion.
 
   # chmod 4755 /usr/argus/sbin/argus


Argus has a system configuration file that normally resides
as /etc/argus.conf.  You can install this file anywhere, but
the argus itself has a integrated $PATH that includes
/etc/argus.conf and scripts that are provided in the ./support
directory will assume that the configuration is at
/etc/argus.conf.

   # cp ./support/Config/argus.conf /etc/argus.conf

You will want to edit this file to choose values of your
liking.  The sample has all the common values set and has
enough description of the variable to get you started.


Copying the man and doc directories is nice.
   
   # tar cf - doc man | (cd /usr/argus; tar xvpf -)


This should handle the basic installion.

Any comments, patches, bug reports or additions should be sent to 
argus@lists.andrew.cmu.edu.



PORTABILITY

Argus and its supporting routines have been developed on Sparc
architectures under SunOS 4.1.x and Solaris 2.7, and have been
successfully ported to Solaris, SGI, Ultrix, Linux, Debian, OpenBSD,
NetBSD and FreeBSD platforms.  The client programs have also
been ported to Cygwin, the GNU unix environment for Windows.
 
No claim is made as to the portability of Argus to other platforms,
although it is much easier now that we've addressed the big endian
little endian issues.  If you make any modifications to support
installing and running Argus in any other environment, please send
us comments and/or patches.  We will be most grateful.

