1 | $Id: INSTALL 934 2022-12-08 21:08:05Z kdeugau $
|
---|
2 |
|
---|
3 | Requirements
|
---|
4 | ============
|
---|
5 |
|
---|
6 | - Any CGI-capable web server that can execute arbitrary files or
|
---|
7 | files with administrator-defineable extensions
|
---|
8 | - PostgreSQL. It should be possible to (fairly) trivially patch
|
---|
9 | the code for any other DBMS that supports:
|
---|
10 | - an IP address/CIDR netblock data type, supporting higher/greater,
|
---|
11 | lower/less than, contains, and is-contained-by operators
|
---|
12 | - Perl >= 5.6
|
---|
13 | - Standard modules:
|
---|
14 | These should be included in any base Perl install
|
---|
15 | - CGI::Carp
|
---|
16 | - File::Basename
|
---|
17 | - File::Path
|
---|
18 | - File::Spec
|
---|
19 | - POSIX
|
---|
20 | - Sys::Syslog
|
---|
21 | - Extra modules:
|
---|
22 | - CGI::Simple
|
---|
23 | - DBI
|
---|
24 | - DBD::Pg
|
---|
25 | - Frontier::Client and Frontier::Responder. Note that you may want to apply patch
|
---|
26 | https://secure.deepnet.cx/releases/Frontier-HTAuth.patch to support calls out to
|
---|
27 | an XMLRPC responder using HTTP AUTH, and will probably want to apply patch
|
---|
28 | https://secure.deepnet.cx/releases/Frontier-undef_scalars.patch if you want to
|
---|
29 | use the IPDB XMLRPC responder to keep your webserver error log from overflowing
|
---|
30 | with "Use of uninitialized value..." warnings.
|
---|
31 | - HTML::Template
|
---|
32 | - NetAddr::IP
|
---|
33 | - Sys::SigAction. This isn't strictly required; it's used in an
|
---|
34 | example hook for validating customer IDs against an external
|
---|
35 | database. It could arguably be replaced with sigaction() from the
|
---|
36 | POSIX module when using Perl >= 5.8.2. See eg Sys::SigAction on
|
---|
37 | CPAN (https://metacpan.org/release/LBAXTER/Sys-SigAction-0.11/view/lib/Sys/SigAction.pm)
|
---|
38 | for some thoughts on the gritty details.
|
---|
39 |
|
---|
40 | Installing the IPDB
|
---|
41 | ===================
|
---|
42 |
|
---|
43 | 1) Untar in a convenient location. You should be able to simply use the
|
---|
44 | unpacked tarball as-is, or you can run "make install" to install files
|
---|
45 | in /usr/local/lib/ipdb-#VERSION#, with configuration modules in
|
---|
46 | /usr/local/etc/ipdb-#VERSION#.
|
---|
47 |
|
---|
48 | The Makefile supports substitution on most standard
|
---|
49 | GNU/FHS-ish paths, so you could also run:
|
---|
50 |
|
---|
51 | make install prefix=/opt
|
---|
52 |
|
---|
53 | to install it under /opt.
|
---|
54 |
|
---|
55 | The Makefile also supports DESTDIR for packaging, so you can use:
|
---|
56 |
|
---|
57 | make install libdir=/usr/lib sysconfdir=/etc DESTDIR=/tmp/ipdbpkgroot
|
---|
58 |
|
---|
59 | to install for packaging under /tmp/ipdbpkgroot with the core scripts
|
---|
60 | and HTML packaged under /usr/lib/ipdb-#VERSION#, and the configuration
|
---|
61 | modules packaged under /etc/ipdb-#VERSION#.
|
---|
62 |
|
---|
63 | 2) Configuration: These module files will either be in the cgi-bin/
|
---|
64 | directory from the unpacked tarball, or /usr/local/etc/ipdb-#VERSION#
|
---|
65 | if installed with 'make install'.
|
---|
66 | a) Edit MyIPDB.pm: you need to set the database DSN and
|
---|
67 | company info. You should probably also set the syslog facility and
|
---|
68 | default custid.
|
---|
69 | b) Edit CustIDCK.pm as needed to validate customer IDs.
|
---|
70 |
|
---|
71 | 4) Create the database, and the inital tables using cgi-bin/ipdb.psql.
|
---|
72 |
|
---|
73 | 5) Configure your webserver to call the IPDB scripts at an appropriate
|
---|
74 | web path. A webroot pointing to the HTML files (first level under
|
---|
75 | the ipdb-#VERSION#/ tarball directory, or /usr/local/lib/ipdb-#VERSION#)
|
---|
76 | should work fine; a server alias under an existing virtual host should
|
---|
77 | work as well.
|
---|
78 |
|
---|
79 | Set $IPDB::webpath (the web path to your IPDB install) in MyIPDB.pm.
|
---|
80 | Straight out of the tarball it should work at the webroot, but if you
|
---|
81 | want it in a subdirectory, you'll need to set this variable to get all
|
---|
82 | of the internal links to behave properly.
|
---|
83 |
|
---|
84 | The directory containing the HTML and scripts must have at least the
|
---|
85 | following Apache directives (or other server equivalent) set:
|
---|
86 |
|
---|
87 | Options ExecCGI IncludesNoEXEC
|
---|
88 |
|
---|
89 | 6) User lists can be maintained two basic ways:
|
---|
90 |
|
---|
91 | a) Use the built-in user manager to add and remove users. This
|
---|
92 | requires mod_auth_pgsql, configured with read/write access to the
|
---|
93 | IPDB users table. A default user admin, password admin, is created
|
---|
94 | in step 4 above - make sure to create a new user as an admin, and
|
---|
95 | remove the default user (or at least change its password).
|
---|
96 |
|
---|
97 | b) Maintain an external .htpasswd file of your own, configured and
|
---|
98 | maintained however you like. In this case the access-pwd-update.pl
|
---|
99 | script should edited to match the .htpasswd filename/path and should
|
---|
100 | be called from cron to make sure new users get added to the
|
---|
101 | database, and old ones get deleted. This extra maintenance of user
|
---|
102 | lists is necessary to support the access controls, which are stored
|
---|
103 | in the database.
|
---|
104 |
|
---|
105 | You will have to either temporarily create a user "admin", so that user
|
---|
106 | can grant other users priviledges, or run the following on the database:
|
---|
107 |
|
---|
108 | UPDATE users SET acl='bacdsA' WHERE username='newadminuser';
|
---|
109 |
|
---|
110 | Replace 'newadminuser' as appropriate.
|
---|
111 |
|
---|
112 | If you don't do this, nobody will be able to make any changes;
|
---|
113 | access-pwd-update.pl only grants minimal read access to new users.
|
---|
114 |
|
---|
115 | 7) (optional) Pick a log facility by setting $IPDB::syslog_facility in
|
---|
116 | MyIPDB.pm, and tweak your syslog configuration to direct IPDB logging
|
---|
117 | to a custom log. Most logging is at the level of "info" or "warn".
|
---|
118 | Full changes are not logged. Logging verbosity isn't very high, so it
|
---|
119 | may be acceptable to leave the log stream at the defaults.
|
---|
120 |
|
---|
121 | ---
|
---|
122 |
|
---|
123 | Basic installation should now be complete! Log in as an admin user,
|
---|
124 | add your ARIN, RIPE, LACNIC, AfriNIC, or APNIC allocations and start
|
---|
125 | documenting your netblock usage.
|
---|
126 |
|
---|
127 | If you want to export rWHOIS data, see http://www.unixadmin.cc/rwhois/
|
---|
128 | for a place to start on setting up an rWHOIS server. Note that
|
---|
129 | db2rwhois.pl creates and maintains the net-<cidr> trees, all you have
|
---|
130 | to do is configure the daemon itself. Schedule runs of
|
---|
131 | cgi-bin/extras/db2rwhois.pl followed by rwhois_indexer (every hour
|
---|
132 | should be plenty often). You'll need to fill in correct organization
|
---|
133 | contact info in MyIPDB.pm.
|
---|
134 |
|
---|
135 | If you're just running from the unpacked tarball directory, you may need
|
---|
136 | to create symlinks in cgi-bin/extras/ for IPDB.pm and MyIPDB.pm,
|
---|
137 | pointing to ../IPDB.pm and ../MyIPDB.pm respectively. Otherwise
|
---|
138 | db2rwhois.pl won't be able to find these modules.
|
---|