Notes on when I installed the Big Brother software on Friday, 4-6-2001. Initially, I got a pointer from Paul C. at IBM, pointing me to the old web site at http://ftp.cdit.edu.cn/pub2/linux/security/monitor/BigBrother/features.html, which is a Chinese university. The more current stuff is at http://www.bb4.com, which is Big Brother Consulting out of Quebec, Canada. My reading of their licensing agreement says we can use their software for free, as long as we don't sell it (e.g. to a National Patent Office). I downloaded their software (bb-1.7a.tar.gz) which via a gzip -d < ~jasper/bb-1.7a.tar.gz | tar xvf - command, gives you two files, -rw-r--r-- 1 101 system 1636 Dec 15 08:24 README.FIRST -rw-r--r-- 1 root usr 1300480 Mar 14 13:24 bb17a.tar Their README.FIRST file says to 1) First create a BB account (bb, bbuser, whatever). Initialy, I installed this on reindeer (w3), so I created the local AIX account, bigbro (using userid 1984, of course). Remember to put the /etc/passwd line at the bottom of /etc/passwd.noafs if this is a standard, shared password file machine (which reindeer is). 2) Login into that account. (Password = global) 3) su root (because the bbocnfig step below, wants to write 6 cgi-bin scripts into the /usr/HTTPServer/cgi-bin directory) 4) I unpacked the tar file to /afs/d/software/BigBrother-1.7a. tar xvf bb17a.tar 5) cd bb17a 5) vi README Tried subscribing to their mailing list by sending mail to majordomo@bb4.com with "subscribe bb" in the body (not the Subject line), but the confirming e-mail I got back said this was "a relatively high-volume list, running somewhere in the neighbourhood of 1500 messages a month"! That's 50 a day! And sure enough, I got a handful of messages in the first few minutes, so I unsubscribed and subscribed to their bb-digest (about 1 a day). 6) vi README.INSTALL 7) The bbconfig step also wanted to find the dig utility, which is part of the BIND distribution, so I went to http://www.isc.org/products/BIND and picked up the latest BIND. Did the make on that and put dig in /local/bin. 8) cd install 9) ./bbconfig aix Here's the dialog from the bbconfig aix step. First they "more" out their license agreement and make you answer Do you agree to the terms of this license (y/n): y ---> OK, we'll try aix... *** WARNING: Don't run BB as root ! *** Executing BB as root is not recommended Prevent the execution of BB as user 'root' (y/n) [y]: ---> OK... BB is NOT ALLOWED to run as root BB will only start under a designated user id. The startup script will verify that the current user ID and the designated user ID are identical. Note: This check is only performed during the startup script. It does not prevent the execution of other BB binaries/scripts while working using another user ID. It only prevents you from starting BB while working another user ID. What will be the user ID of BB [bb]: bigbro ---> BB will only run from user 'bigbro' Making sure BBHOME is writable... ---> OK, /home/bigbro/bb17a is fine... Do you want to preserve the old style directory structure ? You may want to do so if you use BB extensions or externals that do not understand the new directory structure. This option is *NOT* recommend as keeping the old directory around represents a security risk. Old-style directory structure (y/n): [n] When you set up your machines, you should use Fully Qualified Domain names, this means you use the whole name, like www.bb4.com, instead of just 'www'. This is recommended. Use FQDN (y/n): [y] n ---> OK... if you must... Big Brother creates HTML pages with the status of your network. You'll need a web server to publish this information. What machine will be the BBDISPLAY [reindeer.delphion.com]: w3.delphion.com ---> OK... w3.delphion.com will be a BBDISPLAY Big Brother sends important messages to a pager server. This machine will at a minimum to be able to send mail. What machine will be the BBPAGER [w3.delphion.com]: ---> OK... w3.delphion.com will be a BBPAGER Some questions regarding the current host (reindeer.delphion.com) will be asked. Is this host a BBDISPLAY host (y/n): [y] Is this host a BBPAGER host (y/n): [y] Enter the default recipient: [root@localhost] rick@delphion.com Since Big Brother produces results to be displayed on web pages, we need to know where to view these results. Enter the base URL for BB [/bb]: /BigBrother ---> OK... Big Brother will live under http://w3.delphion.com/BigBrother Big Brother also uses CGI scripts to create dynamic output. What directory do these scripts live in? Enter CGI directory [/home/www/httpd/cgi-bin]: /usr/HTTPServer/cgi-bin ---> OK... CGI scripts will live at /usr/HTTPServer/cgi-bin Enter the base URL of the CGI scripts [/cgi-bin]: ---> OK... The base URL location of CGI scripts is in /cgi-bin -------------------------------------------------------- --> UPDATING Makefile --> UPDATING runbb.sh --> UPDATING bbsys.local --> CHECKING COMMAND PATHNAMES *** Verifying pathnames to necessary commands... DIG is unavailable, the directive "dig" cannot be used in bb-hosts MSGFILE=/var/adm/syslog/syslog.log is incorrectly defined, fix in bbsys.local ============================================================================== There is no /var/adm/syslog directory. RAJ I fixed this in step 14) below. RAJ ============================================================================== *** The following changes need to be made... --> /usr/bin/dig changed to /local/bin/dig *** Making changes... *** We've noticed that we've set some of the pathnames wrong *** by default here. May we mail a summary of the paths we *** missed back to info@bb4.com so we can update our installs? [y/n] n *** Done. --> UPDATING bbdef.sh --> UPDATING URL location --> INSTALLING CGI scripts BB needs to set the group name of the www/rep directory to the group name of the web server by using its user name Enter web server user id [nobody]: ipsrun You may override the group name determined by the previous step. Enter group name [staff]: www --> SETTING WRITE PERMISSION FOR OWNER AND GROUP FOR www/rep --> CHANGING THE GROUP ID OF www/rep --> UPDATING pager scripts -------------------------------------------------------- --> Done. Now do cd ../src make make install cd ../.. chown -R bigbro bbvar bb where bb is the new version's directory name <<<<<=-=-=-=-=-=-=-=- End of my capture of the bbconfig aix step. =-=-=-=-=-=-=-=- >>>>> 10) What do I know? I did as I was told and the make failed trying to use gcc (sigh!). Changed line 3 of the /home/bigbro/bb17a/src/Makefile from CC = gcc to CC = xlc and now make runs, but I got 6 error messages on bbd.c & bbnet.c, line xxx.yy: 1506-280 (E) Function argument assignment between types "void(*)(int)" and "void*" is not allowed. The both seemed to compile, though. 11) All the make install did was rm -f *.o mv bb bbd bbnet touchtime dumphostsvc bbstat getipaddr ../bin that is, ../bin = /afs/d/software/base/BigBrother-1.7a/bb17a/bin. 12) cd ../.. chown -R bigbro bb17a bbvar You can now exit to get out of the su to root, and become uid=bigbro again. 13) Their Step 3 in /home/bigbro/bb17a/README.INSTALL has you update the /home/bigbro/bb17a/etc/bb-hosts file. It says to read /home/bigbro/bb17a/install/README for details. This bb-hosts file seems the key file. It describes the hosts you wish to monitor as well as what to monitor on each of the host. cd /home/bigbro/bb17a/etc cp -p bb-hosts bb-hosts.orig vi bb-hosts For now, I made this file be # # THE BIG BROTHER HOSTS FILE # # THIS FILE SHOULD BE THE SAME ON ALL SYSTEMS RUNNING BIG BROTHER # CHANGE THIS FILE TO REFLECT YOUR ENVIRONMENT! # 10.24.1.62 reindeer.delphion.com # BBPAGER BBNET BBDISPLAY http://w3.delphion.com 10.24.1.1 afs1.delphion.com # 10.24.1.22 baboon.delphion.com # 10.24.1.23 badger.delphion.com # 10.26.0.3 indirect.delphion.com # 10.24.1.32 elephant.delphion.com # 10.24.1.98 lizard.delphion.com # 10.24.1.254 loon.delphion.com # dns 10.24.1.49 ncc-312.delphion.com # 10.24.1.51 octopus.delphion.com # 10.24.1.93 patimg0.delphion.com # 10.24.1.105 patimg1.delphion.com # 10.24.1.101 rhino.delphion.com # 10.24.1.79 skunk.delphion.com # 10.24.1.107 spectre.delphion.com # 10.24.1.67 trantor.delphion.com # 10.24.1.111 walrus.delphion.com # 14) Step 4 in README.INSTALL has you run the etc/bbchkcfg.sh & etc/bbchkhosts.sh scripts to check your work. bbchkcfg.sh gave these errors, If any comments are displayed, please fix the entries in your configuration *** Verifying pathnames to necessary commands... MSGFILE=/var/adm/syslog/syslog.log is incorrectly defined, fix in bbsys.local *** All pathnames OK. LOCKPREFIX=/var/lock/LCK.. is not a valid entry bbwarnsetup.cfg: /dev/cuaa0 is an invalid entry in the ttyline token This is a valid error only if this host is a BBPAGER host For the syslog error, I added *.info /var/adm/syslog.info.log to /etc/syslog.conf file, touch /var/adm/syslog.info.log refresh -s syslogd and updated the MSGFILE line in /home/bigbro/bb17a/etc/bbsys.local >>>> <<<< Soon later though, I took out that line in /etc/syslog.conf and >>>> <<<< refresh -s syslog again, 'cause too much crap was getting >>>> <<<< written in there, mostly by sendmail but also ssh >>>> For the /var/lock/LCK.. error, I updated the LOCKPREFIX= line in /home/bigbro/bb17a/etc/bbsys.sh. Now bbchkcfg.sh runs clean. bbchkhosts.sh runs clean, too. 15) Step 5 in README.INSTALL has you cd /home/bigbro ln -s bb17a bb Which makes it easier to update to a newer version of BigBrother in the future by simply switching links. 16) Step 6 in README.INSTALL is where you tie "the base URL for BB [/bb]:" asked during the "bbconfig aix" step above, to your http://w3.delphion.com/BigBrother. You need to be root, so su ln -s /home/bigbro/bb17a/www /usr/HTTPServer/htdocs/w3/BigBrother (/usr/HTTPServer/htdocs/w3 is DocumentRoot). To start BigBrother, exit To get out of the su and become bigbro again. cd /home/bigbro/bb17a runbb.sh start After a few minutes, this got me a web page at http://w3/BigBrother, but all it had was the stuff for reindeer all the way across the top, and just the ping-test "conn" down the bottom for all the others. This is expected, because I don't have any of the clients configured yet. 17) To get it started at each system boot, vi /etc/inittab and added this line, bigbrother:2:once:/usr/bin/su bigbro -c "/home/bigbro/bb/runbb.sh start" 18) To make it easy to configure all the client machines, I copied everything over into AFS. klog jasper cd /home/bigbro cp -pRh bb17a /afs/d/software/base/BigBrother-1.7a/bb17a cp -pRh bbvar /afs/d/software/base/BigBrother-1.7a/bbvar cp -pRh bb /afs/d/software/base/BigBrother-1.7a/bb 19) To configure the client machines, you create "tarballs" for them, create the bigbro userid on each system, and untar the tarball under /home/bigbro. cd /afs/d/software/base/BigBrother-1.7a/bb17a/install for i in reindeer afs baboon badger indirect elephant lizard loon ncc-312 octopus patimg0 patimg1 rhino skunk spectre trantor walrus do bbclient $i done This created a bunch of files at /afs/d/software/base/BigBrother-1.7a called bb-.tar 20) Then on each client machine, smitty mkuser User NAME => bigbro User ID => 1984 HOME directory => /home/bigbro Initial PROGRAM => /bin/ksh User INFORMATION => Big Brother Monitor Software Login AUTHENTICATION GRAMMAR => compat Password REGISTRY => files If this is a SSI machine, then grep bigbro /etc/passwd >> /etc/passwd.noafs Then to populate /home/bigbro, cd /home/bigbro tar xvf /afs/d/software/base/BigBrother-1.7a/bb-$(uname -n).tar ln -s bb17a bb Like above, the bbchkcfg.sh script complained about MSGFILE=/var/adm/syslog.info.log, so echo '' > /var/adm/syslog.info.log But since I don't know when this file is used or written to, for the client machines, I opted to leave these other two steps undone, Added *.info /var/adm/syslog.info.log to /etc/syslog.conf file, refresh -s syslogd To check your work, cd /home/bigbro/bb17a/etc ./bbchkcfg.sh ./bbchkhosts.sh To get the daemons running, su - bigbro -c "cd bb;./runbb.sh start" To get it started at each system boot, vi /etc/inittab and added this line, bigbrother:2:once:/usr/bin/su bigbro -c "/home/bigbro/bb/runbb.sh start"