Installing mwcollectd¶
mwcollectd must be started as root and you need to be able to run a recent kernel with capabilities and netfilter compiled in, you also need to be able to use the NFQUEUE feature of netfilter (not available on all vservers).
Dependencies¶
You need to install the following libraries (and their respective development headers) to build mwcollectd:
- libnetworkd (always use most recent version from GIT)
- libemu (be sure to use the mwcollect.org version, as it is different from the mainstream branch)
- libssl-dev
- libcurl-dev
- libnetfilter-queue-dev
(optional dependencies required for certain features)
Additionally, mwcollectd requires the following build tools:
- g++ >= 4.1
- libtool
- automake >= 1.9
- autoconf
- git
For service emulation, you will also need Python (as service emulations are written in Python):
- python >= 3.1 (python 3.0.1 is known to work but requires configure.ac adjustments)
Building mwcollectd¶
mwcollectd uses autoconf and building it is therefore quite straight-forward.
Obtaining the source code¶
The latest source is available from our GIT repository:
mkdir /usr/src/mwcollectd; cd /usr/src/mwcollectd git init git remote add origin http://git.mwcollect.org/mwcollectd/ git pull origin master
Configuring¶
You probably need to adjust the paths to the libraries, usually I put manually compiled libraries into /opt/.
autoreconf -vi ./configure --prefix=/opt/mwcollectd --with-libnetworkd=/opt/libnetworkd --with-libemu=/opt/libemu
If configure cannot find your Python 3 installation, you need to create a symlink from your custom prefix to /usr/bin:
ln -s /opt/python3/bin/python3-config /usr/bin/python3-config
This will somewhen be made obsolete with a niftier configure.ac...
Build and install¶
If configure did not complain about missing stuff, you can now build and install. If python or libemu is not found, the python or libemu module simply won't be built but configure will finish properly nevertheless.
make -j2 sudo mkdir /opt/mwcollectd; chown oxff:oxff /opt/mwcollectd make install
Configuration¶
If everything went well, you should now have a directory called etc/mwcollectd/ (under your respective prefix). The main configuration file responsible for specifying other configuration files and loading modules is mwcollectd.conf:
#
# _ _ _ _
# _ __ _____ _____ ___ | | | ___ ___| |_ __| |
# | '_ ` _ \ \ /\ / / __/ _ \| | |/ _ \/ __| __/ _` |
# | | | | | \ V V / (_| (_) | | | __/ (__| || (_| |
# |_| |_| |_|\_/\_/ \___\___/|_|_|\___|\___|\__\__,_|
#
# Default configuration, 2009-09-01
{
# Set the number of maximum file descriptors with rlimit.
# Defaults to 0 ~> no change attempted.
#max-fd = 1024
modules
{
# Where to look for the compiled shared libraries / modules.
library-path = "/opt/mwcollectd/lib/mwcollectd";
# Modules to load upon startup, each entry has the form of either
# "<module-so>" to load a module without configuration or
# "<module-so>:<module-conf>" to load a module with configuration file.
autoload = [
# "log-irc.so:log-irc.conf",
"log-file.so",
"dynserv-nfqueue.so:dynserv-nfqueue.conf",
"dynserv-mirror.so:dynserv-mirror.conf",
"embed-python.so:embed-python.conf",
"shellcode-libemu.so",
"filestore-streams.so:filestore-streams.conf"
];
# If set to `yes', we need all modules to load without error or abort execution.
# Defaults to `no'.
require-graceful = "yes";
}
}
Each module that is being loaded with configuration file should have it's configuration file edited as well. All available options are listed in the configuration files and commented, so this is pretty self explanatory.
Running mwcollectd¶
Invocation of mwcollectd is straightforward, a list of commandline parameters is available via the -h commandline option:
_ _ _ _
_ __ _____ _____ ___ | | | ___ ___| |_ __| |
| '_ ` _ \ \ /\ / / __/ _ \| | |/ _ \/ __| __/ _` |
| | | | | \ V V / (_| (_) | | | __/ (__| || (_| |
|_| |_| |_|\_/\_/ \___\___/|_|_|\___|\___|\__\__,_|
Copyright 2009 Georg Wicherski, Kaspersky Labs GmbH <gw@mwcollect.org>
This program is licensed under the GNU Lesser General Public License.
Usage: ./sbin/mwcollectd [options]
The supported options are:
-c <path> specify the path to the configuration file
-u <user>[:<group>] drop privilegues after initialization
-l log to console and do not go into background
-h display this help message
Since this is beta-software in development, I recommend running mwcollectd in the foreground inside a screen:
sudo screen -S mwcollectd ulimit -c unlimited sudo ./sbin/mwcollectd -l
However, all commandline options are implemented, so dropping privilegues & running in background are supported.
If mwcollectd does crash, please be so kind to tar & lzma compress the coredump and your involved binaries and send them to gw [at] [ignore this] mwcollect [dot] org.