/*
 * Copyright (c) 2000-2006 QoSient, LLC
 * All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2, or (at your option)
 * any later version.

 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.

 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 */


QUICK MAKE

If all things are ready, distribution untarred, and you have libpcap
and bison installed on your system, you should be able to make
argus by simply typing:

   % ./configure
   % make

If you have any problems with this procedure, read further, if not
congratulations.  You can proceed to INSTALLATION.


DEPENDENCIES

The argus distribution is dependant on two public domain
packages; libpcap, which provides the argus server's portable
packet capture interface, and bison() which is used for
the filter compilers.  Both of these packages must be installed
in order to compile argus.

Below is the offical source of libpcap and current version:

libpcap-0.9.4
http://www.tcpdump.org/release/libpcap-0.9.4


And the official site for bison is:

bison-2.1
http://www.gnu.org/software/bison/bison.html


Because argus is dependant on libpcap and bison, you will
need to have installed it prior to building the package.
Please refer to the individual packages for installation
instructions.  If you are not interested in performing a 
system installtion for libpcap, then it is highly recommend
untaring libpcap in the same directory that you untared 
argus.  argus's ./configure can then easily find the
package.

Both argus and radium can link to the public domain package
tcp_wrappers to provide remote access control.  At this time,
the lastest version is tcp_wrappers-7.6.  If tcp_wrappers
in not installed on your system, then installing this package
in the same directory as libpcap and argus is recommended.

tcp_wrappers.7.6
Wietse Venema (wietse@wzv.win.tue.nl)
Department of Mathematics and Computing Science
Eindhoven University of Technology
P.O. Box 513
5600 MB Eindhoven
The Netherlands
ftp://ftp.porcupine.org/pub/security


Argus and radium can also link to the cryptographic package
SASL, the Simple Authentication and Security Layer, which
provides strong authentication and wireline confidentiality
for argus data.  Because of its features and flexibility, we
highly recommend using SASL, and becoming experienced with
its administration.

cyrus-sasl-1.5.24
Carnegie Mellon Univeristy
http://asg.web.cmu.edu/sasl
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail



CONFIGURE

The program, ./configure, will scan the file system, looking for
the libpcap and tcp_wrapper directories and libraries and make
assumptions about the platform which will allow ./configure to choose
between gcc, acc, cc, flex, lex, bison and yacc.  The choice of
libpcap interface, whether it is bpf, pf, enet, snit, nit, snoop or
dlpi, will be made automatically.

If the libpcap or tcpwrapper packages are not discovered, the ./configure
script will create Makefiles so that you can build the client programs
for Argus, as these programs do not have dependancies on these packages.

Configure will create links for the libpcap.a and libwrap.a libraries
in ./lib, and will create links to the distribution directories as
./libpcap and ./wrapper.  Configure will attempt to find the libpcap
and tcp_wrappers distribution directories, and their corresponding
libraries.  The path used to find these dependancies is ./libpcap,
./wrapper, /usr/lib, /usr/local/lib, ../libpcap, ../wrapper, ../tcp_wrappers,
../libpcap-[0-9]*.[0-9ab]*, and ../tcp_wrappers[-.][0-9]*.[0-9ab]*.

Because of major changes between tcp_wrappers-6 and tcp_wrappers-7,
./configure needs to discover the tcp_wrappers version number.  It
does this by scanning the patchlevel.h file in the tcp_wrapper
distribution, as a result, ./configure will attempt to find and then
establish a link to your tcp_wrappers distribution directory.

Again, we recommend that you install your libpcap and tcp_wrappers
distribution directories, or links to them, in either the same
directory as the Argus distribution, or as the directories
./libpcap and ./wrapper, in the Argus directory.

Additionally, for linux, the linux-include directory available in 
the patched libpcap-0.0.6 distribution has been included in the 
distribution. It comes with comes with libpcap-0.0.6, however missing
some crucial files that have been added.

Configure will determine what interface will be used by Argus, by
scanning the libpcap.a library.  The resulting Argus server will be
named with an interface specific label.  This is done to assist those
who will build multiple versions of Argus from a single machine.



BUILDING ARGUS

So, after all that, to build Argus on a supported platform, first run
./configure.  ./configure will determine your system attributes and
generate subdirectories and the appropriate Makefiles from the Makefile.in
files found in the distribution.  After this, run "make".  If everything
goes well, appropriate libraries and binaries will be found in the ./bin
and ./lib subdirectories.  So, ....

   % ./configure
   % make

The argus and radium will be found as ./bin/argus and ./bin/radium.

So, at this point you should have all the execuables needed.  But,
if you are having problems, it may be related to your compiler or
the flex and bison utilities.  So, ...

You will need an ANSI C compiler to build argus.  If your compiler
is not ANSI compliant, we highly recommend using the GNU C compiler,
available via anonymous ftp:

	ftp://prep.ai.mit.edu/pub/gnu/gcc-*.tar.gz


Argus requires bison and flex.  For flex, version 2.4.6 or higher
is recommended.  The current version of flex and bison are available
via anonymous ftp:

        ftp://prep.ai.mit.edu/pub/gnu/bison-*.tar.gz
        ftp://prep.ai.mit.edu/pub/non-gnu/flex/flex-*.tar.gz


Now, if you are still having problems, ..., well its hard to say
from here what it might be.  So, you may want to send us some
mail.




INSTALLATION

QUICK INSTALL

If all things are well at this point, and you will be using
the installation strategy that we use, all you need do now
is:

   # make install

This will create the /usr/local/argus directory and move all
the binaries, supporting programs, man pages and
documenation into it.

If you are unsure about the standard installtion, run

   % make -n install

to review what make will try to do.  If you would like to
do something other than the standard install, then please
continue to read through this file.


If you are planning on running the argus or radium 
as a persistant daemon on your machine, then one
additional step is recommended, and that is setting
up system wide argus and radium configuration files;
/etc/argus.conf and /etc/radium.conf.
 
   # cp ./support/Config/argus.conf /etc
   # cp ./support/Config/radium.conf /etc
 
You must edit /etc/argus.conf file for argus to work, as
the default configuration will have argus do a lot of work
but not output anything.

We recommend at least specifying a value for ARGUS_OUTPUT_FILE=.
If you want to attach to the running argus in realtime, then
also uncomment the line #ARGUS_ACCESS_PORT=561
 
At this point your ready to run the argus.

But if you wanted to do something different, then read on.

Argus does not have any installation retrictions, so you can
install Argus anywhere.  There are some conventions that have
been established, and I'll present them here, but you can, of
course, do your own thing.

I have found it useful to have an argus home directory to hold
the binaries, argus configuration files, the argus output file,
and hold my argus data archive.  If you would like to use this
strategy, create your directory, and create the environment
variable ARGUSHOME and set it to this directory.

I use /usr/local/argus.  I prefer putting  the argus and radium
binaries in /usr/local/sbin.

After making, as root, I just:

   # mkdir /usr/local/argus
   # cp bin/argusbug /usr/local/argus/bin
   # cp bin/argus /usr/local/sbin/argus

It is convenient to chmod argus so that it is "setuid root",
but many feel that this is a security problem, as any user
could then start an argus on the system.  Use this technique at
at your discretion.
 
   # chown root /usr/local/sbin/argus
   # chmod 4755 /usr/local/sbin/argus

Argus has a system configuration file that normally resides
as /etc/argus.conf.  You can install this file anywhere, but
the scripts that are provided in the ./support directory
will assume that the configuration is at /etc/argus.conf.

   # cp ./support/Config/argus.conf /etc/argus.conf

You will want to edit this file to choose values of your
liking.  The sample has all the common values set and is
a good suggestion.


Copying the man and doc directories is nice.
   
   # tar cf - doc man | (cd /usr/local/argus; tar xvpf -)


This should handle the basic installion.

Any comments, patches, bug reports or additions should be sent to 
argus@lists.andrew.cmu.edu.



PORTABILITY

Argus and its supporting routines have been developed on Sparc
architectures under SunOS 4.1.x and Solaris 2.7, and have been successfully
ported to Solaris, SGI, Ultrix, Linux, OpenBSD and FreeBSD platforms.
 
No claim is made as to the portability of Argus to other platforms, although
it is much easier now that we've addressed the big endian little endian
issues.  If you make any modifications to support installing and running
Argus in any other environment, please send us comments and/or patches.
We will be most grateful.

