HOME

PHARM DOCUMENTATION SCREENSHOTS

ABOUT ME

Support This Project

  PHARM - Documentation : Server setup  

Installing and configuring PHARM - CLIENT


** IMPORTANT: Before running PHARM Server/Clients on your honeypot install make sure your PHARM Server install is behind the firewall and the ACLs ONLY and ONLY allow access to the Pharm Server from IPs of your Honeypot sensors.

Pre-Requisites

* Make sure you have pharm server up and running and listening ..of course :)

Just like server we need the following Perl modules installed:

IO::Socket
File::Tail
Config::IniFiles
Click here for instruction on how to install perl modules

1. Download untar/gzip pharm setup package. This includes both server and client. Default configs point to: /usr/local/pharm.
You can change it to any directory you want to install pharm in.

shell#> cd /usr/local
shell#> tar -zxvf pharm-1.0.1.tar.gz

IMPORTANT: ** PHARM client has 2 perl scripts. Both the scripts monitor two different nepenthes log files.

 - pharm_c.pl is used to monitor the "logged_submissions" log file
 - pharm_c2.pl is used to monitor the nepenthes.log file.

2. POINT the log_path and log_file in the pharm_c.conf file accordingly.

3. Likewise point the binaries_loc in pharm_c.conf according to your nepenthes setup. This is where nepenthes stores malware collected.

Here is my pharm_c.conf file just for example:


### PHARM - Clients pharm_c.conf ###


### Pharm Server port and ip address ####
[pharm_server]
port = 5050
ip_addr = 192.168.100.152


### Location of where nepenthes stores its logfiles ###
### The log file to read ###

[nepenthes_logs]
log_path = /var/log/
log_file = nepenthes.log


[logged_submissions]
log_path = /var/log/nepenthes/
log_file = logged_submissions


### Location of where nepenthes stores the binaries captured ###
[binaries]
binaries_loc = /var/lib/nepenthes/binaries


** Make sure there is NO extra spaces towards the end of the conf file.
4. Run pharm client using provided script or you can run them individually (good for troubleshooting)

shell#> /usr/local/pharm/pharmClients.sh


NEXT: WEB PORTAL SETUP


Copyright 2009 - Nepenthespharm.com - Parvinder Bhasin
All rights reserved.