HOME

PHARM DOCUMENTATION SCREENSHOTS

ABOUT ME

Support This Project

  PHARM - Documentation : Server setup  

Installing and configuring PHARM - SERVER


** IMPORTANT: Before running PHARM Server/Clients on your honeypot install make sure your PHARM Server install is behind the firewall and the ACLs ONLY and ONLY allow access to the Pharm Server from IPs of your Honeypot sensors.

Pre-Requisites

MySQL server - I am using 5.x
Perl - Most Important :)
Perl modules:


  IO::Socket
  DBI
  Config::IniFiles

** Please click here for instruction on how to install perl modules

1. Download untar/gzip pharm setup package. This includes both server and client.
Default configs point to: /usr/local/pharm.
You can change it to any directory you want to install pharm in.

shell#> cd /usr/local
shell#> tar -zxvf pharm-1.0.1.tar.gz

Creating and setting up new database for pharm.

Make sure you have Mysql server up and running first and default mysql tables install.
** To install mysql default database : type from shell "mysql_install_db" mysql comes with that script. 2. Create database called "pharm_db".

shell#> mysqladmin -u root -p create pharm_db


3. Create a pharm_db user.

shell#> mysql -u root -p

*Enter your mysql password

mysql> use mysql;
mysql> grant all privileges on pharm_db.* to pharmer@"localhost" identified by 'mypassword';
mysql> flush privileges;



4. Create tables etc for pharm_db from the pharm_schema. Back in the shell do the following:

mysql -u pharmer -p pharm_db < /usr/local/pharm/pharm_schema.sql



At this point your pharm_db database is ready for some data.

Configure pharm server so that it can listen and put stuff into database :)

5. Edit the "pharm_s.conf" file in /usr/local/pharm/ directory. The variables there are self explanatory.
Configure the required information. Here is my pharm_s.conf file:

### PHARM - server pharm_s.conf ###

### Pharm server listening port and ip address. ###
### Make sure to setup proper firewall rules to ###
### allow only access from your honeypot sensors ###


[pharm_server]
port = 5050
ip_addr = 192.168.100.152

### Database info goes here ###

[db_info]
db_name = pharm_db
username = pharmer
password = pharm3rdb

### Store malware collected ###

[storage_malware]
malware_dir = /usr/local/pharm/malware_repo

6. Change the ip_addr , port etc info per your install.
* Make sure you give proper read/write permissions to the user that you will run PHARM server as.*
That's it..your pharm server is configured and ready to be run.

7. Run pharm server

There are couple of ways to run pharm server. With help of a script and one normaly.
I will explain script way. You can run the individual "pharm_s.pl" script on its own too.

Scripted way: pharmServer.sh is the script provided to start or stop the pharm server instance.
To start server: in the /usr/local/pharm directory

shell#> pharmServer.sh start

To stop server:

shell#> pharmServer.sh stop

At this point you should have PHARM server up and running listening for client connections.

To make sure pharm server started and is listening on the configured port. Do the following:

shell#> ps -ef | grep pharm_s
pharm_usr  20922  1  1  12:39  pts/1  00:00:00   /usr/bin/perl /usr/local/pharm/pharm_s.pl
pharm_usr  21127  19358  0  12:40  pts/1  00:00:00  grep pharm_s


To see if pharm server is listening on port 5050, do the following:

shell#> netstat -antp | grep 5050
tcp    0    0   192.168.100.152:5050   0.0.0.0:*    LISTEN


NEXT: Client setup




Copyright 2009 - Nepenthespharm.com - Parvinder Bhasin
All rights reserved.