HOME

PHARM DOCUMENTATION SCREENSHOTS

ABOUT ME

Support This Project

  PHARM - Documentation : Web setup  

Installing and configuring PHARM - WEB REPORTING

Pre-Requisites

Perl Modules required:

CGI
CGI::Session
CGI::Carp
Geo::Coder::HostIP
LWP
Config::IniFiles

Installing the modules from CPAN repo:

cpan> install CGI
cpan> install CGI::Session
cpan> install CGI::Carp
cpan> install Config::IniFiles
cpan> install use Geo::Coder::HostIP


note: ** you may have to force the install so do so, type:

cpan> force install Geo::Coder::HostIP
cpan> install LWP



1. Download and untar the 'pharm-web-1.0.tar.gz' file in /var/www/

[shell#/var/www/] tar -zxvf pharm-web-1.0.tar.gz


Configure apache - httpd.conf

Like anything there are other ways to doing same stuff here is my approach.

Add the following to you httpd.conf for pharm:

Alias /pharm /var/www/pharm/

<Directory "/var/www/pharm">
 Options +ExecCGI Indexes FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
</Directory>

<Directory "/var/www/pharm/cgi-bin">
  Options +ExecCGI
</Directory>


2. Create a "temp" directory in /var/www.
I won't recommend creating it under the pharm directory as this directory that will be used to store session data.
Make sure you give read/write access to the apache user (daemon) or any other user that you are running apache under.

3. Move the pharm_web.conf from the /var/www/pharm/conf/ directory to /etc directory.

[shell#/var/www/pharm/conf/] mv pharm_web.conf /etc

Make sure that you give read access to apache user (daemon)

4. Edit the pharm_web.conf and fill in the required fields
Fields are pretty self explanatory.
Here is my pharm_web.conf file:

### PHARM WEB PORTAL CONFIGURATION ###
### Database ####
[db_info]

db_name = pharm_db
username = pharmer
password = pharm3r

### Top attackers ####
[top]
attackers = 5

### Session state ###
### session_dir is the directory where to store session state. Directory has to have write access ###
[web_session]
session_dir = /var/www/temp

[display]
attackers = 5
attacks_perpage = 25

[malware]
malware_dir = /var/www/pharm/malware_info

[maps]
api_key=ABQIAAAAIx0mH4F9ex97tjY0UP3vXxR2Oyry79XpPwWrXvbvZi5PwtPBpRS0ukCbYLiFkILpFKBtvjeRUrPc1g



** The display fields define values for how many attacker's geo location mapped in the google map.
** The attacks_perpage defines value of how many records you would like to see per honeypot in a page.
** Input your google maps api key under api_key
** GOOGLE maps api key: Go to http://code.google.com/apis/maps/signup.html to get your own maps api key.
Keep in mind that you can get as many keys as you want and each key is unique to the url that you would type.

Use the FQDN that you would use to access the pharm web portal to generate the api key.
For example if I am accessing web server locally on my lan and the machine's FQDN name is "server.hackme.org",
then I would signup for maps api key with that name (server.hackme.org).

If everything is on the same box and I am using for localy testing the web portal (localhost) , then I would signup with "localhost" to generate the key. The key that is currently in the sample config is tied to localhost.


5. Make sure you have read and execute permissions set on the /var/www/pharm/cgi-bin/ directory.

6. Test the portal by opening up a browser and typing in "http://localhost/pharm/" on the browser.

7. Login as user : admin password: pharm3r!
** Change admin password after login by clicking on "MY PROFILE" and changing the password.



Copyright 2009 - Nepenthespharm.com - Parvinder Bhasin
All rights reserved.