How to Install All (Ntop, Webmin, PHPSysinfo, Imspector) on UT 6.2 (All Latest Rels)

[lschafroth]

All credit for these scripts go to napa.

Please reference his original post. I am posting the cleaned up scripts here for him.

DISCLAIMER: Please turn off all automatic UT updates. These scripts make some major changes to UT. Use these at your own risk and it's up to you to put these on a production box. I have NOT tested an upgrade after installing these. Once I do an upgrade of UT, I will test to see how it effected these changes. You have been warned.

Post all questions to the other post so we can keep this one clean and for scripts only.

NOTE: squid cache does not work 100%. You cannot filter traffic, rendering it useless for regular users, but OK for power users you dont want filtered. We will keep trying to get it to work.

1. INSTALL NTOP

#Increase the APT cache

Code:

echo 'APT::Cache-Limit 30000000;' >| /etc/apt/apt.conf

#Backup the Original sources.list

Code:

cp /etc/apt/sources.list /etc/apt/sources.list.orig

#Create List Repository Debian Lenny

Code:

echo "deb http://ftp.debian.org/debian lenny main contrib non-free" >| /etc/apt/sources.list
echo "deb http://security.debian.org lenny/updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free" >> /etc/apt/sources.list
echo "deb http://www.backports.org/debian lenny-backports main contrib non-free" >> /etc/apt/sources.list
echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list

#Clean & Update Apt Cache

Code:

apt-get clean
apt-get update

#Install ntop

Code:

apt-get install ntop

#Set nTOP's admin password

Code:

ntop -A

#Configure nTOP monitoring interfaces (remove interfaces you don't want monitored)

Code:

echo 'USER="ntop"\nINTERFACES="eth0"' >| /var/lib/ntop/init.cfg

#Configure nTOP to use TCP port 4000

Code:

echo 'GETOPT="-w 4000"' >> /etc/default/ntop

#Restore the original APT sources list

Code:

cp /etc/apt/sources.list.orig /etc/apt/sources.list

#Start nTOP

Code:

/etc/init.d/ntop start

#Confirm nTOP is listening on TCP port 4000

Code:

lsof -i | grep ntop

#Configure a packet filter for nTOP (En Packet Filter)
Login to admin page, click on CONFIG, NETWORKING. At the top right click on ADVANCED to enable advanced mode. If this is the first time, it will try to run a wizard which you can cancel. After advanced mode has been enabled, click on the down arrow to the right of the word ADVANCED and select PACKET FILTER. Click on ADD which will add it to the selection. Make your screen match the following:

Code:

NAME: nTop Access
ACTION: PASS
DESTINATION LOCAL
PROTOCOL: TCP
DESTINATION PORT 4000

Dont forget to save your settings.

#Secure NTop URL
Check http://untangle-ip:4000
Click into "Admin" and "Configure" Select "Protect URL's"
Type in the admin username and password. Click "Add URL" to bring up the default site url then click "Add URL" Again.

#Access NTOP
http://untangle-ip:4000

NOTE: Ntop crashes randomly, so you may need to install monit to help restart it.

[lschafroth]

2. INSTALL WEBMIN

#Increase the APT cache (SKIP this if you have already done this in a previous script)

Code:

echo 'APT::Cache-Limit 30000000;' >| /etc/apt/apt.conf

#Backup the Original sources.list

Code:

cp /etc/apt/sources.list /etc/apt/sources.list.orig

#Create List Repository Debian Lenny

Code:

echo "deb http://ftp.debian.org/debian lenny main contrib non-free" >| /etc/apt/sources.list
echo "deb http://security.debian.org lenny/updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free" >> /etc/apt/sources.list
echo "deb http://www.backports.org/debian lenny-backports main contrib non-free" >> /etc/apt/sources.list
echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list

#Clean & Update Apt Cache

Code:

apt-get clean
apt-get update

#Install Webmin

Code:

apt-get install webmin

(answer yes to downloading the required files and yes to the un-authenticated files)
If all went well you should get the following response:
Webmin install complete. You can now login to https://untangle-ip:10000/
#Restore the original APT sources list

Code:

cp /etc/apt/sources.list.orig /etc/apt/sources.list

#Start Webmin (should already be running, but run this command to make sure)

Code:

/etc/init.d/webmin start

#Confirm Webmin is listening on TCP port 10000

Code:

lsof -i | grep webmin

#Configure a packet filter for webmin (Packet Filter)
Login to admin page, click on CONFIG, NETWORKING. At the top right click on ADVANCED to enable advanced mode. If this is the first time, it will try to run a wizard which you can cancel. After ADVANCED mode has been enabled, click on the down arrow to the right of the word ADVANCED and select PACKET FILTER. Click on ADD which will add it to the selection. Click on the EDIT icon and make your screen match the following:

Code:

NAME: Webmin Access
ACTION: PASS
DESTINATION LOCAL
SOURCE INTERFACE: Internal
PROTOCOL: TCP
DESTINATION PORT 10000

Dont forget to save your settings.
#Access Webmin
Login to http://untangleip:10000 using the UT root username and password.

NOTE: My install always places webmin in the /usr/share/webmin/ folder, not the /usr/local/webmin/ folder. This will matter during the imspector.cgi installation.

NOTES: this installation is easy

[lschafroth]

3. INSTALL PHPSYSINFO

#Increase the APT cache (SKIP this if you have already done this in a previous script)

Code:

echo 'APT::Cache-Limit 30000000;' >| /etc/apt/apt.conf

#Backup the Original sources.list

Code:

cp /etc/apt/sources.list /etc/apt/sources.list.orig

#Create List Repository Debian Lenny

Code:

echo "deb http://ftp.debian.org/debian lenny main contrib non-free" >| /etc/apt/sources.list
echo "deb http://security.debian.org lenny/updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free" >> /etc/apt/sources.list
echo "deb http://www.backports.org/debian lenny-backports main contrib non-free" >> /etc/apt/sources.list
echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list

#Clean & Update Apt Cache

Code:

apt-get clean
apt-get update

#Install fcgid (FastCGi Parse PHP without fork)

Code:

apt-get install libapache2-mod-fcgid php5-cgi

#Active Module in Apache

Code:

a2enmod fcgid

#Edit the file /etc/apache2/sites-available/uvm to allow php files (Modify)

Code:

nano  /etc/apache2/sites-available/uvm

Find the <Directory /var/www> section and change it to look like the following:

Code:

<Directory /var/www>
AddHandler fcgid-script .php
FCGIWrapper /usr/lib/cgi-bin/php5 .php
FileETag Mtime Size
</Directory>

# Verify fcqid installation worked by restarting apache. You should not get any errors except errors with the domain name. If apache fails to start, take the changes out and restart it again so you can still get to the UT admin.

Code:

/etc/init.d/apache2 restart

#Install PhpSysInfo

Code:

apt-get install phpsysinfo

Answer yes to download the required files.
#Restore the original APT sources list

Code:

cp /etc/apt/sources.list.orig /etc/apt/sources.list

#Access PhpSysInfo
http://untangle-ip/phpsysinfo

[lschafroth]

4. INSTALL IMSPECTOR (CHAT SNIFFER)
UPDATED code for imspector0.9

#Increase the APT cache (SKIP this if you have already done this in a previous script)

Code:

echo 'APT::Cache-Limit 30000000;' >| /etc/apt/apt.conf

#Backup the Original sources.list

Code:

cp /etc/apt/sources.list /etc/apt/sources.list.orig

#Create List Repository Debian Lenny

Code:

echo "deb http://ftp.debian.org/debian lenny main contrib non-free" >| /etc/apt/sources.list
echo "deb http://security.debian.org lenny/updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free" >> /etc/apt/sources.list
echo "deb http://www.backports.org/debian lenny-backports main contrib non-free" >> /etc/apt/sources.list
echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list

#Clean & Update Apt Cache

Code:

apt-get clean
apt-get update

#Install Dependencies

Code:

apt-get install make build-essential openssl libssl-dev

(answer yes to downloading the required files)

#Install Imspector

Code:

cd /tmp
wget http://www.imspector.org/downloads/imspector-0.9.tar.gz
tar zxf imspector-0.9.tar.gz
cd imspector-0.9

Code:

make

The code above takes a bit so be patient....

Code:

make install
make install-cert

The code above will ask you several questions for the cert key. Type in what you want.

#Create Folder

Code:

mkdir /etc/imspector

#Configure Imspector

Code:

cp imspector /etc/init.d/imspector
chmod 755 /etc/init.d/imspector
update-rc.d imspector defaults

# Restart UT affected UT services

Code:

/etc/init.d/untangle-net-alpaca restart
/etc/init.d/untangle-net-alpaca-iptables restart
/etc/init.d/imspector
cp /tmp/imspector-0.9/contrib/imspector.cgi /usr/share/webmin/imspector.cgi

#Restore the original APT sources list

Code:

cp /etc/apt/sources.list.orig /etc/apt/sources.list

#Access Imspector
https://untangle-ip:10000/imspector.cgi
You can view the Raw Logs here: /var/log/imspector

NOTE: With no port forwarding, this install is passive and you can view the logs. Correct me if I'm wrong. I did not do any port forwarding on my other system and I can see all the chat traffic. If you want to do badword filtering and etc, you will need to redirect.

[dmorris]

please add a disclaimer. edit: thanks!

this is not an official add-on and may have unintended consequences. I would also disable auto-upgrade.

[lschafroth]

5. INSTALL SQUID with Reporter (SARG)

#Increase the APT cache (SKIP this if you have already done this in a previous script)

Code:

echo 'APT::Cache-Limit 30000000;' >| /etc/apt/apt.conf

#Backup the Original sources.list

Code:

cp /etc/apt/sources.list /etc/apt/sources.list.orig

#Create List Repository Debian Lenny

Code:

echo "deb http://ftp.debian.org/debian lenny main contrib non-free" >| /etc/apt/sources.list
echo "deb http://security.debian.org lenny/updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free" >> /etc/apt/sources.list
echo "deb http://www.backports.org/debian lenny-backports main contrib non-free" >> /etc/apt/sources.list
echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list

#Clean & Update Apt Cache

Code:

apt-get clean
apt-get update

#Install squid

Code:

apt-get install squid squid-cgi

(answer yes to downloading the required files)

#configure squid Edit /etc/squid/squid.conf with (customize to your liking, otherwise do a CTRL W to find each line and make sure it's set as below)

Code:

nano /etc/squid/squid.conf 
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
access_log /var/log/squid/access.log squid

Add transparent to http_port 3128

Code:

http_port 3128 transparent

Add the following under their respective sections:

Code:

http_access allow all
cache_mem 32 MB
cache_dir ufs /var/spool/squid 5000 16 256
httpd_suppress_version_string on

Change your email here:

Code:

cache_mgr your@mail.com

#Restore the original APT sources list

Code:

cp /etc/apt/sources.list.orig /etc/apt/sources.list

#Configure a port forwarding in UT for all or users you want to monitor
Login to admin page, click on CONFIG, NETWORKING. At the top click on PORT FORWARDS. Click on ADD which will add it to the selection. Make your screen match the following:

Code:

ENABLED: Checked
DESCRIPTION: Squid Redirect
DESTINATION PORT: 80
SOURCE INTERFACE: Internal
PROTOCOL: TCP
NEW DESTINATION: 192.168.0.1 (change this to YOUR internal UT IP)
NEW PORT: 3128

Dont forget to save your settings.

#Configure a packet filter for webmin (Packet Filter)
Login to admin page, click on CONFIG, NETWORKING. At the top click on ADVANCED to enable advanced mode. If this is the first time, it will try to run a wizard which you can cancel. After advanced mode has been enabled, click on the down arrow to the right of the word ADVANCED and select PACKET FILTER. Click on ADD which will add it to the selection. Make your screen match the following:

Code:

NAME: Squid Proxy
ACTION: PASS
SOURCE INTERFACE: Internal
DESTINATION PORT 3128
PROTOCOL: TCP
DESTINED LOCAL

Don't forget to save your settings.

NOTE: This setup will bypass all UT Web Filtering. Use the settings below to redirect squid properly through the Web Filter in UT

NOTE: Web filtering still does not work when using squid. We are still trying to get this to work.

#Filtering seems to work by adding a file 750-squid with:

Code:

nano /etc/untangle-net-alpaca/iptables-rules.d/750-squid

# Add the following to the file:

Code:

#!/bin/dash
${IPTABLES} -t nat -A OUTPUT -p tcp --destination-port 80 -m owner --uid-owner 0 -j REDIRECT --to-ports 3128

# Set file permissions

Code:

chmod 664 /etc/untangle-net-alpaca/iptables-rules.d/750-squid

# Restart UT affected UT services

Code:

/etc/init.d/untangle-net-alpaca restart
/etc/init.d/untangle-net-alpaca-iptables restart

#restart squid

Code:

/etc/init.d/squid restart

[napa]

Imspector is not passive.

You have to redirect users to the imspector port 16667

[c4rdinal]

Hi,

Do I need Ntop, PHPSysinfo to have IMspector running?
Because, I just installed Webmin and IMspector but I can't capture any chat traffic.

Thanks

James

[napa]

No,

You need to forward 18xx (MSN port) to port 16667 listen port for imspector.

In Untangle, that's all.

[c4rdinal]

Hi,

It was mentioned above that imspector raw logs can be viewed at /var/log/imspector. But it is a directory not a file? What can I do to fix it?

Here's what I got from lsof

# lsof -i | grep imspector [root @ srv]
imspector 18644 root 5u IPv4 1109985 TCP *:16667 (LISTEN)
imspector 18644 root 6u IPv4 4224434 TCP 192.168.125.1:16667->x pc.domain.lan:1037 (ESTABLISHED)
imspector 18644 root 7u IPv4 4224435 TCP srv.domain.lan:788 7->el-in-f125.google.com:xmpp-client (ESTABLISHED)
imspector 18728 root 5u IPv4 1109985 TCP *:16667 (LISTEN)
imspector 18728 root 6u IPv4 4224710 TCP 192.168.125.1:16667->c elpc.domain.lan:1039 (ESTABLISHED)
imspector 18728 root 7u IPv4 4224711 TCP srv.domain.lan:764 2->72.14.247.125:xmpp-client (ESTABLISHED)
imspector 18981 root 5u IPv4 1109985 TCP *:16667 (LISTEN)
imspector 18981 root 6u IPv4 4225622 TCP 192.168.125.1:16667->b ethpc.domain.lan:1038 (ESTABLISHED)
imspector 18981 root 7u IPv4 4225623 TCP srv.domain.lan:767 1->72.14.247.125:xmpp-client (ESTABLISHED)
imspector 19064 root 5u IPv4 1109985 TCP *:16667 (LISTEN)
imspector 19064 root 6u IPv4 4225918 TCP 192.168.125.1:16667->c larizpc.domain.lan:1056 (ESTABLISHED)
imspector 19064 root 7u IPv4 4225919 TCP srv.domain.lan:767 9->72.14.247.125:xmpp-client (ESTABLISHED)

I already configured port forwarding from google chat port 5222 to 16667 (imspector). But no progress yet.

TIA,

James