D4
/
analyzer-d4-passivedns
mirror of https://github.com/D4-project/analyzer-d4-passivedns
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [doc] minimal install guide added

pull/3/head
Alexandre Dulaunoy 2019-03-31 12:03:47 +02:00
parent cb7d777d9d
commit 594b6a87ee
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 56 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
README.md
View File

@ -1,7 +1,7 @@
# analyzer-d4-passivedns # analyzer-d4-passivedns
analyzer-d4-passivedns is an analyzer for a D4 network sensor. The analyser can process data produced by D4 sensors (in [passivedns](https://github.com/gamelinux/passivedns) CSV format (more to come)) and analyzer-d4-passivedns is an analyzer for a D4 network sensor. The analyser can process data produced by D4 sensors (in [passivedns](https://github.com/gamelinux/passivedns) CSV format (more to come)) and
ingest them into a Passive DNS server which can be queried later to search for the Passive DNS records. ingest these into a Passive DNS server which can be queried later to search for the Passive DNS records.
# Features # Features
@ -9,13 +9,67 @@ ingest them into a Passive DNS server which can be queried later to search for t
- A compliant [Passive DNS ReST server compliant to Common Output Format](https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-04) - A compliant [Passive DNS ReST server compliant to Common Output Format](https://tools.ietf.org/html/draft-dulaunoy-dnsop-passive-dns-cof-04)
- A flexible and simple analyser which can be configured to collect the required records from DNS records - A flexible and simple analyser which can be configured to collect the required records from DNS records
# Requirements # Overview
## Requirements
- Python 3 - Python 3
- Redis >5.0 - Redis >5.0
- Tornado - Tornado
- iptools - iptools
## Install
~~~~
./install_server.sh
~~~~
All the Python 3 code will be installed in a virtualenv (PDNSENV).
## Running
### Start the redis server
Don't forget to set the DB directory in the redis.conf configuration. By default, the redis for Passive DNS is running on TCP port 6400
~~~~
./redis/src/redis-server ./etc/redis.conf
~~~~
### Start the Passive DNS COF server
~~~~
. ./PDNSENV/bin/activate
cd ./bin/
python3 ./pdns-cof-server.py
~~~~
### Configure and start the D4 analyzer
~~~~
cd ./etc
cp analyzer.conf.sample analyzer.conf
~~~~
Edit the analyzer.conf to match the UUID of the analyzer queue from your D4 server.
~~~~
[global]
my-uuid = 6072e072-bfaa-4395-9bb1-cdb3b470d715
d4-server = 127.0.0.1:6380
# INFO|DEBUG
logging-level = INFO
~~~~
then you can start the analyzer which will fetch the data from the analyzer, parse it and
populate the Passive DNS database.
~~~~
. ./PDNSENV/bin/activate/
cd ./bin/
python3 pdns-ingestion.py
~~~~
# License # License
The software is free software/open source released under the GNU Affero General Public License version 3. The software is free software/open source released under the GNU Affero General Public License version 3.