-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathINSTALL
116 lines (86 loc) · 4.2 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
+---------+
| INSTALL |
+---------+
This assumes that you already have CIF v0.01 installed and working (in /opt/cif)
Note: read the ISSUES file first as some pieces are not completed yet!
+--------------------------------------+
| Step 1: create the CIF Lite database |
+--------------------------------------+
$ psql -U postgres (assuming your using the "postgres" user account)
psql> CREATE DATABASE cif_lite
psql> \c cif_lite
psql> \i cif-lite.sql
+-----------------------------------------+
| Step 2: Turn off Postgres ERROR logging |
+-----------------------------------------+
In /etc/postgres/9.1/main/postgresql.conf
set these values:
log_min_messages = log
log_min_error_statement = log
The CIF-Lite logic effectively first tries to do an insert of a record,
if the insert fails because of a duplicate key, then we know that the record
already exists, so then an update is done. This is faster than doing a select then
insert or update - the problem is that every failed insert gets logged as an
ERROR in postgres. Setting the minimum logging threshold to "log" ignores "errors."
+------------------------------------------------------------------+
| Step 3: fix a bug in the CIF code for support of other functions |
+------------------------------------------------------------------+
In /opt/cif/lib/CIF/FeedParser.pm
In the process function begining at line 258
Change:
if(scalar @{$batches} == 1){
insert($config,$recs);
} else {
....
To:
if(scalar @{$batches} == 1){
{
no strict "refs";
&$fctn($config,$recs);
}
} else {
....
+---------------------------------------------+
| Step 4: move CIF Lite scripts to their home |
+---------------------------------------------+
$ mv ./lib/Lite.pm /opt/cif/lib/Lite.pm
$ mv ./bin/cif_feedparser_lite /opt/cif/bin/cif_feedparser_lite
$ mv ./bin/cif_lite_client /opt/cif/bin/cif_lite_client
$ mv ./etc/server_lite.ini /opt/cif/etc/server_lite.ini
Edit /opt/cif/etc/server_lite.ini to reflect you CIF Lite database location / settings.
I used "cif_lite" as my default CIF Lite database name.
Make sure the scripts you added to /opt/cif/bin are executable:
$ chmod 775 /opt/cif/bin/cif_feedparser_lite
$ chmod 775 /opt/cif/bin/cif_lite_client
+---------------------------+
| Step 5: Test / Query data |
+---------------------------+
Try running cif_feedparser_lite against one of your feeds (-c <cfgfile> -f <feedname>):
$ perl /opt/cif/bin/cif_feedparser_lite -c /opt/cif/etc/zeustracker.cfg -f domainblocklist -T low -F
Note: the .cfg files used for CIF-Lite have been slightly modified. CIF was using the field "address" for
IPs, domains, URLs, email addresses, etc. In CIF-Lite this is specified to reduce the number of checks made
against the data. So if your feed is a domain blocklist use the field "domain" instead of "address." All of
the basic CIF .cfg files have been modified in etc to reflect this change.
You should see a bunch of lines like:
[DEBUG] INSERTED 427e036f-307b-3724-8fdf-c57d5a861265 -- 08studio.net.
...
This means that it's working.
Now you can see this CIF data in your CIF Lite database manually:
$ psql -U postgres -d cif_lite
psql> SELECT * FROM cif_lite_domain
And test access via the CIF Lite client:
/opt/cif/bin/cif_feedparser_lite -q 08studio.net
/opt/cif/bin/cif_feedparser_lite -q 08studio%
Where % instructs the query engine to do a SQL LIKE regex
+-------------------+
| Step 6: Implement |
+-------------------+
If you like this CIF Lite format or want to switch to your schema own following the methodology I used,
modify your "cif_crontool" cron scripts to use the -C option to specify your script, e.g.,
$ crontab -e
Edit the crontool to use cif_feedparser_lite:
15 * * * * /opt/cif/bin/cif_crontool -C /opt/cif/bin/cif_feedparser_lite -p hourly -T low &> /dev/null
30 00 * * * /opt/cif/bin/cif_crontool -C /opt/cif/bin/cif_feedparser_lite -p daily -T low &> /dev/null
Note: you'll also want a script in place to expire old entries from your "recent" tables that will be used for generating your blocklist updates.
If /home/cif/cif-lite is where you cloned the code, e.g.,
00 00 * * * /usr/bin/perl /home/cif/cif-lite/cif-lite/tools/expire_recent.pl