diff options
Diffstat (limited to 'old/glougloud/README.txt')
-rw-r--r-- | old/glougloud/README.txt | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/old/glougloud/README.txt b/old/glougloud/README.txt new file mode 100644 index 0000000..8a8c702 --- /dev/null +++ b/old/glougloud/README.txt @@ -0,0 +1,51 @@ +glougloud - glouglou daemon, for network traffic visualisation in real time + + +=== Requirements === + +* libglouglou + +Known to work on OpenBSD 5.1 and Linux 3.4 + + +=== Installation === + +git clone git@meg:glouglou + +sudo useradd -d /var/empty/ -s /sbin/nologin _glougloud + + +=== Usage === + +* Run the daemon + +cd glouglou/glougloud/ +sudo ./glougloud + +It logs to /var/log/glougloud. +For the moment it monitors lo0 interface. + +* Connect to the daemon + +nc -vvv -u 127.0.0.1 4430 |hexdump -C + +You get informations of traffic flowing on the monitored interface. + + +=== Notes on architecture and security === + +glougloud is architectured in 3 processes: + * main process, runs as root, opens the capture interfaces with +libpcap and resolves DNS names + * server process, runs as _glougloud user and chrooted in _glougloud +home, listens and accepts or refuses clients connections + * user process, runs as _glougloud user and chrooted in _glougloud +home, parses the captured network traffic and sends a summary to the +connected clients + +The 3 processes exchanges messages througt messages, with OpenBSD imsg +framework. + +Note that glougloud activates extra protections on pcap capture only +on OpenBSD by reimplementing some of libpcap functions, see +glougloud.c my_pcap_open_live() |