-
Notifications
You must be signed in to change notification settings - Fork 59
Installing Netshot 0.15.2 (or older) on Ubuntu 16 or later (or any Debian based distribution)
1. Download and unzip the Netshot distribution file
- Select your version on the Release page and copy the URL to the .zip file.
- Download that file onto your Ubuntu server and unzip:
$ wget https://github.com/netfishers-onl/Netshot/releases/download/vX.Y.Z/netshot_X.Y.Z.zip
$ unzip netshot_X.Y.Z.zip
2. Install a database server
- First choice is MySQL:
$ sudo apt-get install mysql-server
- PostgreSQL is also supported, starting with Netshot 0.10.x:
$ sudo apt-get install postgresql
3. Install Oracle Java 8
Using the PPA is probably the easiest way to go.
$ sudo add-apt-repository ppa:webupd8team/java
$ sudo apt-get update
$ sudo apt-get install oracle-java8-installer
If these commands are not available on your system (Debian), manually add the source list and import the key. Follow the instructions on this page.
Check the running Java version:
$ java -version 2>&1 | grep version
This should give 1.8.x
4. Add a dedicated system user
$ sudo adduser --system --home /usr/local/netshot --disabled-password --disabled-login netshot
5. Create the SSL certificate
$ keytool -genkey -keyalg RSA -alias selfsigned -keystore netshot.pfx -storepass password -validity 820 -keysize 4096 -storetype pkcs12 -ext san=dns:localhost -dname "CN=localhost, OU=Netshot, O=Netshot, L=A, ST=OCC, C=FR" -ext KeyUsage=nonRepudiation,digitalSignature,keyEncipherment -ext ExtendedKeyUsage=serverAuth
Press Enter when asked for a password (we don't use an additional password to protect the key in the keystore).
$ sudo mv netshot.pfx /usr/local/netshot
$ sudo chmod o-r /usr/local/netshot
This is how to generate a local certificate, but for production purpose you are obviously encouraged to request and install a certificate approved by an authority you trust, and to use another password.
Note: The PKCS12 keystore (as in this example) is supported by Netshot 0.14.1. For an older version you still need a JKS keystore.
6. Prepare files
$ sudo cp netshot.jar /usr/local/netshot
$ sudo mkdir /usr/local/netshot/drivers
$ sudo chown -R netshot /usr/local/netshot
$ sudo mkdir /var/log/netshot
$ sudo chown -R netshot /var/log/netshot
$ sudo cp netshot.conf /etc/netshot.conf
$ sudo chown netshot /etc/netshot.conf
$ sudo chmod 400 /etc/netshot.conf
$ sudo cp systemd-netshot /etc/systemd/system/netshot.service
$ sudo systemctl enable netshot.service
7. Create database and user
If you've chosen MySQL:
$ mysql -u root
> CREATE DATABASE netshot01 CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
> GRANT ALL PRIVILEGES ON netshot01.* TO 'netshot'@'localhost' IDENTIFIED BY 'netshot';
> quit
If you've chosen PostgreSQL:
$ sudo -u postgres psql
# CREATE USER netshot WITH ENCRYPTED PASSWORD 'netshot';
# CREATE DATABASE netshot01 WITH OWNER 'netshot' ENCODING 'UTF8' TEMPLATE template0;
# \q
And update /etc/netshot.conf to use the PostgreSQL driver rather than MySQL:
netshot.db.driver_class = org.postgresql.Driver
netshot.db.url = jdbc:postgresql://localhost/netshot01
8. Start Netshot service
$ sudo service netshot start
9. Manually create the initial user
If you've chosen MySQL:
$ mysql -u root
> USE netshot01;
> INSERT INTO user (level, local, username, hashed_password) VALUES (1000, 1, 'netshot', '7htrot2BNjUV/g57h/HJ/C1N0Fqrj+QQ');
If you've chosen PostgreSQL:
$ sudo -u postgres psql
# \c netshot01;
# INSERT INTO "user" (id, level, local, username, hashed_password) VALUES (0, 1000, TRUE, 'netshot', '7htrot2BNjUV/g57h/HJ/C1N0Fqrj+QQ');
Now you should be able to access Netshot with a browser, on https://localhost:8443/ on the machine itself. Use the account netshot (password netshot) for the initial login (then you can create the real users in the Admin section).
10. Optional - UDP port translation
If you want Netshot to detect changes from Syslog and/or SNMP messages sent by the devices, you can translate the UDP ports using iptables:
$ sudo cp ifup-netshot /etc/network/if-up.d/netshot
$ sudo chown root:root /etc/network/if-up.d/netshot
$ sudo chmod +x /etc/network/if-up.d/netshot