If this is not a new installation of DEMARC, please see the UPGRADE document.  
This document is intended for new installations.

If you have not already done so, download the latest DEMARC tarball from http://demarc.org/ 

# tar zxvf demarc-<current_version>.tar.gz

# mv demarc-<current_version>.tar.gz /usr/local/demarc

If you do not use the "nobody" account for your webserver, please substitute the user that runs your webserver for "nobody" in the following two lines.

# chown nobody /usr/local/demarc/tmp
# chmod 700 /usr/local/demarc/tmp

Make sure that the first line of the following files
you just copied have the correct path to the perl interpreter on
your system. This usually does NOT need to be changed from the
default "#!/usr/bin/perl" though:

 /usr/local/demarc/bin/demarcd
 /usr/local/demarc/cgi/demarc
 /usr/local/demarc/install/dm_load_db.pl
 /usr/local/demarc/check_pms.pl



Now follow the instructions in "INSTALL-prepare-database" to set up your new mysql database.


-------------------------------------------
Preparing Apache:


 Apache is the only supported webserver at this time, however that does not
 mean it won't work on other web servers. In fact, there's no real reason for
 it not to run on any server that runs perl scripts, however we've only
 tested it on Apache. If you test it on another webserver, please send us an
 email with the details.

 DEMARC will run much faster when using mod_perl, and is optimized for use with
 mod_perl, however it will run perfectly with regular Perl as well, just a
 little slower. If you are using Virtual Hosts place the following between your
 <VirtualHost ...></VirtualHost> tags, otherwise place at the bottom of your
 httpd.conf file (located in "/usr/local/www/conf/" if you followed the supplied
 instructions). Replace your_domain with your actual domain name.

  In your httpd.conf:
  -------------------
  Redirect /demarc https://your_domain.com/dm/demarc
  Alias /dm_images "/usr/local/demarc/images"
  <Directory "/usr/local/demarc/cgi">
    AllowOverride all
    DirectoryIndex demarc
  </Directory>
  --------------------

  For regular Perl add:
  --------------------
  ScriptAlias /dm "/usr/local/demarc/cgi"
  ---------------------

  For Mod_Perl add:
  --------------------
  PerlModule Apache::Registry
  KeepAlive Off
  Alias /dm /usr/local/demarc/cgi
   <Location /dm>
      SetHandler perl-script
      PerlHandler Apache::Registry
      Options ExecCGI
      allow from all
      PerlSendHeader On
      DirectoryIndex demarc
   </Location>
  --------------------
Note: You should only put ONE of the above two sections into your 
      httpd.conf file depending on whether you are using mod_perl
      or not.
  --------------------


 Finally you will need to restart Apache.

 In your shell:
 --------------------
 /usr/local/www/bin/apachectl stop
 /usr/local/www/bin/apachectl startssl
 ---------------------

 Demarc can therefore be accessed in either setup option via:

 https://yourhost.com/demarc

-------------------------------------------

Installing Demarc Console:

 Make sure the demarc script in the new directory is executable
 by the user the webserver runs as...  and the perl modules are
 readable by the same user, if in doubt, just issue:

# chmod 644 /usr/local/demarc/cgi/DEMARC_config.pm
# chmod 644 /usr/local/demarc/cgi/StaticServices.pm
# chmod 755 /usr/local/demarc/cgi/demarc
# chmod -R 644 /usr/local/demarc/cgi/templates
# chmod  755 /usr/local/demarc/cgi/templates


 Edit your "/usr/local/demarc/cgi/DEMARC_config.pm" file and insert your database information
 in place of the defaults it ships with, also change the value for "monitor_sid" to the snort
 SID that the monitor is being run from.  If in doubt, leave it as the default and you shouldn't
 have any problems.

 There are also paths to system binaries and other configuration options in there.
 For now, you could probably ignore everything else, and only return to it if you
 experience problems during install.

 If you followed the directions from above you'll be fine putting those credentials here, however
 if you are using an existing DB user, make sure the user has INSERT, SELECT, DELETE, and UPDATE.


---------

 You can run Demarc over HTTP, however it is a high security risk and not
 recommended. Demarc will alert you if it's not running over HTTPS
 you can bypass it by setting the following flag in the Demarc script:

 $conf{'bypass_admin_lockout_on_no_ssl'}  = 1;

 You can enable "anonymous" access which will allow anyone to log
 in to monitor the system, but carries with it no admin privileges, by
 setting the flag in the Demarc script:

 $conf{'allow_anonymous_access'}          = 1;

 If for some reason the default login (below) doesn't work for you, you can
 enable anonymous access as show above. Then *temporarily* make the anonymous
 user an admin by setting the flag in the Demarc Script:

 $conf{'anonymous_user_is_admin'}         = 1;

 This is a heavy security risk. Only use this to reset the admin password and
 then changed back.

 At this point you should be able to log in:
 https://your_domain.com/demarc
  default username: admin
  default password: my_DEMARC
 NOTE: Change these as soon as you login! (under "Configure")

-------------------------------------------



