-------------------------------------------

DEMARC Network Security Monitor 

       ::Upgrade Document::

Website: http://demarc.org/
Updated: November 04, 2001

 DEMARC 2000-2001, DEMARC Organization

-------------------------------------------


[Step 1: Unpack DEMARC]
-----------------------------------------
Home: http://demarc.org/
Source: http://demarc.org/downloads/

 In your shell:
 ------------------
 tar fxvz demarc-<version>.tar.gz

##########################
# Upgrading from DEMARC 1.04.XX:

 mv demarc-<version> /usr/local/demarc

##########################
# Upgrading from DEMARC 1.05-RC1 , DEMARC 1.05-RC2, or DEMARC 1.05-RC3:

You can keep the same conf files that you modified for 1.05-RCx,
but you will need to copy over the newest versions of the following files:

 cd demarc-<version>
 cp bin/demarcd /usr/local/demarc/bin/
 cp cgi/demarc /usr/local/demarc/cgi/
 cp cgi/stub_traffic_file /usr/local/demarc/cgi/
 cp cgi/templates/* /usr/local/demarc/cgi/templates/
 cp images/* /usr/local/demarc/images/

Make sure that the first line of the "demarc" and "demarcd" files
you just copied have the correct path to the perl interpreter on
your system. This usually does NOT need to be changed from the
default "#!/usr/bin/perl" though.

You will also need a new "tmp" directory under "/usr/local/demarc"
and it will need to be readable/writable by the owner of webserver.
Assuming the user is "nobody", you can do this as follows:

 mkdir /usr/local/demarc/tmp
 chown nobody /usr/local/demarc/tmp
 chmod 700 /usr/local/demarc/tmp

*If you don't know who the webserver runs as, you can get by by doing the
following, but it IS insecure and we recomend against it!:

 mkdir /usr/local/demarc/tmp
 chmod 777 /usr/local/demarc/tmp


-----------------------------------------

[Step 2: Patching the MySQL Database Schema]
-----------------------------------------

 If you are upgrading from DEMARC 1.05-RC2 or RC3, you can skip this step.

 Upgrading from DEMARC 1.04.XX
 -----------------------

 From /usr/local/demarc/install run "./patch_db.pl"

 It will prompt you for DB host, username, password, and db name, etc.
 Please make sure the DB user specified  has enough privileges to alter
 the database schema - the default snort user does not, so a good choice
 would be "root".

 Select "1" when asked:
 >Which previous version of DEMARC are you upgrading FROM?
 >
 >1) 1.04.XX
 >2) 1.05-RC1
 >3) I just upgraded to snort 1.8.2

 It will then run the queries against your current DB schema.


 Upgrading from DEMARC 1.05-RC1
 -----------------------
 From /usr/local/demarc/install run "./patch_db.pl"

 It will prompt you for DB host, username, password, and db name, etc.
 Please make sure the DB user specified  has enough privileges to alter
 the database schema (the default snort user does not).

 Select "2" when asked:
 >Which previous version of DEMARC are you upgrading FROM?
 >
 >1) 1.04.XX
 >2) 1.05-RC1
 >3) I just upgraded to snort 1.8.2

 It will then run the queries against your current DB schema.


[Step 3: Apache Preparation]
-------------------------------------------

 #########################
 NOTE:
 There are slight differences from the 1.04-XX releases, so this section
 exists here in the UPGRADE document, however if you are upgrading from
 1.05-RC1 or 1.05-RC2 you can skip this step.
 #########################


 Apache is the only supported webserver at this time, however that does not
 mean it won't work on other web servers. In fact, there's no real reason for
 it not to run on any server that runs perl scripts, however we've only
 tested it on Apache. If you test it on another webserver, please send us an
 email with the details.

 DEMARC will run much faster when using mod_perl, and is optimized for use with
 mod_perl, however it will run perfectly with regular Perl as well, just a
 little slower. If you are using Virtual Hosts place the following between your
 <VirtualHost ...></VirtualHost> tags, otherwise place at the bottom of your
 httpd.conf file (located in "/usr/local/www/conf/" if you followed the supplied
 instructions). Replace your_domain with your actual domain name.

  In your httpd.conf:
  -------------------
  Redirect /demarc https://your_domain.com/dm/demarc
  Alias /dm_images "/usr/local/demarc/images"
  <Directory "/usr/local/demarc/cgi">
    AllowOverride all
    DirectoryIndex demarc
  </Directory>
  --------------------

  For regular Perl add:
  --------------------
  ScriptAlias /dm "/usr/local/demarc/cgi"
  ---------------------


  For Mod_Perl add:
  --------------------
  PerlModule Apache::Registry
  KeepAlive Off
  Alias /dm /usr/local/demarc/cgi
   <Location /dm>
      SetHandler perl-script
      PerlHandler Apache::Registry
      Options ExecCGI
      allow from all
      PerlSendHeader On
      DirectoryIndex demarc
   </Location>
  --------------------
Note: You should only put ONE of the above two sections into your
      httpd.conf file depending on whether you are using mod_perl
      or not.
  --------------------


 Finally you will need to restart Apache.

 In your shell:
 --------------------
 /usr/local/www/bin/apachectl stop
 /usr/local/www/bin/apachectl startssl
 ---------------------

 Demarc can therefore be accessed in either setup option via:

 https://yourhost.com/demarc

-------------------------------------------

[Step 4: Upgrading Demarc Console]
-------------------------------------------

 Make sure the demarc script in the new directory is executable
 by the user the webserver runs as...
 If in doubt, just issue:

 chmod 755 /usr/local/demarc/cgi/demarc
 chmod -R 644 /usr/local/demarc/cgi/templates
 chmod  755 /usr/local/demarc/cgi/templates


-------------------------------------------


[Step 5: Upgrading Demarc Client]
-------------------------------------------

 #Upgrading from 1.05-RC1,RC2, or RC3:

 Simply make sure the demarcd file is executable only by root and then run the
 demarcd client as before.

ie:
  In your shell:
  ---------------
   chown root /usr/local/demarc/bin/demarcd
   chmod 700 /usr/local/demarc/bin/demarcd

   demarcd [-i <interface_name>]
  ---------------

 You can type "demarcd -g" (new switch) to make sure that it is running. If all went well
 it will show you the "DEMARC Client" process and the snort process running.

 If you should need to stop the client simply type "demarcd [-i <interface_name>] -k" in your shell.

 #Upgrading from 1.04-XX

 Please read the "Installing Demarc Client" section in the INSTALL document.

-------------------------------------------


[Final Notes]
-------------------------------------------

 First place to check for errors with the client is by typing "demarcd -D" to put it
 into debug mode.  This will stay in the foreground and all debugging info
 will be piped to STDOUT.

 If you're getting an "internal server error", check the httpd error log first. If
 you still can't figure it out, submit the question to the General Users mailing list
 at http://lists.demarc.org/ and include any applicable errors from the error log.

 Your comments and suggestions help, please send them to suggest@demarc.org

-------------------------------------------

