This document describes how to intall GrIDS on your system.  Since we are
still in the very early stages of off-site GrIDS distribution there will 
probably be many initial questions.  

    Please direct questions to rowe@cs.ucdavis.edu

Requirements:

   Perl 5.004
   PerlTk for the GUI
   Solaris 2.5 or greater to run the tcpdump binary
   rsh trust relationship to start distributed processes

Installation:

1) Unpack the distributed tar archive

  tar -xvf grids.tar

to make the following subdirectories

 ./grids/bin               - contains the tcpdump binary and bitmaps 
                             for the gui
 ./grids/common            - perl packages used by all modules ( e.g. 
                             communications, logging, host and department 
                             objects )
 ./grids/engine            - core packages implementing the main graph 
                             building engine
 ./grids/module_controller - program that must be run on each host. Starts and
                             stops all GrIDS software modules.
 ./grids/ohs               - Organization Hierarchy Server. Maintains the 
                             authoritative view of the GrIDS hierarchy and 
                             grants/denies permission to make modifications
 ./grids/rule_functions    - Perl functions used by rulesets
 ./grids/rulesets          - rulesets defining how incoming reports are
                             incorporated into graphs and when graphs represent
                             attacks.
 ./grids/sm                - Software Manager. Manages all modules current
                             running in a department.
 ./grids/sniffer           - Perl wrappers for datasources
 ./grids/user_interface    - Modules and scripts for intracting with GrIDS.
                             GrIDS tartup, shutdown and modification is done 
                             here.

2) Define the following environment variables 

   GRIDSPATH  - grids directory created when unpacking the tar archive
   PERLLOC    - location of the Perl 5.004 binary
   TCPDUMPLOC - location of the GrIDS tcpdump binary. Usually this is 
                simply $GRIDSPATH/bin

3) Set-uid root on the tcpdump binary.

   Normally, ordinary users don't have permission to monitor the network
   interface via tcpdump.  A solution is to set the ownership of tcpdump to
   root and set the permission bit to run as the owner.
   To obviate the security risk that this entails, allow only members
   in the same group as tcpdump's to execute the tcpdump binary.
   It's convienient to create a special group for this file and add users 
   authorized to monitor network traffic.

   % chown root tcpdump
   % chmod 4750 tcpdump
   % chgrp monitor tcpdump
   
4) Allow rsh commands from the host where GrIDS is launched.  

   All hosts monitored by GrIDS will need to run at least one perl process; a
   module controller, and possibly more.  For convienience, all distributed 
   processes are launched from a single host.  This is currently done via the
   rsh command.  This requires a valid user account on each machine with
   an entry in it's .rhosts file allowing the launch host to execute the rsh 
   command there.

5) Run GrIDS

   Starting, stopping and modification of a GrIDS session is done using the
   the perl script,

     $GRIDSPATH/user_interface/grids

   The initial configuration of hosts into a hierarchy of departments is
   specified in the file,

     $GRIDSPATH/user_interface/grids.db
   
   Once GrIDS is started and running, a PerlTk GUI controller and attack 
   reporter can be found in

     $GRIDSPATH/user_interface/ui.pl

   Additional information about running GrIDS can be found in the GrIDS
   User Guide.

Direct questions and comments to rowe@cs.ucdavis.edu


