Packetfence

Packetfence Installation on Gentoo Linux
Packetfence (PF) was written to run on Redhat-derived Linux distributions. Due to this, the installer assumes certain things that are not relevant to installing on Gentoo systems. To get around this, the installation process is manual.

This guide is based on a fresh gentoo installation. When in doubt, there's always the gentoo forums for non-pf support and revdep-rebuild (part of the gentoolkit package)

Prerequisites
When building your PF base, make sure to include iptables in your kernel configuration. You can build iptables directly into the kernel; it doesn't need to be a module.

These are the USE flags I use:

USE="x86 -oss -avi -berkdb -cups -kde gnome -mpeg -qt -quicktime ssl X mysql ldap apache2 snmp perlsuid ithreads logrotate gd"

You will be re-emerging perl and libperl to enable the suid support. It will complain at you, but you can ignore this.

Base packages
PF is dependant on certain external packages. These need to be installed first.

Emerge the following packages:
 * perl
 * libperl
 * Time-HiRes
 * Config-IniFiles
 * Net-Netmask
 * Parse-RecDescent
 * Net-RawIP
 * CGI
 * DBD-mysql
 * libwww-perl
 * php
 * iptables
 * snort
 * nessus (optional)

Do this from one emerge line, but it's best to check what will be installed first to make sure it's correct:

If the output looks good, type 'yes' and hit enter.

Now install perl modules from the CPAN shell:
 * Date::Parse
 * IPTables::IPv4
 * Term::ReadKey

If you wish to use Nessus, install the following perl modules as well


 * IO::Socket::SSL
 * Net::Telnet
 * Net::Nessus::Client
 * Net::Nessus::Message
 * Net::Nessus::ScanLite

Start the shell with:

Or

If this is the first time cpan has been run, follow the setup dialogs. If you find that you don't have a particular utility, like gpg, ncftp, ftp, etc. it might be in your best interest to ^c out of there and emerge them accordingly. While not all of them are required, there's a reason why it asks for them, better safe than sorry.

Then from the cpan shell, type install  .

Installation
Now we can begin the installation. Download the latest tarball of PF, and extract it. Place the extracted files into /usr/local/pf.

Add group pf:

Add user pf:

MySQL will probably be in it’s default state (no DBs, not started). The following commands will set it up completely.

You can also use:

You will now be in the MySQL command line. Now we create the tables and privileges.

mysql> CREATE DATABASE pf; mysql> GRANT SELECT, INSERT, UPDATE, DELETE, LOCK TABLES on pf.* TO ‘pf’@’%’ IDENTIFIED BY ‘password’; mysql> GRANT SELECT, INSERT, UPDATE, DELETE, LOCK TABLES on pf.* TO ‘pf’@’localhost’ IDENTIFIED BY ‘somepassword’; mysql> exit

Now the tables are ready, we can import the table schema:

An easier way is to install phpmyadmin, and start apache2 on a different port. Then it can be used to administer the DB much more easily.

Create an administrative user for PF Admin, and set its password.

Since gentoo keeps its startup scripts in /etc/init.d/ modify line 14 of /usr/local/pf/packetfence.init look like this:

Now copy the script over to your init.d folder

Configuring Packetfence
Gentoo places some files in different places, and uses different names for some binaries. As a result, some configuration files have to be changed.

Run the PF configurator and follow the prompts

Edit the generated pf.conf. Look for the lines referring to the binaries for snort and Apache, and add the following lines or modify them to read:

pf.conf

Edit /usr/local/pf/conf/templates/httpd.conf. In the first main server section, add the following line: /usr/local/pf/conf/templates/httpd.conf

If you have installed php 5, you will need to also modify the following lines: /usr/local/pf/conf/templates/httpd.conf

Remove the comment from the php5 line, and add one to the php4 line.

Further PHP configuration
Make certain that in your /etc/php/apache2-php5/php.ini file you have the following set: /etc/php/apache2-php5/php.ini

Packetfence should now be ready to be started! (avoid hitting your head against the wall. If you have iptables compiled as modules make certain the ip_tables module is loaded.)

Common problems
When after re-emerging perl and liblerl, you might get a couple errors with mysql and the DBD module. I solved this by remerging mysql. To fix the DBD error re-emerge the DBI package.