================================ PyFLAG Installation instructions ================================ PyFlag is shipped with an autoconf build system. For most systems you should be able to do: ./configure make make install On Debian this installs pyflag into /usr/local/: /usr/local/bin /usr/local/lib/pyflag /usr/local/share/pyflag /usr/local/lib/python2.5/site-packages/pyflag -------------- Pre-Requisites -------------- The following pre-requisites are required. Debian/Ubuntu package names are shown in brackets. build environment (build-essential) python dev files (python-dev) libz (libz-dev) libmagic (libmagic-dev) MySQLdb (python-mysqldb) PIL (python-imaging) pexpect (python-pexpect) dateutil (python-dateutil) urwid (python-urwid) If the database server will be on the same box: mysql server (mysql-server) The following optional dependancies enable additional features: geoip (libgeoip-dev) for Maxmind GeoIP support. libjpeg (libjpeg62-dev) for Advanced JPEG Carving support. afflib for AFF image support. libewf for EWF (Encase E01) image support. clamd (clamav-daemon) for Virus Scanning support. --------- Database Setup --------- Database setup is handled automatically by pyflag when it is first run. To make mysql aware of timezone information (recommended), use the script which comes with mysql. e.g.: mysql_tzinfo_to_sql /usr/share/zoneinfo/ | mysql -uroot -p mysql ---------- Run PyFlag ---------- Run pyflag with: pyflag (For help on command line parameters try pyflag --help) Run the pyflag shell (pyflash) with: pyflash ================= Optional Features ================= The following steps are recommended to do prior to using Flag. 1) Flag may use the NSRL when loading new filesystems. If you have the NSRL ISOs, you can mount them somewhere and then use the utilities/NSRL_load.sh script to load the NSRL into the database. 2) Flag can download the whois databases for use when displaying IP addresses. By Downloading the whois databases its possible to do very fast whois lookups on every IP in imported logs and then see the contact details for each network owner. ================= Debug/Development ================= If you want to tinker with the source you should probably install to a different location (so you don't need to be root to edit files). The scripts in the test directory are set-up to work with this install process: (first ensure you have darcs, autoconf, automake and libtool) darcs get http://www.pyflag.net/pyflag cd pyflag ./autogen.sh ./configure --prefix=/var/tmp/build/pyflag make make install Now run pyflag and pyflash like: ~/pyflag/tests$ ./pyflag ~/pyflag/tests$ ./pyflash