Notes for installing WebNAG on SUSE 10.3.
Last update: 2009-06-02
Prepared by Dan Scott.

* Install Suse 10.3

* Install WebNAG from Eyers' website.
  Instructions are provided for Debian distributions at,
  http://www.cl.cam.ac.uk/~dme26/proj/WebNAG/INSTALL0.3.html
  Exceptions to these instructions are noted below:

+ Apache2
  * /etc/apache2/uid.conf
    - User nag
    - Group www-data
  * /etc/apache2/listen.conf
    - Listen 80
    - Listen 8080
  * /etc/apache2/sysconfig/apache2
    APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation proxy proxy_http proxy_connect mod_cache headers deflate  rewrite setenvif ssl suexec userdir php5 ucam_webauth "
+ Perl Scripts
  All *.pl used by webnag scripts need to have following :-
    use lib '/home/nag/perl';
    use nagcommon;
  Except for permitClient.pl, and blockClient.pl
+ Webnag Firewall Settings
  /etc/init.d/nagFirewall.sh
    IPTABLES=/usr/sbin/iptables
    PERL5LIB=/home/nag/perl /home/nag/perl/setupNAGiptables.pl
  /home/nag/perl/setupNAGiptables.pl
    my $OKPortsTCP = " -m multiport --destination-port www,https,ssh,imaps,telnets,pop3,pop3s,imap2,smtp,ftp,netbios-ssn,microsoft-ds";
    my $OKPortsUDP = " -m multiport --destination-port www,https,ssh,imaps,telnets,pop3,pop3s,imap2,netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds";

+ Check that following calls to iptables in both permitClient.pl and blockClient.pl use sudo:
    system "sudo","/usr/sbin/iptables"

+ Changed permissions
  chmod 755 /home/nag/perl
  chmod 750 /home/nag/sessions
  chmod 750 /home/nag/public_html

+ Setup sudo so that iptables is run as root by the above Perl scripts.
  
  (Dan provided GUI screen-shots that I've retyped as text. Of course you can set up sudo from the command line if that's how you usually do it)

  GUI-wise, in Yast2, set:

  * User Specification:
    Users  Hosts  RunAs   NOPASSWD  Commands
    WWW    ALL    (ROOT)  Yes       IPTABLES

  * User Aliases:
    Alias Name  Members
    NAG         nag
    ROOT        root
    WWW         %nobody,nobody,%nag,%www-data,nag,%www,wwwrun,%public

  * RunAs Aliases:
    Alias Name  Members
    NAG         root
    ROOT        root
    WWW         root

  * Command aliases
    Alias Name  Commands
    IPTABLES    /usr/sbin/iptables