Open Anonymity
How it works
Diploma Thesis
Thesis: Open Anonymity - Anonymity in indicated data networks

Used Components:

You will need the following components installed at the end:

Core Components(tested version in brackets)
OS: Win / Linux (Linux RedHat 8.0 is prefered in this Installation Guide)
PostgreSQL(7.2.2) or MySQL or Oracle (PostgreSQL is prefered in this Installation Guide)
libdbi (0.6.5-2)
Apache Webserver 2.x (2.0.45)
Open Anonymity

Additional Components
Cygwin (for PostgreSQL under Windows)
phpPgAdmin (2.4.2) for a convenient access to the PostgreSQL - DB (you could also use psql)
PHP (4.3.2RC2) for the phpPgAdmin and the Test Environment for Open Anonymity

Components for Untrusted Mode (means Captcha Test)
The Gimp (only for Captchas)
Gimp Perl extension (1.211) (only for Captchas)
perl (5.8.0) (only for Captchas)

Step by Step Installation Instructions:

1. PostgreSQL Installation: PostgreSQL installation under Linux is very easy, as there are all RPM's in most of the distributions. Simply install the RPM's from the CD, if not done so far. Maybe you will need to install the PostgreSQL devel or src package, because it's not done in the standard RedHat Installation. We will need this package for libdbi later. If you want to install from sources, check details at PostgreSQL. Here are some details from my system, i have this packages installed (checked with: rpm -q --filesbypkg --all >/var/tmp/mypackages.txt, then grep for postgres): postgresql, postgresql-server, postgresql-libs

2. libdbi Installation: As with PostgreSQL, this installation is easy with rpm's. Don't try to compile it from sources, besides you really know what you are doing. It costs me half a day. You will need libdbi-0.6.5-2.i386.rpm, libdbi-dbd-pgsql-0.6.5-2.i386.rpm (For Mysql it is something similar with libdbi-dbd-mysql...) and libdbi-devel-0.6.5-2.i386.rpm (replace it with your prefered version)You will need all three of them when you want to compile the apache module. I guess you don't need the devel package when you use Open Anonymity from .so file. Only for interest, some important dirs of libdbi are /usr/include/dbi/ , /usr/lib/libdbi.so (and .la,.a), and /usr/lib/dbd/ . Maybe you should check this dirs for a working installation.

3. Apache Installation: You will need one of the 2.x versions, support for older versions (1.3.x) is not available in Open Anonymity. You have to download the Sources(2.0.45 for example), and follow the installation instruction provided by apache. A good step by step instruction could also be found at http://www10.brinkster.com/ssruprai/comphp.asp, you can also use it later for PHP Installation

4. phpPgAdmin: It could be usefull to have the phpPgAdmin installed, download and install it from http://phppgadmin.sourceforge.net/.

5. PHP Installation: For the phpPgAdmin you will need PHP installed. I have decided to install it from sources, can't remember why. Maybe there is no possibility at the moment to install from rpm for apache 2.x. For a good installation instruction go to http://www10.brinkster.com/ssruprai/comphp.asp.

6. The Gimp Installation: The Gimp is part of the standard installation with RedHat 8.0, so i will not describe (or i can't) how to install it. But the Gimp Homepage can tell you details. You will also need the devel Package for gimp, later for the Perl extensions fo gimp.

7. Perl: Download and install a newer version of perl if needed. Check perl-Version with perl -v , you will need Perl5.004 or higher, as recommended for perl extensions for gimp

8. Perl Extensions for Gimp: Download the sources(i used Gimp-1.211.tar.gz) from CPAN and follow the installation instructions.

Setting up the System - Step by Step:

1. Start PostgreSQL: in the shell, make a "su postgres", then start it with "/usr/bin/postmaster -i -D/var/lib/pgsql/data/". Change the path to something appropriate on your system. The -i command is only needed for TCP/IP connections. Try to connect with the phpPgAdmin, if connection fails try to edit the pg_hba.conf and the config.inc.php in the phpPgAdmin directory, take a look at point 3 in this Guide.
Necessary parts are:

In pg_hba.conf (This is a very liberal configuration, watch out for security leaks):

local all all     trust
host all all trust

In config.inc.php(be sure the user/pass exist for postgres, check it with psql, if not sure):

$cfgServers[1]['local'] = false;
$cfgServers[1]['host'] = 'localhost';
$cfgServers[1]['port'] = '5432';
$cfgServers[1]['adv_auth'] = false;
$cfgServers[1]['user'] = 'opan01';
$cfgServers[1]['password'] = 'opan01';
$cfgServers[1]['only_db'] = '';

2. Start Apache: Type in "apachectl start"

3. Make a test - connect to Database: Try to connect to the DB with phpPgAdmin. phpPgAdmin should be located at the htdocs-dir of apache. Connect to the URL http://your.host/phpPgAdmin/. If connection fails, try to edit the pg_hba.conf file of PostgreSQL.

4. Make DB and Table(s): Make a new DB with name "openanonymity"(or whatever you want, you can configure it in httpd.conf later), recommended with phpPgAdmin. Take the DB dump and make the table named "anonymizelist". Edit the data as needed for your system. Insert new values for directories and anonymize words with phpPgAdmin, "dir" specifies the relative path from the htdocs dir (e.g. http://your-host/opan/ would be "/opan/"), anonymize specifies one word to anonymize in this directory. Make a new User / Password for Open Anonymity.

5. Compile Open Anonymity Modules: Get the sources from Open Anonymity's Sourceforge Page or from Sources(maybe out of date), for both modules. You should have one file called "mod_opan_filter.c" and one called "mod_opan_xml_producer.c". Check the path to apxs if not available from everywhere and cd to the Open Anonymity source directory. type in the following (and stop apache before):

apxs -a -i -l dbi -c mod_opan_xml_producer.c
apxs -a -i -c mod_opan_filter.c

apxs is an apache application that will register the modules for the usage with Apache Webserver. It will add some lines to httpd.conf and will copy the produces .so files into the apache lib-dir. It will add

LoadModule opan_filter_module libexec/mod_opan_filter.so
LoadModule opan_xml_producer_module libexec/mod_opan_xml_producer.so

in the httpd.conf.

6. Make changes to httpd.conf: You should add the following Lines at the end of httpd.conf

<IfModule mod_opan_filter.c>
  OpenAnonymitySearchPatternStart "<anonym>" Name of Tagto search in Response
  OpenAnonymitySearchPatternStop "</anonym>" Closing Tag
  OpenAnonymityXMLFileName "openanonymity.xml" Name of all Files located in the directories that holds data for both Filters
  OpenAnonymityTrustMethod on on ...Check for Cookies, dont trust the Signature
off ... Trust the signature and only act for Spiders as defined in OpenAnonymitySpiders.conf
  Include /usr/local/etc/apache2/OpenAnonymitySpiders.conf The List with the Signatures of Spiders (Get an example file)
<IfModule mod_opan_xml_producer.c>
  SearchPatternStop "</anonym>" hmm, residual waste, isnt used, but somewhere defined
  XmlFileName "openanonymity.xml" see above(has to be the same than for Filter Module)
  DBConnect on make a DB connect for every request or not. If set to off, you can edit the config.list- Node in openanonymity.xml files manually.
  DBLocalize "localhost" "openanonymity" Name of the host where the database is located, and name of the database
  LibDbiControl "pgsql" "/usr/lib/dbd/" Specify which DBMS is used, pgqsl is recommended and tested, otherwise it would be mysql or oracle.
  DbAuthorization "opan01" "opan01" username and password to use for DB-connection

You should also add a line into httpd.conf to suppress the delivery of the openanonymity.xml files. Add
<FilesMatch "\openanonymity.(xml)$">
deny from all

7. Copy default openanonymity.xml files: Get the openanonymity.xml.def file from Open Anonymity's Sourceforge Page or from here, rename it to openanonymity.xml and copy it into all directories you want to anonymize(and you have entries in the DB). This step shouldn't be necessary in the future, for now it is the only way to get OpenAnonymity working.

8. Start The Gimp: For the Turing Test with Captchas you will have to run Gimp.If you don't have a graphical Interface like KDE, you will have to try Xvfb. Unfortunately Gimp is a very complex environment for this few functions, you will need to do a few things. First, you will have to start Gimp as the same user than apache runs. In my case it was www. Check this in the httpd.conf. Make a new user www (or appropriate), after that type in "su www", start gimp by typing "gimp". Then gimp starts, go to MenuItem Xtns, Perl, click on server. Now the Gimp-Perl-Server should run, so you can connect to it from the ez-gimpy perl script.

9. Install Test Environment for Open Anonymity: This is optional, because all functionality is described here and you can start with your own files and DB entries. When youo chose to get the sources from Open Anonymity's Sourceforge Page for the TestEnvironment, you will have to ensure that there are correct entries in the DB for the used directory structure. But you can get a working (and changed) ez-gimpy Perl Script, a Shell Script for calling this perl script() and the necessary ez-gimpy files(dictionary, fonts, image-file). Or get it as package here.
You will have to modify the path' in ez-gimpy Perl Script to something appropriate on your system

$whitesmall_full_path="/usr/local/ez-gimpy/whitesmall.tif"; # path and name of the image-file
$dictionary_full_path="/usr/local/ez-gimpy/dictionary"; # path and name of the dictionary
$font_file_full_path="/usr/local/ez-gimpy/fonts"; # path and name of the fonts
$output_image_full_path="/usr/local/share/apache2/htdocs/opan/$fname.jpg"; # path and name of the image to create, $fname is passed by the Shell Script, leave this untouched.

The Shell Script is called by php(captcha.php) with a line like

$rtnval = shell_exec("cd /usr/local/ez-gimpy/;./OpanGimpy sdf");

change the cd command to a path appropriate to your system. "sdf" is the name of the created image file (sdf.jpg).

Also watch out for absolute URL's in the scripts (make a grep command for I also get some problems with ez-gimpy, when the path to the image to create was to long.