...
Dependencies are checked and if not present, can be installed by the installer script.
Installing / Upgrading
All commands should be run as root (you can "sudo su" on Ubuntu).
When an upgrade is performed, Your database will NOT be upgraded. You will need to log on to Open-AudIT - when you do you will be prompted to upgrade it.
NOTE - Any commands that have <SOMETHING> in them require that you substitute <SOMETHING> for the appropriate value. For example, if your server's hostname is 'vali', and the command states echo "<HOSTNAME>" >> somefile.txt you should type echo "vali" >> somefile.txt. The specific value of <HOSTNAME> refers to the hostname of your server.
<HOSTNAME> can be obtained by running the command 'hostname'.
All steps below require the tarball to be copied to /tmp, extracted and then the install script (installer) run from that directory.
CentOS / RedHat considerations
CentOS and RedHat may require some items set outside of the installer script. These will be added to the installer in a future version.
SELinux
If SELinux is installed and running, you will need to disable it.
To stop SELinux run the command
Code Block | ||
---|---|---|
| ||
setenforce 0 |
To ensure it does not start after a reboot, edit the file /etc/sysconfig/config and change the line
SELINUX=enforcing
to
SELINUX=permissive
ipTables
ipTables is installed, active and blocks all ports except port 22 by default. You can disable ipTables completely or allow only port 80.
To disable ipTables completely, run the following commands:
Code Block | ||
---|---|---|
| ||
service iptables stop |
then stop it from starting with
Code Block | ||
---|---|---|
| ||
chkconfig iptables off |
To allow only port 80, run the following commands:
Code Block | ||
---|---|---|
| ||
cd /tmp
tar xf OAE-Linux-x68_64-release_1.4.tar.gz
cd Open-AudIT-1.4.0
./installer |
CentOS / RedHat considerations
CentOS and RedHat may require some items set outside of the installer script. These will be added to the installer in a future version.
SELinux
If SELinux is installed and running, you will need to disable it.
...
iptables -I INPUT 5 -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT |
and then save it
Code Block | ||
---|---|---|
| ||
setenforce 0 |
To ensure it does not start after a reboot, edit the file /etc/sysconfig/config and change the line
SELINUX=enforcing
to
SELINUX=permissive
ipTables
ipTables is installed, active and blocks all ports except port 22 by default. You can disable ipTables completely or allow only port 80.
To disable ipTables completely, run the following commands:
Code Block | ||
---|---|---|
| ||
service iptables stop |
then stop it from starting with
Code Block | ||
---|---|---|
| ||
chkconfig iptables off |
...
service iptables save |
Installing / Upgrading
All commands should be run as root (you can "sudo su" on Ubuntu).
When an upgrade is performed, Your database will NOT be upgraded. You will need to log on to Open-AudIT - when you do you will be prompted to upgrade it.
NOTE - Any commands that have <SOMETHING> in them require that you substitute <SOMETHING> for the appropriate value. For example, if your server's hostname is 'vali', and the command states echo "<HOSTNAME>" >> somefile.txt you should type echo "vali" >> somefile.txt. The specific value of <HOSTNAME> refers to the hostname of your server.
<HOSTNAME> can be obtained by running the command 'hostname'.
All steps below require the tarball to be copied to /tmp, extracted and then the install script (installer) run from that directory.
Code Block | ||
---|---|---|
| ||
iptablescd -I/tmp INPUTtar 5xf OAE-i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT |
and then save it
Code Block | ||
---|---|---|
| ||
service iptables saveLinux-x68_64-release_1.4.tar.gz cd Open-AudIT-1.4.0 ./installer |
Apache Proxy Config on RedHat
...