Table of Contents |
---|
Requirements
Root level access to the Linux server.
Basic Linux knowledge.
A 64bit linux server running one of - RedHat 6, Centos 6, Debian 6 or 7, Ubuntu 12.04 or 14.04.
Description
As at version 1.3.1 of Open-AudIT on 16th May, 2014 (for RedHat / Centos installs only at this stage), an installation script is now shipped in the tarball. This script can perform installs, upgrades, backups, restores, uninstalls and check for install dependencies. How to perform all of the above is detailed below. The script will log it's commands to the file /tmp/install.log. If your install fails, this log will provide valuable information as to why.
NOTE - Any commands that have <SOMETHING> in them require that you substitute <SOMETHING> for the appropriate value. For example, if your server's hostname is 'vali', and the command states echo "<HOSTNAME>" >> somefile.txt you should type echo "vali" >> somefile.txt. The specific value of <HOSTNAME> refers to the hostname of your server.
All commands should be run as root (you can "sudo su" on Ubuntu). All steps below require the tarball to be copied to (preferrably) /tmp, extracted and then the install script (install.pl) run from that directory.
Code Block | ||
---|---|---|
| ||
cd /tmp tar xf OAE-Linux-x68_64-release_1.3.1.tar.gz |
Installation on a new server
To install Open-AudIT on a new server (which does not have an existing Open-AudIT installation) perform the following steps (after copying and extracting the tarball as above):
...
To access the application, go to http://<YOUR_SERVER><HOSTNAME>/omk/oae and you will see a logon screen.
Upgrade on an existing server
To upgrade an existing installation of Open-AudIT perform the following steps (after copying and extracting the tarball as above):
...
Your database will NOT be upgraded. You will need to log on to Open-AudIT - when you do you will be prompted to upgrade it. Go to http://<YOUR_SERVER><HOSTNAME>/open-audit/index.php/main/list_groups/0
Backup
...
an existing installation
To backup an existing installation perform installation without installing or upgrading, perform the following steps (after copying and extracting the tarball as above):
...
The script will confirm you wish to take a backup of your existing files and data. If you answer 'y', a tarball will be created in /tmp named open-audit_backup-YYYY-MM-DD-HHMM.tar.gz Where YYYY is the year, MM is the month, DD is the day, HH is the hour and MM is the minute. Included in this backup will be the install script itself so a restore is as simple as an install or upgrade. See below for further details.
Restore a backup
To restore a backup taken previously by the script, perform the following steps (after copying and extracting the backup file as aboveto /tmp):
Run the script by entering the command
Code Block | ||
---|---|---|
| ||
cd /tmp
tar xf open-audit_backup-YYYY-MM-DD-HHMM.tar.gz
./install.pl restore=y |
You will be prompted for your MySQL root user credentials. Any existing Open-AudIT files and database will be removed from the server (if they exist). The backed-up files will be restored to the server, the daemon reinstalled installed and configured, the database restored and the daemon started.
Uninstalling
To uninstall Open-AudIT and delete all data perform the following steps (after copying and extracting the tarball as above):
Run the script by entering the command
Code Block | ||
---|---|---|
| ||
./install.pl uninstall=y |
The script will offer to provide a backup of the existing files and data (as per above) and then confirm that you do wish to uninstall Open-AudIT. If you answer 'y', the files will be deleted, the daemon removed and the database and database user dropped.
Checking Dependencies
To check the dependencies are installed without actually installing perform the following steps (after copying and extracting the tarball as above):
...
The script will run, check the dependencies are installed and inform you if they are or provide information on which packages are not and offer the commands for you to install them.
Uninstalling
To uninstall Open-AudIT and delete all data perform the following steps (after copying and extracting the tarball as above):
Run the script by entering the command
Code Block | ||
---|---|---|
| ||
./install.pl uninstall=y |
The script will offer to provide a backup of the existing files and data (as per above) and then confirm that you do wish to uninstall Open-AudIT. If you answer 'y', the files will be deleted, the daemon removed and the database and database user dropped.
...
Installing Dependencies
The check dependencies option above should inform you which packages are missing from your system. To install these packages follow the instructions below as appropriate for your operating system.
Installing Dependencies for RedHat 6 / Centos 6 servers
The complete list of packages required by a RedHat/Centos install are - mysql, mysql-server, httpd, php, php-cli, php-mysql, php-ldap, php-mbstring, php-mcrypt, php-process, php-snmp, php-xml, nmap, zip, curl, wget, sshpass, screen, samba-client, winexe.
Ensure your package manager is up to date
Code Block | ||
---|---|---|
| ||
yum update |
You will need an external repo to install some items. Enable the repo
Code Block | ||
---|---|---|
| ||
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm |
Install the missing dependencies by copying and pasting the output from the script "yum install package1 package2 etc etc".
If you have not already, download the appropriate 'winexe' package from the repository at http://download.opensuse.org/repositories/home:/ahajda:/winexe/
Install it
Code Block | ||
---|---|---|
| ||
yum install winexe |
SELinux is known to cause some issues. Disable it by
Code Block | ||
---|---|---|
| ||
sed -i -e 's/SELINUX=/#SELINUX=/g' /etc/selinux/config
echo "SELINUX=disabled" >> /etc/selinux/config
setenforce 0 |
Configure IP Tables to allow the Apache traffic
Code Block | ||
---|---|---|
| ||
sed -i 's/\*filter$/*filter\n-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT/' /etc/sysconfig/iptables
sed -i 's/\*filter$/*filter\n-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT/' /etc/sysconfig/iptables
/etc/init.d/iptables restart |
You will need to ensure your PHP timezone is set correctly. You can check which time zones PHP supports at http://www.php.net/manual/en/timezones.php You can find out your server's timezone by
Code Block | ||
---|---|---|
| ||
cat /etc/sysconfig/clock | grep ZONE | cut -d"\"" -f2 |
Configure PHP (substituting <TIMEZONE> from above). Set your PHP defaults
Code Block | ||
---|---|---|
| ||
sed -i -e 's/memory_limit/;memory_limit/g' /etc/php.ini
echo "memory_limit = 512M" >> /etc/php.ini
sed -i -e 's/max_execution_time/;max_execution_time/g' /etc/php.ini
echo "max_execution_time = 300" >> /etc/php.ini
sed -i -e 's/max_input_time/;max_input_time/g' /etc/php.ini
echo "max_input_time = 600" >> /etc/php.ini
sed -i -e 's/error_reporting/;error_reporting/g' /etc/php.ini
echo "error_reporting = E_ALL" >> /etc/php.ini
sed -i -e 's/display_errors/;display_errors/g' /etc/php.ini
echo "display_errors = On" >> /etc/php.ini
sed -i -e 's/upload_max_filesize/;upload_max_filesize/g' /etc/php.ini
echo "upload_max_filesize = 10M" >> /etc/php.ini
sed -i -e 's/date.timezone/;date.timezone/g' /etc/php.ini
echo "date.timezone = <TIMEZONE>" >> /etc/php.ini |
If you have had to install MySQL and Apache, configure and start the daemons
Code Block | ||
---|---|---|
| ||
chkconfig --levels 235 mysqld on
service mysqld start
echo "ServerName <HOSTNAME>" >> /etc/httpd/conf/httpd.conf
chkconfig --levels 235 httpd on
chsh -s /bin/bash apache
service httpd start |
Lastly, set the SUID for the nmap binary (so we can use the apache front end to run scripts which call nmap).
NOTE - This command will likely need to be re-run if Nmap is upgraded.
Code Block | ||
---|---|---|
| ||
chmod u+s /usr/bin/nmap |
Installing Dependencies for Debian / Ubuntu servers
The complete list of packages required by a Debian/Ubuntu install are - mysql-server, apache2, libapache2-mod-proxy-html, libapache2-mod-php5, openssh-server, php5, php5-ldap, php5-mcrypt, php5-mysql, php5-snmp, nmap, snmp, zip, wget, curl, sshpass, screen, smbclient, winexe.
Ensure your package manager is up to date
Code Block | ||
---|---|---|
| ||
apt-get update |
Install the missing dependencies by copying and pasting the output from the script "apt-get install package1 package2 etc etc".
If you have not already, download the appropriate 'winexe' package from the repository at http://download.opensuse.org/repositories/home:/ahajda:/winexe/
Install it
Code Block | ||
---|---|---|
| ||
dpkg -i install winexe |
You will need to ensure your PHP timezone is set correctly. You can check which time zones PHP supports at http://www.php.net/manual/en/timezones.php You can find out your server's timezone by
Code Block | ||
---|---|---|
| ||
cat /etc/timezone |
Configure PHP (substituting <TIMEZONE> from above). Set your PHP defaults
Code Block | ||
---|---|---|
| ||
sed -i -e 's/memory_limit/;memory_limit/g' /etc/php5/apache2/php.ini
echo "memory_limit = 512M" >> /etc/php5/apache2/php.ini
sed -i -e 's/max_execution_time/;max_execution_time/g' /etc/php5/apache2/php.ini
echo "max_execution_time = 300" >> /etc/php5/apache2/php.ini
sed -i -e 's/max_input_time/;max_input_time/g' /etc/php5/apache2/php.ini
echo "max_input_time = 600" >> /etc/php5/apache2/php.ini
sed -i -e 's/error_reporting/;error_reporting/g' /etc/php5/apache2/php.ini
echo "error_reporting = E_ALL" >> /etc/php5/apache2/php.ini
sed -i -e 's/display_errors/;display_errors/g' /etc/php5/apache2/php.ini
echo "display_errors = On" >> /etc/php5/apache2/php.ini
sed -i -e 's/upload_max_filesize/;upload_max_filesize/g' /etc/php5/apache2/php.ini
echo "upload_max_filesize = 10M" >> /etc/php5/apache2/php.ini
sed -i -e 's/date.timezone/;date.timezone/g' /etc/php5/apache2/php.ini
echo "date.timezone = <TIMEZONE>" >> /etc/php5/apache2/php.ini |
You may need to manually enable mcrypt in PHP.
Code Block | ||
---|---|---|
| ||
php5enmod mcrypt |
Set the server name for Apache, enable mod-proxy and restart
Code Block | ||
---|---|---|
| ||
echo "ServerName <HOSTNAME>" >> /etc/apache2/apache2.conf
a2enmod proxy_http
service apache2 restart |
Lastly, set the SUID for the nmap binary (so we can use the apache front end to run scripts which call nmap).
Code Block | ||
---|---|---|
| ||
dpkg-statoverride --update --add root root 4755 /usr/bin/nmap |