Open-AudIT should be installed on 64bit systems only. You might try it on a 32bit system, but this will not be supported going forward.
These installation instructions and scripts have been tested on Ubuntu 12.04, Ubuntu 13.04, Debian 7. Other versions may work. If you do install on another version and need to make alterations, please contribute this back to the community so others can also benefit.
The below commands should be run as the root user (you can "sudo su" on Ubuntu).
All items in CAPITALS should be substituted with actual specific values.
Make sure your server is up to date (you may need to reboot if you install a kernel update).
Code Block | ||
---|---|---|
| ||
apt-get update && apt-get upgrade |
There are a few variables you should note down (they will be used later on).
HOSTNAME
Code Block | ||
---|---|---|
| ||
uname -n |
TIMEZONE
Code Block | ||
---|---|---|
| ||
cat /etc/timezone |
Install MySQL (make a note of your supplied root password).
Code Block | ||
---|---|---|
| ||
apt-get install mysql-server |
Install the other required packages
Code Block | ||
---|---|---|
| ||
apt-get install -q -y apache2 libapache2-mod-proxy-html libapache2-mod-php5 openssh-server php5 php5-ldap php5-mcrypt php5-mysql php5-snmp nmap snmp zip daemon wget curl sshpass screen samba-client |
We also need to install winexe. It is not in repositories, but available for most distributions via the SuSe Build Service. Go to the URL http://download.opensuse.org/repositories/home:/ahajda:/winexe/ and download the relevant package for your distribution. Install it using "sudo dpkg -i PACKAGENAME" and you should be good to go.
Open-AudIT uses Nmap for discovery, sshpass for Linux auditing and screen / samba-client / winexe for Windows auditing.
Discovery will not work without these packages installed.
Configure PHP (substituting $TIMEZONE from above).
Code Block | ||
---|---|---|
| ||
sed -i -e 's/memory_limit/;memory_limit/g' /etc/php5/apache2/php.ini echo "memory_limit = 512M" >> /etc/php5/apache2/php.ini sed -i -e 's/max_execution_time/;max_execution_time/g' /etc/php5/apache2/php.ini echo "max_execution_time = 300" >> /etc/php5/apache2/php.ini sed -i -e 's/max_input_time/;max_input_time/g' /etc/php5/apache2/php.ini echo "max_input_time = 600" >> /etc/php5/apache2/php.ini sed -i -e 's/error_reporting/;error_reporting/g' /etc/php5/apache2/php.ini echo "error_reporting = E_ALL" >> /etc/php5/apache2/php.ini sed -i -e 's/display_errors/;display_errors/g' /etc/php5/apache2/php.ini echo "display_errors = On" >> /etc/php5/apache2/php.ini sed -i -e 's/upload_max_filesize/;upload_max_filesize/g' /etc/php5/apache2/php.ini echo "upload_max_filesize = 10M" >> /etc/php5/apache2/php.ini # Get a valid date/time string from http://www.php.net/manual/en/timezones.php sed -i -e 's/date.timezone/;date.timezone/g' /etc/php5/apache2/php.ini echo "date.timezone = $TIMEZONE" >> /etc/php5/apache2/php.ini |
Set the server name (substituting $HOSTNAME from above) for Apache, enable mod-proxy and restart
Code Block | ||
---|---|---|
| ||
echo "ServerName $HOSTNAME" >> /etc/apache2/apache2.conf a2enmod proxy_http service apache2 restart |
Set the SUID for the nmap binary (so we can use the apache front end to run scripts which call nmap).
Code Block | ||
---|---|---|
| ||
chmod u+s /usr/bin/nmap |