...
Dependencies are checked and if not present, can be installed by the installer script.
Installing / Upgrading
All commands should be run as root (you can "sudo su" on Ubuntu).
When an upgrade is performed, Your database will NOT be upgraded. You will need to log on to Open-AudIT - when you do you will be prompted to upgrade it.
NOTE - Any commands that have <SOMETHING> in them require that you substitute <SOMETHING> for the appropriate value. For example, if your server's hostname is 'vali', and the command states echo "<HOSTNAME>" >> somefile.txt you should type echo "vali" >> somefile.txt. The specific value of <HOSTNAME> refers to the hostname of your server.
<HOSTNAME> can be obtained by running the command 'hostname'.
All steps below require the tarball to be copied to /tmp, extracted and then the install script (installer) run from that directory.
CentOS / RedHat considerations
CentOS and RedHat may require some items set outside of the installer script. These will be added to the installer in a future version.
SELinux
If SELinux is installed and running, you will need to disable it.
To stop SELinux run the command
| Code Block | ||
|---|---|---|
| ||
setenforce 0 |
To ensure it does not start after a reboot, edit the file /etc/sysconfig/config and change the line
SELINUX=enforcing
to
SELINUX=permissive
ipTables
ipTables is installed, active and blocks all ports except port 22 by default. You can disable ipTables completely or allow only port 80.
To disable ipTables completely, run the following commands:
| Code Block | ||
|---|---|---|
| ||
cd /tmp
tar xf OAE-Linux-x68_64-release_1.4.tar.gz
cd Open-AudIT-1.4.0
./installer |
CentOS / RedHat considerations
CentOS and RedHat may require some items set outside of the installer script. These will be added to the installer in a future version.
SELinux
If SELinux is installed and running, you will need to disable it.
service iptables stop |
then stop it from starting with
| Code Block | ||
|---|---|---|
| ||
chkconfig iptables off |
To allow only port 80, run the following commands:
| Code Block | ||
|---|---|---|
| ||
iptables -I INPUT 5 -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT |
and then save itTo stop SELinux run the command
| Code Block | ||
|---|---|---|
| ||
setenforce 0 |
To ensure it does not start after a reboot, edit the file /etc/sysconfig/config and change the line
SELINUX=enforcing
to
SELINUX=permissive
ipTables
ipTables is installed, active and blocks all ports except port 22 by default. You can disable ipTables completely or allow only port 80.
To disable ipTables completely, run the following commands:
| Code Block | ||
|---|---|---|
| ||
service iptables stop |
then stop it from starting with
| Code Block | ||
|---|---|---|
| ||
chkconfig iptables off |
service iptables save |
Installing / Upgrading
All commands should be run as root (you can "sudo su" on Ubuntu).
When an upgrade is performed, Your database will NOT be upgraded. You will need to log on to Open-AudIT - when you do you will be prompted to upgrade it.
NOTE - Any commands that have <SOMETHING> in them require that you substitute <SOMETHING> for the appropriate value. For example, if your server's hostname is 'vali', and the command states echo "<HOSTNAME>" >> somefile.txt you should type echo "vali" >> somefile.txt. The specific value of <HOSTNAME> refers to the hostname of your server.
<HOSTNAME> can be obtained by running the command 'hostname'.
All steps below require the tarball to be copied to /tmp, extracted and then the install script (installer) run from that directory.
To allow only port 80, run the following commands:
| Code Block | ||
|---|---|---|
| ||
iptables -I INPUT 5 -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT |
and then save it
...
| language | bash |
|---|
cd /tmp
tar xf OAE-Linux-x68_64-release_1.4.tar.gz
cd Open-AudIT-1.4.0
./installer |
...
Apache Proxy Config on RedHat
...