Open-AudIT should be installed on 64bit systems only. You might try it on a 32bit system, but this will not be supported going forward.
These installation instructions and scripts have been tested on CentOS 6.3. Other versions may work. If you do install on another version and need to make alterations, please contribute this back to the community so others can also benefit.
The below commands should be run as the root user.
...
Install MySQL
Code Block | ||
---|---|---|
| ||
yum -y install mysql mysql-server chkconfig --levels 235 mysqld on service mysqld start |
When the mysqld
service starts you will likely see a reminder about setting a database root password; if you do it immediately make sure that you note down the password for later. Alternatively you can leave the database without password until you configure Open-Audit.
Install Apache
Code Block | ||
---|---|---|
| ||
yum -y install httpd chkconfig --levels 235 httpd on service httpd start |
Install PHP, SNMP, zip and Nmapthe other required packages
Code Block | ||
---|---|---|
| ||
yum -y install nano php php-cli php-mysql php-ldap php-mbstring php-mcrypt php-snmp php-xml nmap snmp zip zip curl wget sshpass screen samba-client |
We also need to install winexe. It is not in repositiories, but available for most distributions via the SuSe Build Server. Go to the URL http://download.opensuse.org/repositories/home:/ahajda:/winexe/ and download the relevant package for your distribution. Install it using "yum install PACKAGENAME" and you should be good to go.
Open-AudIT uses Nmap for discovery, sshpass for Linux auditing and screen / samba-client / winexe for Windows auditing.
Discovery will not work without these packages installed.
Disable SELinux
Code Block | ||
---|---|---|
| ||
sed -i -e 's/SELINUX=/#SELINUX=/g' /etc/selinux/config echo "SELINUX=disabled" >> /etc/selinux/config setenforce 0 |
Configure IPTables
Code Block | ||
---|---|---|
| ||
sed -i '1ss/^/\*filter$/*filter\n-A INPUT -m state -p-state tcpNEW -mp tcp --dport 80443 -j ACCEPT\n/' /etc/sysconfig/iptables sed -i '1ss/^/\*filter$/*filter\n-A INPUT -p tcpm state --state NEW -mp tcp --dport 44380 -j ACCEPT\n/' /etc/sysconfig/iptables /etc/init.d/iptables restart |
Configure PHP (substituting $TIMEZONE from above).
Code Block | ||
---|---|---|
| ||
sed -i -e 's/memory_limit/;memory_limit/g' /etc/php.ini echo "memory_limit = 512M" >> /etc/php.ini sed -i -e 's/max_execution_time/;max_execution_time/g' /etc/php.ini echo "max_execution_time = 300" >> /etc/php.ini sed -i -e 's/max_input_time/;max_input_time/g' /etc/php.ini echo "max_input_time = 600" >> /etc/php.ini sed -i -e 's/error_reporting/;error_reporting/g' /etc/php.ini echo "error_reporting = E_ALL" >> /etc/php.ini sed -i -e 's/display_errors/;display_errors/g' /etc/php.ini echo "display_errors = On" >> /etc/php.ini sed -i -e 's/upload_max_filesize/;upload_max_filesize/g' /etc/php.ini echo "upload_max_filesize = 10M" >> /etc/php.ini # Get a valid dat/time string from http://www.php.net/manual/en/timezones.php sed -i -e 's/date.timezone/;date.timezone/g' /etc/php.ini echo "date.timezone = $TIMEZONE" >> /etc/php.ini |
Set the server name (substituting $HOSTNAME from above) and shell (used for scripts) for Apache and restart
Code Block | ||
---|---|---|
| ||
echo "ServerName $HOSTNAME" >> /etc/httpd/conf/httpd.conf chsh -s /bin/bash apache service httpd restart |
Set the SUID for the nmap binary (so we can use the apache front end to run scripts which call nmap).
NOTE - This command will likely need to be re-run if Nmap is upgraded.
Code Block | ||
---|---|---|
| ||
chmod u+s /usr/bin/nmap |