...
Code Block | ||
---|---|---|
| ||
yum -y install mysql mysql-server chkconfig --levels 235 mysqld on service mysqld start |
When the mysqld
service starts you will likely see a reminder about setting a database root password; if you do it immediately make sure that you note down the password for later. Alternatively you can leave the database without password until you configure Open-Audit.
Install Apache
Code Block | ||
---|---|---|
| ||
yum -y install httpd chkconfig --levels 235 httpd on service httpd start |
Install PHP, SNMP, zip and Nmapthe other required packages
Code Block | ||
---|---|---|
| ||
yum -y install nano php php-cli php-mysql php-ldap php-mbstring php-mcrypt php-snmp php-xml nmap snmp zip zip curl wget sshpass screen samba-client |
We also need to install winexe. It is not in repositiories, but available for most distributions via the SuSe Build Server. Go to the URL http://download.opensuse.org/repositories/home:/ahajda:/winexe/ and download the relevant package for your distribution. Install it using "yum install PACKAGENAME" and you should be good to go.
Open-AudIT uses Nmap for discovery, sshpass for Linux auditing and screen / samba-client / winexe for Windows auditing.
Discovery will not work without these packages installed.
Disable SELinux
Code Block | ||
---|---|---|
| ||
sed -i -e 's/SELINUX=/#SELINUX=/g' /etc/selinux/config echo "SELINUX=disabled" >> /etc/selinux/config setenforce 0 |
...
Code Block | ||
---|---|---|
| ||
sed -i '1ss/^/\*filter$/*filter\n-A INPUT -m state --pstate tcpNEW -mp tcp --dport 80443 -j ACCEPT\n/' /etc/sysconfig/iptables sed -i '1ss/^/\*filter$/*filter\n-A INPUT -p tcpm state --state NEW -mp tcp --dport 44380 -j ACCEPT\n/' /etc/sysconfig/iptables /etc/init.d/iptables restart |
Configure PHP (substituting $TIMEZONE from above).
...
Set the SUID for the nmap binary (so we can use the apache front end to run scripts which call nmap).
NOTE - This command will likely need to be re-run if Nmap is upgraded.
Code Block | ||
---|---|---|
| ||
chmod u+s /usr/bin/nmap |