Child pages
  • Installing the pre-reqs on CentOS and RedHat (old pre v1.3.1)
Skip to end of metadata
Go to start of metadata

Open-AudIT should be installed on 64bit systems only. You might try it on a 32bit system, but this will not be supported going forward.

These installation instructions and scripts have been tested on CentOS 6.3. Other versions may work. If you do install on another version and need to make alterations, please contribute this back to the community so others can also benefit.

The below commands should be run as the root user.

All items in CAPITALS should be substituted with actual specific values.

Make sure your server is up to date.

There are a few variables you should note down (they will be used later on).

HOSTNAME

TIMEZONE

This should match a valid time zone for PHP. You can check which time zones PHP supports at http://www.php.net/manual/en/timezones.php

Install the various prerequisite packages.

You will need an external repo to install some items, so we'll set that up now.

Install MySQL

When the mysqld service starts you will likely see a reminder about setting a database root password; if you do it immediately make sure that you note down the password for later. Alternatively you can leave the database without password until you configure Open-Audit.

Install Apache

Install the other required packages

We also need to install winexe. It is not in repositiories, but available for most distributions via the SuSe Build Server. Go to the URL http://download.opensuse.org/repositories/home:/ahajda:/winexe/ and download the relevant package for your distribution. Install it using "yum install PACKAGENAME" and you should be good to go.

Open-AudIT uses Nmap for discovery, sshpass for Linux auditing and screen / samba-client / winexe for Windows auditing.

 Discovery will not work without these packages installed.

Disable SELinux

Configure IPTables

Configure PHP (substituting $TIMEZONE from above).

Set the server name (substituting $HOSTNAME from above) and shell (used for scripts) for Apache and restart

Set the SUID for the nmap binary (so we can use the apache front end to run scripts which call nmap).

NOTE - This command will likely need to be re-run if Nmap is upgraded.

  • No labels