Hello Linux Security Guru,
I've sort a problem, dealing with OSSEC-HIDS, today I've started using OSSEC to monitor my system. I have installed OSSEC on an ubuntu Server 10.10. Ossec running and doing it jobs, sending alert to my mail, etc. I wonder how could I see my network statistics on web interface, so I looking toward OSSEC WUI, but my problem is;
Unable to access ossec directory.
and my installed code
Code:
root@ubuntusecurity:/usr/src# tar -zxvf ossec-wui-0.3.tar.gz
ossec-wui-0.3
ossec-wui-0.3/css
ossec-wui-0.3/css/images
ossec-wui-0.3/css/images/arrow.gif
ossec-wui-0.3/css/images/favicon.ico
ossec-wui-0.3/css/images/hr_tag_sep.gif
ossec-wui-0.3/css/images/hr_title_sep.gif
ossec-wui-0.3/css/images/pagebg.gif
ossec-wui-0.3/css/cal.css
ossec-wui-0.3/css/css.css
ossec-wui-0.3/img
ossec-wui-0.3/img/191x81.jpg
ossec-wui-0.3/img/background.png
ossec-wui-0.3/img/calendar.gif
ossec-wui-0.3/img/donate.gif
ossec-wui-0.3/img/ossecLogo.png
ossec-wui-0.3/img/ossec_webui.jpg
ossec-wui-0.3/CONTRIB
ossec-wui-0.3/LICENSE
ossec-wui-0.3/README
ossec-wui-0.3/README.search
ossec-wui-0.3/htaccess_def.txt
ossec-wui-0.3/index.php
ossec-wui-0.3/ossec_conf.php
ossec-wui-0.3/setup.sh
ossec-wui-0.3/js
ossec-wui-0.3/js/calendar-en.js
ossec-wui-0.3/js/calendar-setup.js
ossec-wui-0.3/js/calendar.js
ossec-wui-0.3/js/hide.js
ossec-wui-0.3/js/prototype.js
ossec-wui-0.3/lib
ossec-wui-0.3/lib/Ossec
ossec-wui-0.3/lib/Ossec/Alert.php
ossec-wui-0.3/lib/Ossec/AlertList.php
ossec-wui-0.3/lib/Ossec/Histogram.php
ossec-wui-0.3/lib/os_lib_agent.php
ossec-wui-0.3/lib/os_lib_alerts.php
ossec-wui-0.3/lib/os_lib_firewall.php
ossec-wui-0.3/lib/os_lib_handle.php
ossec-wui-0.3/lib/os_lib_mapping.php
ossec-wui-0.3/lib/os_lib_stats.php
ossec-wui-0.3/lib/os_lib_syscheck.php
ossec-wui-0.3/lib/os_lib_util.php
ossec-wui-0.3/lib/ossec_categories.php
ossec-wui-0.3/lib/ossec_formats.php
ossec-wui-0.3/site
ossec-wui-0.3/site/footer.html
ossec-wui-0.3/site/header.html
ossec-wui-0.3/site/help.php
ossec-wui-0.3/site/main.php
ossec-wui-0.3/site/search.php
ossec-wui-0.3/site/searchfw.php
ossec-wui-0.3/site/stats.php
ossec-wui-0.3/site/syscheck.php
ossec-wui-0.3/site/user_mapping.php
root@ubuntusecurity:/usr/src# ls
linux-headers-2.6.35-22 ossec-hids-2.5.1 ossec-wui-0.3
linux-headers-2.6.35-22-generic-pae ossec-hids-2.5.1.tar.gz ossec-wui-0.3.tar.gz
root@ubuntusecurity:/usr/src# mv ossec-wui-0.3 /var/www
root@ubuntusecurity:/usr/src# ls
linux-headers-2.6.35-22 ossec-hids-2.5.1 ossec-wui-0.3.tar.gz
linux-headers-2.6.35-22-generic-pae ossec-hids-2.5.1.tar.gz
root@ubuntusecurity:/usr/src# cd /var/www
root@ubuntusecurity:/var/www# ls
base-1.4.5 base-1.4.5.tar.gz index ossec-wui-0.3
root@ubuntusecurity:/var/www# cd ossec-wui-0.3/
root@ubuntusecurity:/var/www/ossec-wui-0.3# ./setup.sh
Setting up ossec ui...
Username: andrewraharjo
New password:
Re-type new password:
Adding password for user andrewraharjo
Setup completed successfuly.
root@ubuntusecurity:/var/www/ossec-wui-0.3# cd ..
root@ubuntusecurity:/var/www# chmod 775 ossec-wui-0.3/
root@ubuntusecurity:/var/www# nano /etc/gro
groff/ group group-
root@ubuntusecurity:/var/www# nano /etc/group
root@ubuntusecurity:/var/www# chmod www
chmod: missing operand after `www'
Try `chmod --help' for more information.
root@ubuntusecurity:/var/www# chmod 770 tmp/
chmod: cannot access `tmp/': No such file or directory
root@ubuntusecurity:/var/www# ls
base-1.4.5 base-1.4.5.tar.gz index ossec-wui-0.3
root@ubuntusecurity:/var/www# cd ossec-wui-0.3/
root@ubuntusecurity:/var/www/ossec-wui-0.3# ls
CONTRIB htaccess_def.txt index.php lib ossec_conf.php README.search site
css img js LICENSE README setup.sh tmp
root@ubuntusecurity:/var/www/ossec-wui-0.3# chmod 770 tmp/
root@ubuntusecurity:/var/www/ossec-wui-0.3# chgrp www tmp/
chgrp: invalid group: `www'
root@ubuntusecurity:/var/www/ossec-wui-0.3# apache restart
No command 'apache' found, did you mean:
Command 'apache2' from package 'apache2-mpm-worker' (main)
Command 'apache2' from package 'apache2-mpm-event' (main)
Command 'apache2' from package 'apache2-mpm-itk' (universe)
Command 'apache2' from package 'apache2-mpm-prefork' (main)
apache: command not found
root@ubuntusecurity:/var/www/ossec-wui-0.3# /etc/init.d/apache2 restar
* Usage: /etc/init.d/apache2 {start|stop|graceful-stop|restart|reload|force-reload|start-htcacheclean|stop-htcacheclean|status}
root@ubuntusecurity:/var/www/ossec-wui-0.3# /etc/init.d/apache2 restart
* Restarting web server apache2
apache2: Could not reliably determine the server's fully qualified domain name, using 122.200.6.120 for ServerName
... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 122.200.6.120 for ServerName
...done.
root@ubuntusecurity:/var/www/ossec-wui-0.3# usermod -a -G ossec www-data
root@ubuntusecurity:/var/www/ossec-wui-0.3# cat /etc/group |grep ossec
ossec:x:1002:www,www-data
So anything else that I've been missed about the installation ?
I've followed this instruction;
http://www.ossec.net/main/manual/wui-ubuntu/
compared with this instruction :
http://www.ossec.net/wiki/OSSECWUI:Install
but nothing happends...it still didn't work
I've checks the config files, I've check the file locations, permissions, and ownerships, and I cannot see why it is not loading correctly. If anyone that has experience with this has any suggestions, it would be greatly appreciated.
So please help me...
Cheers..