LinuxQuestions.org - IPAUDIT install

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - IPAUDIT install (https://www.linuxquestions.org/questions/linux-newbie-8/ipaudit-install-738989/)

I have installed IPAUDIT on CentOS.
I have followed the instructions at

http://www.securityfocus.com/infocus/1842/1

But when I

type

http://127.0.0.1/~ipaudit/

I get forbidden? Can someone lead me in the right direction?

If you mean forbidden as in 404 check what your webserver log says about it then check your webserver config?

127.0.0.1 - - [09/Jul/2009:14:40:49 -0400] "GET /~ipaudit HTTP/1.1" 403 284 "-" "Mozilla/5.0 (compatible; Konqueror/3.5; L$
127.0.0.1 - - [09/Jul/2009:14:40:49 -0400] "GET /favicon.ico HTTP/1.1" 404 283 "-" "Mozilla/5.0 (compatible; Konqueror/3.5$
127.0.0.1 - - [09/Jul/2009:14:41:06 -0400] "GET / HTTP/1.1" 403 5043 "-" "Mozilla/5.0 (compatible; Konqueror/3.5; Linux) K$
127.0.0.1 - - [09/Jul/2009:14:41:06 -0400] "GET /icons/apache_pb.gif HTTP/1.1" 200 2326 "http://localhost/" "Mozilla/5.0 ($
127.0.0.1 - - [09/Jul/2009:14:41:06 -0400] "GET /icons/powered_by_rh.png HTTP/1.1" 200 1213 "http://localhost/" "Mozilla/5$
127.0.0.1 - - [09/Jul/2009:14:42:08 -0400] "GET /~ipaudit HTTP/1.1" 403 284 "-" "Mozilla/5.0 (compatible; Konqueror/3.5; L$
127.0.0.1 - - [09/Jul/2009:14:58:27 -0400] "GET / HTTP/1.1" 403 5043 "-" "Mozilla/5.0 (compatible; Konqueror/3.5; Linux) K$
127.0.0.1 - - [09/Jul/2009:14:58:28 -0400] "GET /icons/apache_pb.gif HTTP/1.1" 200 2326 "http://127.0.0.1/" "Mozilla/5.0 ($
127.0.0.1 - - [09/Jul/2009:14:58:28 -0400] "GET /icons/powered_by_rh.png HTTP/1.1" 200 1213 "http://127.0.0.1/" "Mozilla/5$
127.0.0.1 - - [09/Jul/2009:14:58:28 -0400] "GET /favicon.ico HTTP/1.1" 404 283 "-" "Mozilla/5.0 (compatible; Konqueror/3.5$
127.0.0.1 - - [09/Jul/2009:14:58:36 -0400] "GET /~ipaudit HTTP/1.1" 403 284 "-" "Mozilla/5.0 (compatible; Konqueror/3.5; L$
127.0.0.1 - - [09/Jul/2009:14:58:51 -0400] "GET /~ipaudit HTTP/1.1" 403 284 "-" "Mozilla/5.0 (compatible; Konqueror/3.5; L$
127.0.0.1 - - [09/Jul/2009:14:58:51 -0400] "GET /favicon.ico HTTP/1.1" 404 283 "-" "Mozilla/5.0 (compatible; Konqueror/3.5$
127.0.0.1 - - [09/Jul/2009:14:59:18 -0400] "GET /~ipaudit HTTP/1.1" 403 284 "-" "Mozilla/5.0 (compatible; Konqueror/3.5; L$
127.0.0.1 - - [09/Jul/2009:15:06:12 -0400] "GET /~ipaudit HTTP/1.1" 403 284 "-" "Mozilla/5.0 (compatible; Konqueror/3.5; L$
127.0.0.1 - - [09/Jul/2009:15:06:16 -0400] "GET /~ipaudit HTTP/1.1" 403 284 "-" "Mozilla/5.0 (compatible; Konqueror/3.5; L$

I think the config is correct but i can seem to determine why permission denied.

[Thu Jul 09 14:40:49 2009] [error] [client 127.0.0.1] (13)Permission denied: access to /~ipaudit denied
[Thu Jul 09 14:40:49 2009] [error] [client 127.0.0.1] File does not exist: /var/www/html/favicon.ico
[Thu Jul 09 14:41:06 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/
[Thu Jul 09 14:42:08 2009] [error] [client 127.0.0.1] (13)Permission denied: access to /~ipaudit denied
[Thu Jul 09 14:58:27 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/
[Thu Jul 09 14:58:28 2009] [error] [client 127.0.0.1] File does not exist: /var/www/html/favicon.ico
[Thu Jul 09 14:58:36 2009] [error] [client 127.0.0.1] (13)Permission denied: access to /~ipaudit denied
[Thu Jul 09 14:58:51 2009] [error] [client 127.0.0.1] (13)Permission denied: access to /~ipaudit denied
[Thu Jul 09 14:58:51 2009] [error] [client 127.0.0.1] File does not exist: /var/www/html/favicon.ico
[Thu Jul 09 14:59:18 2009] [error] [client 127.0.0.1] (13)Permission denied: access to /~ipaudit denied
[Thu Jul 09 15:06:12 2009] [error] [client 127.0.0.1] (13)Permission denied: access to /~ipaudit denied
[Thu Jul 09 15:06:16 2009] [error] [client 127.0.0.1] (13)Permission denied: access to /~ipaudit denied

403 = Forbidden and 404 = "Not Found". Did you install only ipaudit or also the ipaudit-web package? If you did, is does your webserver configuration seem correct wrt file locations and any allow/deny access rules?

Package and .conf file

I installed ipaudit-web-1.0BETA9.tar.gz.

This is whats in my .conf

<Directory /home/*/public_html>
AllowOverride All
Options MultiViews Indexes Includes FollowSymLinks
Order allow,deny
Allow from all
</Directory>

<Directory /home/*/public_html/cgi-bin>
Options +ExecCGI -Includes -Indexes
SetHandler cgi-script
</Directory>

SHould i be looking somewhere else in the config?
Thank you for taking the time to respond.

Conf looks OK but given your log excerpt, and if this is something like for example /etc/httpd/conf.d/ipaudit.conf, then an existing /etc/httpd/conf/httpd.conf may overrule things. Posting contents (use something like 'grep -v ^#|grep -i [a-z]' to strip out comments) of that or any other "main" webserver configuration file could help. I think.

Ipaudit-web.conf

Code:

LOCALRANGE=198.*.*.32/24

INTERFACE=eth0

AWK=/usr/bin/gawk

GZIP=/usr/bin/gzip

ZCAT=/bin/zcat

ZGREP=/usr/bin/zgrep

GNUPLOT="nice -19 /usr/bin/gnuplot"

CGI_BIN=/~ipaudit/cgi-bin

IP_DIR=/home/ipaudit

HostPortLimit="500000,100000"

RAW_DAY=7

DATA_DAY=10

HTML_DAY=180

PidFile=run/ipaudit.pid

WriteTime=yes

IcmpType=yes

PacketLen=128

WritePacketLimit=500000

DAILY_TRAFFIC_REMOTEHOST_MIN=1024

DAILY_TRAFFIC_HOSTPAIR_MIN=1024

MAX_REMOTE_HOST_CNT=500000

MAX_LOCAL_HOST_CNT=100000

MAX_HOST_PAIR_CNT=1000000

OTHERRANGE=224.0.0.0/8

Code:

ServerTokens OS

ServerRoot "/etc/httpd"

PidFile run/httpd.pid

Timeout 120

KeepAlive Off

MaxKeepAliveRequests 100

KeepAliveTimeout 15

<IfModule prefork.c>

StartServers      8

MinSpareServers    5

MaxSpareServers  20

ServerLimit      256

MaxClients      256

MaxRequestsPerChild  4000

</IfModule>

<IfModule worker.c>

StartServers        2

MaxClients        150

MinSpareThreads    25

MaxSpareThreads    75 

ThreadsPerChild    25

MaxRequestsPerChild  0

</IfModule>

Listen 80

LoadModule auth_basic_module modules/mod_auth_basic.so

LoadModule auth_digest_module modules/mod_auth_digest.so

LoadModule authn_file_module modules/mod_authn_file.so

LoadModule authn_alias_module modules/mod_authn_alias.so

LoadModule authn_anon_module modules/mod_authn_anon.so

LoadModule authn_dbm_module modules/mod_authn_dbm.so

LoadModule authn_default_module modules/mod_authn_default.so

LoadModule authz_host_module modules/mod_authz_host.so

LoadModule authz_user_module modules/mod_authz_user.so

LoadModule authz_owner_module modules/mod_authz_owner.so

LoadModule authz_groupfile_module modules/mod_authz_groupfile.so

LoadModule authz_dbm_module modules/mod_authz_dbm.so

LoadModule authz_default_module modules/mod_authz_default.so

LoadModule ldap_module modules/mod_ldap.so

LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

LoadModule include_module modules/mod_include.so

LoadModule log_config_module modules/mod_log_config.so

LoadModule logio_module modules/mod_logio.so

LoadModule env_module modules/mod_env.so

LoadModule ext_filter_module modules/mod_ext_filter.so

LoadModule mime_magic_module modules/mod_mime_magic.so

LoadModule expires_module modules/mod_expires.so

LoadModule deflate_module modules/mod_deflate.so

LoadModule headers_module modules/mod_headers.so

LoadModule usertrack_module modules/mod_usertrack.so

LoadModule setenvif_module modules/mod_setenvif.so

LoadModule mime_module modules/mod_mime.so

LoadModule dav_module modules/mod_dav.so

LoadModule status_module modules/mod_status.so

LoadModule autoindex_module modules/mod_autoindex.so

LoadModule info_module modules/mod_info.so

LoadModule dav_fs_module modules/mod_dav_fs.so

LoadModule vhost_alias_module modules/mod_vhost_alias.so

LoadModule negotiation_module modules/mod_negotiation.so

LoadModule dir_module modules/mod_dir.so

LoadModule actions_module modules/mod_actions.so

LoadModule speling_module modules/mod_speling.so

LoadModule userdir_module modules/mod_userdir.so

LoadModule alias_module modules/mod_alias.so

LoadModule rewrite_module modules/mod_rewrite.so

LoadModule proxy_module modules/mod_proxy.so

LoadModule proxy_balancer_module modules/mod_proxy_balancer.so

LoadModule proxy_ftp_module modules/mod_proxy_ftp.so

LoadModule proxy_http_module modules/mod_proxy_http.so

LoadModule proxy_connect_module modules/mod_proxy_connect.so

LoadModule cache_module modules/mod_cache.so

LoadModule suexec_module modules/mod_suexec.so

LoadModule disk_cache_module modules/mod_disk_cache.so

LoadModule file_cache_module modules/mod_file_cache.so

LoadModule mem_cache_module modules/mod_mem_cache.so

LoadModule cgi_module modules/mod_cgi.so

LoadModule version_module modules/mod_version.so

Include conf.d/*.conf

User apache

Group apache

ServerAdmin root@localhost

ServerName 198.*.*.32:80

UseCanonicalName Off

DocumentRoot "/var/www/html"

<Directory />

    Options FollowSymLinks

    AllowOverride None

</Directory>

<Directory "/var/www/html">

    Options Indexes FollowSymLinks

    AllowOverride None

    Order allow,deny

    Allow from all

</Directory>

<IfModule mod_userdir.c>

    # UserDir is disabled by default since it can confirm the presence

    # of a username on the system (depending on home directory

    # permissions).

    # To enable requests to /~user/ to serve the user's public_html

    # directory, remove the "UserDir disable" line above, and uncomment

    # the following line instead:

    UserDir public_html

</IfModule>

DirectoryIndex index.html index.html.var

AccessFileName .htaccess

<Files ~ "^\.ht">

    Order allow,deny

    Deny from all

</Files>

TypesConfig /etc/mime.types

DefaultType text/plain

<IfModule mod_mime_magic.c>

    MIMEMagicFile conf/magic

</IfModule>

HostnameLookups Off

ErrorLog logs/error_log

LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

LogFormat "%h %l %u %t \"%r\" %>s %b" common

LogFormat "%{Referer}i -> %U" referer

LogFormat "%{User-agent}i" agent

CustomLog logs/access_log combined

ServerSignature On

Alias /icons/ "/var/www/icons/"

<Directory "/var/www/icons">

    Options Indexes MultiViews

    AllowOverride None

    Order allow,deny

    Allow from all

</Directory>

<IfModule mod_dav_fs.c>

    # Location of the WebDAV lock database.

    DAVLockDB /var/lib/dav/lockdb

</IfModule>

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

<Directory "/var/www/cgi-bin">

    AllowOverride None

    Options None

    Order allow,deny

    Allow from all

</Directory>

IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*

AddIconByType (IMG,/icons/image2.gif) image/*

AddIconByType (SND,/icons/sound2.gif) audio/*

AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe

AddIcon /icons/binhex.gif .hqx

AddIcon /icons/tar.gif .tar

AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv

AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip

AddIcon /icons/a.gif .ps .ai .eps

AddIcon /icons/layout.gif .html .shtml .htm .pdf

AddIcon /icons/text.gif .txt

AddIcon /icons/c.gif .c

AddIcon /icons/p.gif .pl .py

AddIcon /icons/f.gif .for

AddIcon /icons/dvi.gif .dvi

AddIcon /icons/uuencoded.gif .uu

AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl

AddIcon /icons/tex.gif .tex

AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..

AddIcon /icons/hand.right.gif README

AddIcon /icons/folder.gif ^^DIRECTORY^^

AddIcon /icons/blank.gif ^^BLANKICON^^

DefaultIcon /icons/unknown.gif

ReadmeName README.html

HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddLanguage ca .ca

AddLanguage cs .cz .cs

AddLanguage da .dk

AddLanguage de .de

AddLanguage el .el

AddLanguage en .en

AddLanguage eo .eo

AddLanguage es .es

AddLanguage et .et

AddLanguage fr .fr

AddLanguage he .he

AddLanguage hr .hr

AddLanguage it .it

AddLanguage ja .ja

AddLanguage ko .ko

AddLanguage ltz .ltz

AddLanguage nl .nl

AddLanguage nn .nn

AddLanguage no .no

AddLanguage pl .po

AddLanguage pt .pt

AddLanguage pt-BR .pt-br

AddLanguage ru .ru

AddLanguage sv .sv

AddLanguage zh-CN .zh-cn

AddLanguage zh-TW .zh-tw

LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW

ForceLanguagePriority Prefer Fallback

AddDefaultCharset UTF-8

AddType application/x-compress .Z

AddType application/x-gzip .gz .tgz

AddHandler type-map var

AddType text/html .shtml

AddOutputFilter INCLUDES .shtml

Alias /error/ "/var/www/error/"

<IfModule mod_negotiation.c>

<IfModule mod_include.c>

    <Directory "/var/www/error">

        AllowOverride None

        Options IncludesNoExec

        AddOutputFilter Includes html

        AddHandler type-map var

        Order allow,deny

        Allow from all

        LanguagePriority en es de fr

        ForceLanguagePriority Prefer Fallback

    </Directory>

</IfModule>

</IfModule>

BrowserMatch "Mozilla/2" nokeepalive

BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

BrowserMatch "RealPlayer 4\.0" force-response-1.0

BrowserMatch "Java/1\.0" force-response-1.0

BrowserMatch "JDK/1\.0" force-response-1.0

BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully

BrowserMatch "MS FrontPage" redirect-carefully

BrowserMatch "^WebDrive" redirect-carefully

BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully

BrowserMatch "^gnome-vfs/1.0" redirect-carefully

BrowserMatch "^XML Spy" redirect-carefully

BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

<Directory /home/*/public_html>

 AllowOverride All

 Options MultiViews Indexes Includes FollowSymLinks

 Order allow,deny 

 Allow from all

 </Directory>

 <Directory /home/*/public_html/cgi-bin>

 Options +ExecCGI -Includes -Indexes

 SetHandler cgi-script

 </Directory>

Is this correct?

I think this is what you were asking for?

It is. If you could go back and edit your post to put the proper text between BB code tags I'd appreciate it. This way it's really bad to read.

Quote:

Originally Posted by rnf0528

Code:

<IfModule mod_userdir.c>

 # UserDir is disabled by default since it can confirm the presence

 # of a username on the system (depending on home directory

 # permissions).

 # To enable requests to /~user/ to serve the user's public_html

 # directory, remove the "UserDir disable" line above, and uncomment

 # the following line instead:

 UserDir public_html

</IfModule>

 DirectoryIndex index.html index.html.var

 AccessFileName .htaccess

 <Files ~ "^\.ht">

  Order allow,deny

  Deny from all

 </Files>

meaning the other containers all show "Order allow,deny", then "Allow from all". For thesting you could use "Order deny,allow", then "Deny from all", then "Allow from 127.0.0.1" to only allow localhost access.

Code:

<IfModule mod_userdir.c>

 # UserDir is disabled by default since it can confirm the presence

 # of a username on the system (depending on home directory

 # permissions).

 # To enable requests to /~user/ to serve the user's public_html

 # directory, remove the "UserDir disable" line above, and uncomment

 # the following line instead:

 UserDir public_html

</IfModule>

 DirectoryIndex index.html index.html.var

 AccessFileName .htaccess

 <Files ~ "^\.ht">

  Order allow,deny

  Deny from all

Allow from 127.0.0.1

 </Files>

It should. If you could go back and edit your post to put the proper text between BB code tags I'd appreciate it. This way it's really bad to read.

ok I made the adjustments sorry about that.
I also tried this and restrated httpd no luck.
do you think i missed something in the other config?

Code:

<IfModule mod_userdir.c>

 # UserDir is disabled by default since it can confirm the presence

 # of a username on the system (depending on home directory

 # permissions).

 # To enable requests to /~user/ to serve the user's public_html

 # directory, remove the "UserDir disable" line above, and uncomment

 # the following line instead:

 UserDir public_html

</IfModule>

 DirectoryIndex index.html index.html.var

 AccessFileName .htaccess

 <Files ~ "^\.ht">

  Order allow,deny

  Deny from all

Allow from 127.0.0.1

 </Files>

Can't see anything. Did the error_log message change or is it the same?