-
Notifications
You must be signed in to change notification settings - Fork 85
/
README
79 lines (49 loc) · 2.06 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
The OSSEC Web UI is currently unmaintained and deprecated.
If you are interested in maintaining the project, please contact the OSSEC team (open an issue, send a message to the mailing list, etc).
We recommend using Kibana, Splunk, or similar projects for monitoring alerts.
------------------------------------------------------------------------------------------------------------------------------------------
OSSEC Web UI v0.8
Copyright (c) 2006-2013 Trend Micro Inc.
1- How to install.
1.0 - Prerequisites
- Apache with PHP (>= 4.1 or >= 5.0) installed.
- OSSEC (version >= 0.9-3) already installed.
1.1- Clone the web ui script:
# git clone https://github.com/ossec/ossec-wui.git
1.2- Move the folder to somewhere acessible by
your web server:
# mv ossec-wui* /var/www/htdocs/ossec-wui
1.3- Run the setup script (assign username/password...):
# cd /var/www/htdocs/ossec-wui
# ./setup.sh
...
1.4- If selinux is enabled, ossec-wui is normally unable to access
various ossec log files. One way to fix this is to install a
selinux targeted policy.
Create a TE file (eg.
/etc/seliinux/targeted/ossec-wui/ossec-wui.te) with the following
content:
module ossec-wui 1.0;
require {
type var_log_t;
type httpd_t;
type var_t;
class file { read getattr open };
}
#============= httpd_t ==============
allow httpd_t var_log_t:file read;
allow httpd_t var_t:file { read getattr open };
Then run the following commands as root:
checkmodule -M -m ossec-wui.te -o ossec-wui.mod
semodule_package -o ossec-wui.pp -m ossec-wui.mod
semodule -i ossec-wui.pp
1.5- If you have a large ossec install, you may want to
re-configure PHP to support longer lasting scripts
and higher memory utilization. The following entries
on php.ini can be increased:
max_execution_time = 180
max_input_time = 180
memory_limit = 30M
1.6- Try to access the UI.
http://anyhost/ossec-wui/
1.7- Report any problems or suggestions to our mailing list.