The new versions of Open-AudIT require usage of it's "installator". That does not support CentOS 7.
Check dependency:
Check hostname and timezone:
uname -n ls -l /etc/localtime
epel-release is necessary
yum -y install epel-release
Install components:
Apache, mysql (MariaDB is default in CentOS 7). Set root password of mysql to 'PASSWORD'
yum -y install mariadb-server mariadb httpd systemctl start mariadb.service systemctl enable mariadb.service systemctl start httpd.service systemctl enable httpd.service mysql_secure_installation
yum -y install php php-cli php-mysql php-ldap php-mbstring php-mcrypt php-snmp \
php-xml nmap zip curl wget sshpass screen samba-client \
perl-version php-process perl-Time-modules
We also need to install winexe. It is not in repositiories, but available for most distributions via the SuSe Build Server. Go to the URL http://download.opensuse.org/repositories/home:/ahajda:/winexe/ and download the relevant package for your distribution.
I am not sure, if it is necessary. There is no CentOS 7 version available, but older version installs without complaints
wget http://download.opensuse.org/repositories/home:/ahajda:/winexe/CentOS_CentOS-6/x86_64/winexe-1.00-2.4.x86_64.rpm rpm -ivh winexe-1.00-2.4.x86_64.rpmsetup php.ini:
TIMEZONE=`ll /etc/localtime |sed -e 's+.*/\([^/]*/[^/]*$\)+\1+'` sed -i -e 's/memory_limit/;memory_limit/g' /etc/php.ini echo "memory_limit = 512M" >> /etc/php.ini sed -i -e 's/max_execution_time/;max_execution_time/g' /etc/php.ini echo "max_execution_time = 300" >> /etc/php.ini sed -i -e 's/max_input_time/;max_input_time/g' /etc/php.ini echo "max_input_time = 600" >> /etc/php.ini sed -i -e 's/error_reporting/;error_reporting/g' /etc/php.ini echo "error_reporting = E_ALL" >> /etc/php.ini sed -i -e 's/display_errors/;display_errors/g' /etc/php.ini echo "display_errors = On" >> /etc/php.ini sed -i -e 's/upload_max_filesize/;upload_max_filesize/g' /etc/php.ini echo "upload_max_filesize = 10M" >> /etc/php.ini sed -i -e 's/date.timezone/;date.timezone/g' /etc/php.ini echo "date.timezone = $TIMEZONE" >> /etc/php.ini
Set the server name and shell (used for scripts) for Apache and restart daemon
HOSTNAME=`uname -n` echo "ServerName $HOSTNAME" >> /etc/httpd/conf/httpd.conf chsh -s /bin/bash apache systemctl restart httpd.service
Set the SUID for the nmap binary (so we can use the apache front end to run scripts which call nmap).
chmod u+s /usr/bin/nmap
You should be able to determine the IP Address of your Open-AudIT server via the following command:
ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1'
Install OpenAudit using standard installer. The errors are normal in this case.
wget http://dl-openaudit.opmantek.com/OAE-Linux-x86_64-release_1.4.1.tar.gz tar xvf OAE-Linux-x86_64-release_1.4.1.tar.gz cd Open-AudIT* ./installer -t /var/www/oaNote that the installed software resides in three separate places:
/var/www/oa ,
/var/www/html/open-audit,
/usr/local/open-audit
It seems to be better to let open-audIT to install to the default location: /usr/local.
Open ports 80, 443, 8042 in firewall or disable it completely. Disable selinux.
systemctl stop firewalld setenforce 0
Selinux experiments:
enable httpd to exec scripts:
semanage fcontext -a -t httpd_sys_script_exec_t '/usr/local/open-audit(/.*)?'
restore context
restorecon -R /usr/local/open-audit/
set:
setsebool -P nis_enabled 1 setsebool -P httpd_can_network_connect 1
Let the selinux to to teach itselves:
setenforce permissive
do some work...
grep httpd /var/log/audit/audit.log | audit2allow -m httpdopenaudit > httpdopenaudit.te less httpdopenaudit.te
grep httpd /var/log/audit/audit.log | audit2allow -M httpdopenaudit semodule -i httpdopenaudit.pp
and enable selinux:
setenforce enforcing
