Web UI (Lighttpd)

From OSSEC Wiki

OSSEC Web User Interface (wui) Install on Lighttpd

By Martijn de Boer based on the original tutorial by Daniel B. Cid.

Prerequisites

Lighttpd (>= 1.x) with PHP-cgi (php4-cgi or php5-cgi) in FastCGI
apache2utils for authentication
OSSEC (version >= 0.9-3) already installed.

This guide assumes uses apt for package management on ubuntu. Please find the according command/packages for your distrubution/os.

Installation steps

1- Install Lighttpd following the normal steps, also install php5-cgi or php4-cgi and apache2-utils

   $ apt-get install lighttpd php5-cgi apache2-utils

2- Enable FastCGI

   $ lighty-enable-mod fastcgi

3- If using php5-cgi change the fastcgi path

   $ vi /etc/lighttpd/conf-enabled/10-fastcgi.conf
   ..
   From"
     "bin-path" => "/usr/bin/php-cgi"
   To:
     "bin-path" => "/usr/bin/php5-cgi"

4- Download the web ui package:

   $ wget http://www.ossec.net/files/ui/ossec-wui-0.3.tar.gz

5- Verify the checksum and signature of the package, you can find the GPG key at http://www.ossec.net/main/pgp/ :

   $ wget http://www.ossec.net/files/ui/ossec-wui-0.3-checksum.txt
   $ wget http://www.ossec.net/files/ui/ossec-wui-0.3.tar.gz.sig
   $ md5 ossec-wui-0.3.tar.gz
   MD5 (ossec-wui-0.3.tar.gz) = c79fa486e9a20fb06a517541033af304
   $ sha1 ossec-wui-0.3.tar.gz
   SHA1 (ossec-wui-0.3.tar.gz) = e00bff680721982ee55295a5292eb4e2a638b820
   $ gpg --verify ossec-wui-0.3.tar.gz.sig ossec-wui-0.3.tar.gz
   gpg: Signature made Tue Mar 04 14:27:59 2008 AST using RSA key ID 6B30327E
   gpg: Good signature from "Daniel B. Cid (Ossec development) <dcid@ossec.net>"
   Primary key fingerprint: 86C6 D33B C52E 19BF DDAE  57EB 4E57 14E2 6B30 327E

6- Decompress/untar and move the files to somewhere accessible by your web server:

   $ tar -zxvf ossec-wui-0.3.tar.gz
   # mv ossec-wui-0.3 /var/www/htdocs/ossec-wui

7- Create a digest file to use inside mod_auth

   $ htdigest -c /etc/lighttpd/www-root.user "ossec wui" yourusername

8- Add the digest information to mod_auth

   $ vi /etc/lighttpd/conf-enabled/10-auth.conf

   auth.backend = "htdigest"
   auth.backend.htdigest.userfile = "/etc/lighttpd/www-root.user"
   auth.require = ( "/ossec-wui" =>
                                (
                                  "method"  => "digest",
                                  "realm"   => "ossec wui",
                                  "require" => "user=yourusername"
                                )
                              )

9- Add your web server user (www-data, www or nobody) to the ossec group:

   # vi /etc/group
   ..
   From:
       ossec:x:1002:
   To (if your web server user is www):
       ossec:x:1002:www

10- Fix the permissions for the tmp directory and restart Lighttpd (for the new permissions to work)

   # chmod 770 tmp/
   # chgrp www tmp/
   # /etc/init.d/lighttpd force-reload

11- If you have a large ossec install, you may want to re-configure PHP to support longer lasting scripts and higher memory utilization. The following entries on php.ini can be increased:

    max_execution_time = 180
    max_input_time = 180
    memory_limit = 30M

12- You should now be able to access the UI:

   http ://anyhost/ossec-wui/

13- Report any problems or suggestions to our mailing list:

   http://www.ossec.net/en/mailing_lists.html

From OSSEC Wiki

OSSEC Web User Interface (wui) Install on Lighttpd

Prerequisites

Installation steps

Views

Personal tools

Navigation

Documentation

Search