/ossec-wui

OSSEC Web User Interface - Unmaintained!!

Primary LanguagePHPOtherNOASSERTION

The OSSEC Web UI is currently unmaintained and deprecated.
If you are interested in maintaining the project, please contact the OSSEC team (open an issue, send a message to the mailing list, etc).

We recommend using Kibana, Splunk, or similar projects for monitoring alerts.

------------------------------------------------------------------------------------------------------------------------------------------

OSSEC Web UI v0.8
Copyright (c) 2006-2013 Trend Micro Inc.


1- How to install.

1.0 - Prerequisites

    - Apache with PHP (>= 4.1 or >= 5.0) installed.
    - OSSEC (version >= 0.9-3) already installed.


1.1- Clone the web ui script:

    # git clone https://github.com/ossec/ossec-wui.git


1.2- Move the folder to somewhere acessible by
     your web server:

    # mv ossec-wui* /var/www/htdocs/ossec-wui


1.3- Run the setup script (assign username/password...):

    # cd /var/www/htdocs/ossec-wui
    # ./setup.sh
    ...


1.4- If selinux is enabled, ossec-wui is normally unable to access 
     various ossec log files.  One way to fix this is to install a 
     selinux targeted policy.

     Create a TE file (eg. 
     /etc/seliinux/targeted/ossec-wui/ossec-wui.te) with the following 
     content:

    module ossec-wui 1.0;

    require {
	type var_log_t;
        type httpd_t;
        type var_t;
        class file { read getattr open };
    }

    #============= httpd_t ==============
    allow httpd_t var_log_t:file read;
    allow httpd_t var_t:file { read getattr open };

     Then run the following commands as root:

    checkmodule -M -m ossec-wui.te -o ossec-wui.mod
    semodule_package -o ossec-wui.pp -m ossec-wui.mod
    semodule -i ossec-wui.pp 

1.5- If you have a large ossec install, you may want to
     re-configure PHP to support longer lasting scripts
     and higher memory utilization. The following entries
     on php.ini can be increased:

     max_execution_time = 180
     max_input_time = 180
     memory_limit = 30M


1.6- Try to access the UI.

     http://anyhost/ossec-wui/

1.7- Report any problems or suggestions to our mailing list.