[웹로그 #2] CentOS 6.3 + OSSEC + OSSEC Dashboard

splunk를 이용해도 되지만, 아무래도 상용이기에...이런저런 공짜 대쉬보드를 알아보는 중...

그나마 괜찮은 오픈소스를 발견함

ossim도 있긴 하나...이것은..서버를 다 갈아엎어야 할 태세;;;;;;;;;;;

http://sourceforge.net/p/ossecdashboard/home/Home/

ossec 로그만 해당하는거 같은데, 설치나 이런거 매우 쉬움...단! 좀 느리다...........그래도 이게 어디야;;;

필요한 환경 - apache webserver - php - php gd extension (yum intall php-gd gd-devel) - ossec (이전 글 참고)

step1) source download

root #] git clone git://git.code.sf.net/p/ossecdashboard/code ossecdashboard-code 

(http://sourceforge.net/p/ossecdashboard/code/ci/bf0182437d64caff580087942e5569c50ed326a1/tree/ )

step2) install

root #] cd ossecdashboard-code 

root #] php -f install.php

This script should help install the OSSEC Dashboard. Please answer the following questions. Installation location [/var/www/ossecdashboard-code]: /var/www/html/ossec-dash The directory identified already exists; do you wish to upgrade? (y/N) y Creating backup of your current config.php file at config.php.bk. Copying new files... File (/var/www/test/resources/Charts/04_NumEventsPerDay.php) modified since last update. Backup created at /var/www/test/resources/Charts/04_NumEventsPerDay.php.bk. Updating file: /var/www/test/resources/Charts/04_NumEventsPerDay.php

(cache/img 디렉토리 이하 및  ossec alerts 로그 파일을 읽기 모드로 해야 하나, 본인은 귀찮아서 모든 권한 부여;;;)

root #] chmod -R 777 /var/www/html/ossec-dash/cache/*.* 

root #] chmod 777 /var/ossec/logs/alerts 

step3) Config

root #] vim /var/www/html/ossec-dash/resources/config.php

<?PHP $_siteTitle = "OSSEC Dashboard"; $_rootDirectory = "/var/www/html/ossec-dash"; $_ApacheRootDirectory = "/var/www/html"; $_EnableHTMLCaching = true;                                           $_HTMLCacheTTL = 300;                                                $_HTMLCacheDir = $_rootDirectory . '/cache/html';                     $_ImageCacheDir = $_rootDirectory . '/cache/img';                $_OSSecAlertsDir = '/var/ossec/logs/alerts';                           $_OSSecRulesDir = '/var/ossec/rules';                            $_DefChartImageWidth = 350;                                              $_DefChartImageHeight = 400;                                             $_ChartPHPDirectory = $_rootDirectory . '/resources/Charts';             require($_rootDirectory . "/resources/Classes/classes.php");              require($_rootDirectory . "/resources/Functions/functions.php");    ?>

step4) Result : http://host/ossec-dash/

<< 참고 URL >>

http://sourceforge.net/p/ossecdashboard/wiki/Installation/
http://sourceforge.net/projects/os-sim/

http://forums.alienvault.com/discussion/20/alienvault-ossim-v4-0-enhancement-summary

http://ddpbsd.blogspot.kr/2011/10/3woo-you-got-your-ossec-in-my-logstash_26.html

http://blog.rootshell.be/2011/04/15/my-ossec-dashboard/

http://securityonion.blogspot.kr/

http://minogi.egloos.com/1799358