OSSEC Web UI beta 2 available

The second beta version of oswui (ossec web ui) is available. It has numerous bug fixes (for all issues reported so far) and new features, including support for php5 and major design improvements made by Rafael Capovilla.

  • Download it from here.
  • Installation instructions below:

  • 1.0 – Prerequisites
    • -Apache with PHP (4.x or 5.x) installed.
    • -OSSEC (version >0.9-3) already installed.
  • 1.1 – Download the package (link)
  • 1.2 – Uncompress/untar it and move the files to somewhere acessible by your web server
    • # tar -zxvf ossec-wui-0.1-BETA2.tar.gz
      # mv ossec-wui* /var/www/htdocs/ossec-wui
  • 1.3 – Run the setup script
    • # cd /var/www/htdocs/ossec-wui
      # ./setup.sh
  • 1.4 – Add your web server user to the ossec group
    • # vi /etc/group
      ..
      From:
      ossec:x:1002:
      To (if your web server user is www):
      ossec:x:1002:www
  • 1.5 – Fix the permissions for the tmp directory and restart Apache (for the new permissions to work)
    • # chmod 770 tmp/
      # chgrp www tmp/
      # apachectl restart

    As the ossec-hids project, it is released under the GPL and donations are welcome.

    This entry was posted in ossec, ossec-ui. Bookmark the permalink.

    31 Responses to OSSEC Web UI beta 2 available

    1. sun gun says:

      when I install the WEB UI ,it prompt for user name and Password?
      where is it ? maybe my linux user name or the user for apache? or the ossec user?
      plz help

    2. Master21 says:

      these informations are that one you entered when executing ./setup.sh ;-)

    3. dcid says:

      As Master21 said, you need to use the username/password that you provided to the setup.sh script. Hope it helps..

      Daniel Cid

    4. xtz.info says:

      it’s possible for a next update to add a possible “whois” function,
      and view the “reponse-active” in progress?

    5. Emanuel says:

      Hello,

      Very nice program.. Thanks. Now my question is : I’ve installed ossec as server also installed the web UI beta2 on the same server everything worked.. now I”ve setup on another box ossec as agent.. how can I see on the first server with “server + UI beta” the logs from agent? it’s shows
      Available agents:
      +ossec-server (127.0.0.1)

      Thanks

      PS: I’ve imported the key from server to agent

    6. Emanuel says:

      UPS sorry my bad.. firewall was blocking ossec.
      Thanks

    7. dcid says:

      xtz.info:

      Yes, we are working on this :) Next version should be available soon with great new features.

      Emanuel:

      I am glad you figured it out. Let us know of any other problems…

      Daniel Cid

    8. xtz.info says:

      thx ;)
      (the search system with the javascript is a perfect tool)

    9. Pankaj says:

      I have installed Ossec server and client and UI with the default configuration.
      But I am getting ” No agent available.” in the main page.
      I am getting alerts on the Server if I try to do an SSH to the Ossec client with failed login attempts, but the same is not getting reflected on the UI.
      Please let me know, is there anything extra that needs to be done.

    10. Pankaj says:

      Hi Dan,

      Is there any way by whihc I can send you the config files of my client and server to check if anything else needs to be done to improve the current functionality of my OSSEC setup.

      Thanks,
      Pankaj P.

    11. ScottKnauss says:

      If you installed ossec in a directory other than the default, say /opt/ossec instead of /var/ossec, edit the ossec_conf.php and change the $ossec_dir variable to match.

    12. Jim says:

      What userid should we use when running the ./setup and it prompts for one? Do we need a new username or should we use the one we used to install OSSEC (e.g., OSSEC)?

    13. dcid says:

      Hi Jim,

      You can choose any username/password to access the web ui. It is only used for the http authentication (look at the .htaccess file)…

      Hope it helps.

      Daniel Cid

    14. When i ran ./setup.sh everything went fine, until i opened the ossec-wui folder in my webbrowser. Internal server error!
      Whats going on ? Somehow the setup.sh puts an -e in front of the generated .htaccess file. Remove them, and your set.

      Anyhow, some suggestions for the webui: (looks very good sofar!)
      * Graphs for the stats (perhaps the open source jpgraph? or ddtool ?)
      * Mouseovers explaining the rule’s on the stats page.

    15. bgamer says:

      hello all

      I’m a newbie using ossec e I’ve encoutered a problem I can’t fix…
      I’ve installed ossec 1.1 and UI beta 2, I have a server installed in Linux Fedora Core 6 and a agent running in windows xp. from the server web page all I get is “No Agent Available”.
      witdh ethereal, I notice that the agent tries to reach the server, and the firewall on Fedora isn’t running.
      Any Ideas ???
      Thanks in advance!!

    16. dcid says:

      Sexybiggetje:

      What operating system are you using? The “-e” is a valid argument to “echo” to print escaped characters (like n, r, etc). Maybe it is not working on your OS.

      bgamer:
      Was the agent able to connect (by doing a list_agents -c) or is it a problem in the ui? Did you follow the proper steps to add your apache user to the ossec group?

      Thanks,

      Daniel

    17. dcid, i just installed the new beta. im running ubuntu 6.10 server.

      Linux senbonzakura.sexybiggetje.nl 2.6.17-11-server #2 SMP Thu Feb 1 19:53:33 UTC 2007 i686 GNU/Linux

    18. bgamer says:

      Hello again Daniel,

      I’ve been trying to find out what could be my problem, and now I know that the problem is in the Wui.
      I’ve configured ossec and it is sending me mails with the messages from the agent. the command list_agents -c reveals that my agent is active, but the problem with the Wui still remains: “no agent available”.
      The user that I’ve added in the setup.sh was added in the ossec group just like is shown in the configuration guides. but i noticed that the Wui never asked me for the user login and password… is it normal???

      thanks a million!

    19. bgamer, is your webserver (i assume your running apache) capable of handling .htaccess and .htpasswd files ? And could you verify that those files are properly generated in your ossec-wui folder ?

    20. bgamer says:

      hello all

      my problems were fixed for now!!!

      thank you all for helping!

    21. MrT says:

      Great program, the web interface is very cool also, looking forwards to new developments.
      For those people having problems with windows clients communicating with server, try manually looking at the client.keys file on server and client and manually make these the same.
      The key on windows clients oddly seems to change from what was entered in the install screen..

    22. dcid says:

      MrT: Thanks for the compliment. You should check out the latest version of the ui:

      http://www.ossec.net/dcid/?p=54

      Thanks,


      Daniel B. Cid

    23. Pankaj M says:

      bgamer …I am facing the same problem what you had, can you please let me know what you did to resolve the same.

      I would be thanksful if someone help me in this as I am a Linux newbiee.

    24. Pankaj M says:

      Hello Group,

      I’ve been trying to find out what could be my problem, and now I know that the problem is in the Wui.
      I’ve configured ossec and it is sending me mails with the messages from the agent. the command list_agents -c reveals that my agent is active, but the problem with the Wui still remains: “no agent available”.
      The user that I’ve added in the setup.sh was added in the ossec group just like is shown in the configuration guides. but i noticed that the Wui never asked me for the user login and password… is it normal???

      thanks a ton!

    25. Pankaj M says:

      All I got the solution for this…

      there is a step missing in the installtion document..
      when you start installtion it ask for user name and password.

      Don’t give any username it should be your default apache user, in my case it was “apache”, open you httpd.conf for more details in this regard.

      So when you user the said user I bet it would work.

      Mail me on email2pankaj@yahoo.com if someone is having some trouble

      :-) cheers Guys

      +++++++++++++

      Lines from httpd.conf

      # If you wish httpd to run as a different user or group, you must run
      #pacheapache httpd as root initially and it will switch.
      #
      # User/Group: The name (or #number) of the user/group to run httpd as.
      # . On SCO (ODT 3) use “User nouser” and “Group nogroup”.
      # . On HPUX you may not be able to use shared memory as nobody, and the
      # suggested workaround is to create a user www and use that user.
      # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
      # when the value of (unsigned)Group is above 60000;
      # don’t use Group #-1 on these systems!
      #
      User apache
      Group apache

      #
      =========================================

    26. frankh says:

      I can get the web UI inststalled, but it is not working. I get:
      ******
      Unable to access ossec directory.
      ******

      I don’t know what to use for the username and password during the setup steps. I’ve tried root and the root password, but that didn’t help. I tried ‘apache’ and a blank password but that didn’t help either. I’m installing this on Ubuntu Server 7.10. I have managed to get a Windows Agent installed on a client and it is registering with the server.

    27. dcid says:

      frankh: During the setup steps, you can choose any username/pass you want. You will basically create an user to access the ui.

      Hope it helps.

    28. frankh says:

      OK, did some digging, installed Webmin so that I could easily see which users were using which files and found that for Ubuntu Server, or at least mine, Apache runs as ‘www-data’. I modified the /etc/group file to ossec:x:1001:www-data
      restart apache and boom! I’ve got WebUI. I think that I may have a mental condition because I get an endorphin rush out of figuring stuff out.

    29. dcid says:

      frankh: Awesome! I am happy it is working fine now…

    30. Mike S. says:

      Ubuntu Gutzy
      Apache2
      /etc/group ‘ossec:x:1001:www-data’ finally worked.

      Thank you, Frankh

    31. Dave says:

      I’ve tried all the above steps and still no luck when trying to access the wui search tab in particular. Keep getting the:

      Warning: fopen(./tmp/output-tmp.1-0-aed0aa91ac468a1f3b426e7759245c71.php) [function.fopen]: failed to open stream: Permission denied in /var/www/ossec-wui-0.3/lib/os_lib_alerts.php on line 39

      error. Any ideas?

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>