0

I'm trying to setup the OSSEC web UI on a fresh installation of OSSEC on Ubuntu 15.04 Server Edition. I setup the server with the default LAMP stack and OSSEC HIDS seems to have installed successfully. When I try to install the OSSEC Web UI, I follow all of the instructions without any errors, but when I try to go to server ip address: http://10.17.0.21/ossec-wui, I get a 404 error. Any help troubleshooting this would be greatly appreciated!

(If I need to wipe the server and start fresh, I'm fine doing so, this is a new installation without any data or configs in it yet.)

Udpate Just a bit more information to follow up:

I'm pretty new to working with apache, so I might be screwing something very basic up. I followed the documentation found in the readme here: https://github.com/ossec/ossec-wui

It appears that it didn't actually configure apache to display the site. I have tried to manually setup the site's config file in /etc/apache2/sites-available/OSSEC-WUI.conf. I also setup a symbolic link to it in /etc/apache2/sites-enabled/. Here's the contents of the OSSEC-WUI.conf file:

<VirtualHost OSSEC:80>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    #ServerName www.example.com


    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/htdocs/ossec-wui/
    <directory /var/www/htdocs/ossec-wui/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
    </directory>

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Update 2 After editing /etc/apache2/apache2.conf, I'm now getting a 403 Forbidden error, instead of a 404. Not sure if this is progress...

Thanks in advance for your help!

Joseph Odell
  • 11
  • 3
  • 1
    This could be several things, but I would first check the apache configuration for enabled sites, and the setup in /var/www to ensure everything matches. Then check your logs. Once you've checked logs and narrowed down the problem, update your question and we may be able to help. – glallen Aug 08 '15 at 18:13
  • This isn't an InfoSec question but a server config question. – schroeder Aug 09 '15 at 02:49
  • As a work around, I've put in a symbolic link from the directory that I can't seem to get to change to the directory that I want. I have to have go to domain/ossec-wui to see the site, but that's not too bad. – Joseph Odell Aug 13 '15 at 02:05

0 Answers0