Wednesday, July 18, 2007

Ourmon 2.7 Web Interface Configuration

I have previously installed ourmon 2.7 on FreeBSD that you can find here, since ourmon is great with all its meaningful graphs(of which I think it makes sense to network security analyzt instead of those I have seen in commercial systems(don't ask me which one) where all the graphs are generated on behalf of your management that has little or no value to us.

To get what I mean, you can check out the demo here -

http://jerry.cat.pdx.edu/ourmon/

After the installation via unofficial FreeBSD port that offered by Jim Binkley, we can now moving to setup and configure our web server so that we can view our statistical data via web interface, here's the step by step -

Installing apache 1.3 using FreeBSD port -

shell>pkg_add -vr apache

Add these two lines to /etc/rc.conf -

apache_enable="YES"
apache_flags=""

Then edit apache configuration file which is /usr/local/etc/apache/httpd.conf, you have to change the values below to where ourmon data is stored -

DocumentRoot "/usr/local/www/data/ourmon"



AllowOverride All

Since those data are sensitive, therefore we need at least basic authentication to read the data, I use .htaccess for this matter, just create .htaccess file and put in /usr/local/www/data/ourmon, the file shoud look like this -

AuthName "Access Denied!"
AuthType Basic
AuthUserFile /usr/local/mrourmon/.htpasswd
Require valid-user

Last I generate .htpasswd with the command -

shell>htpasswd -c -b /usr/local/mrourmon/.htpasswd trinity matrix

The user I have just created is trinity and the password is matrix. By now we can start apache -

shell>apachectl start

Just launch the web browser and point it to the box that running ourmon will do. You will see the similar web interface like the demo above. Please keep in mind this is not the best deployment but quick example to get it work.

Enjoy ;]

3 comments:

Anonymous said...

I've tried following your blog posts to install Ourmon 2.7 on FreeBSD 6.2 and think I have it installed correctly, since I'm seeing text data in /usr/local/mrourmon/tmp.

ls -l
total 8
-rw-r--r-- 1 root wheel 0 Nov 17 13:45 emaildump.txt
-rw-r--r-- 1 root wheel 220 Nov 17 13:45 irc.txt
-rw-r--r-- 1 root wheel 2860 Nov 17 13:45 mon.lite
-rw-r--r-- 1 root wheel 0 Nov 17 13:45 p2pfile.txt
-rw-r--r-- 1 root wheel 176 Nov 17 13:45 syndump.txt
-rw-r--r-- 1 root wheel 0 Nov 17 13:45 tcpworm.txt

However, when I use the web browser I see red X's where the graphs should be, and text files like portreport.txt are missing as well.

http://192.168.1.109/portreport.txt gives a page not found error.

I can't even find them on the system when searching /.

Do you know how I can get this working?

Anonymous said...

Actually after messing around not doing any change control, I left and came back and it's working now so I have no idea what I did, but it works! Hopefully it will stay that way. :o

geek00l said...

hi anonymous,

That's correct, by default the file is not there because you need the data propagation in order to create that file. Imagine just like snort won't create any alert file if nothing triggers the rule signature.

This behavior is correct because you don't need to do anything but wait.

Cheers ;]