How to install IP-Audit-Web 1.0 on OpenBSD 4.5

Posted on 2009/05/29 by Balazs

IP audit web is an excellent tool to monitor traffic on a given interface, and create daily and monthly statistics. It is really made of 2 components: – IPAudit – IPAudit-web As of this writing the latest version is IPAudit-Web-1.0BETA9. It contains both packages bundled.

Here are the steps to follow:

wget http://umn.dl.sourceforge.net/sourceforge/ipaudit/ipaudit-web-1.0BETA9.tar.gz
tar xvzf ipaudit-web-1.0BETA9.tar.gz
cd ipaudit-web-1.0BETA9/compile/src
vi ipaudit.c

Add anywhere near the top #define DLT_LINUX_SLL 113 (this is needed because for some reason DLT_LINUX_SLL is not defined by the configure sript. Now you can continue as usual:

cd ..
./configure
make
sudo useradd -m ipaudit
sudo make install
sudo make install-cron

Because IPAudit needs to run perl cgi scripts, we need to make some changes to the way apache is started, as well as the apache configuration.

sudo vi /etc/rc.conf

Change the httpd parameter to httpd_flags="-u". (You will need to kill apache, and restart it with httpd -u manually for the jail to be suppressed immediately.

sudo vi /var/www/conf/httpd.conf

And add

# IP Audit settings

Redirect /~ipaudit/ http://athena.thenewpush.com/ipaudit/
Alias /ipaudit /home/ipaudit/public_html
<Directory /home/ipaudit/public_html>
    AllowOverride FileInfo AuthConfig Limit
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS PROPFIND>
        Order allow,deny
        Allow from all
    </Limit>
    <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
        Order deny,allow
        Deny from all
    </Limit>
</Directory>

Once that is done, restart apache:

sudo apachectl restart

Now we also need to adjust the cron, because openbsd is picky about who can see the interfaces in promiscous mode. Therefore we will run the cron with sudo. First, we adjust the sudoers file:

sudo visudo

And we add:

ipaudit ALL=(ALL)       NOPASSWD:/home/ipaudit/cron/cron30min,/home/ipaudit/cron/cron30min,/home/ipaudit/cron/crondaily,/home/ipaudit/cron/cronclean,/home/ipaudit/cron/cronweekly,/home/ipaudit/cron/cronmonthly

Next we modify the crontab:

sudo crontab -e -u ipaudit

And we change it as follows:

0,30 * * * * sudo /home/ipaudit/cron/cron30min
15 0 * * *   sudo /home/ipaudit/cron/crondaily
15 1 * * *   sudo /home/ipaudit/cron/cronclean
45 1 * * 0   sudo /home/ipaudit/cron/cronweekly
45 2 1 * *   sudo /home/ipaudit/cron/cronmonthly

Now we need to modify the config slightly:

sudo su - ipaudit
vi ipaudit-web.conf

And we adjust change CGI_BIN=/ipaudit-cgi and PidFile=/home/ipaudit/run/ipaudit.pid (we cant use $IP_DIR here as it wouldn’t get expanded).

Finally, we need to fix the links in the generated html files:

cd public_html
for i in `ls`;  do perl -p -i~ -e 's/~ipaudit/cgi-bin/ipaudit-cgi/g' "$i"; done
for i in `ls`;  do perl -p -i~ -e 's/~ipaudit/ipaudit/g' "$i";  done

This entry was posted in OpenBSD and tagged . Bookmark the permalink.

NewPush has solutions to fit your business needs.  For more than a decade, our focus has been to take on the technical challenges that are the hardest and most time-consumming.  Our goal is to free up your resources to focus on the core activities of your business and to drive your business performance.  Please visit our main site at newpush.com for more information or call us at +1-303-423-4500.