Syslog Management Tool(SMT) & Security FrameWork(SecFrame)

Syslog Management Tool(SMT) & Security Framework(SecFrame)

Main Version 2.0 Info F.A.Q Installation Documentation Downloads LICENSE Innovation Screen Shots CVS(Subversion) Mailing Lists

Installing Security Framework & SMT

Realize that my software by default wants to go into /opt/apache/htdocs/login. If this does not work, you will have to hand edit files till I create an install script.

SMT & SecFrame both strongly want to run over SSL. However you can setup your apache listener to run on port 444 instead of port 80. My code checks for Port 443 or greater else you get the 'Must access over SSL error'.

Step 1. Install PostGreSQL

I HIGHLY recommend PostgreSQL V8.1. Older versions will slowly suck up disk space without proper maintenance.

Step 2. Create 'secframe' user and 'securityframework' database as user 'secframe'.

Step 3. Create 'msyslog' user and 'TSyslog' database as user 'msyslog'.

Step 4. Install Apache w/ PHP w/ PostgreSQL Support, & Mod_Auth_PGSQL

Apache should have PHP where PHP has PostGreSQL support.

Step 5. Install PHP cli w/ PostgreSQL Support

Installl php binarie into /opt/bin

Step 6. Edit your apache.conf

Find the 'directory' stanza in your config and Set the 'AllowOverride' to 'AuthConfig'.

Step 7. Edit your php.ini file

Change the sendmail path and provide a proper 'from' address that SMT can send from. MOST MAIL SYSTEMS WILL NOT ACCEPT MAIL IF THE DOMAIN DOES NOT RESOLVE!
sendmail_path = -path-to-sendmail-/sendmail -i -t -fmailfromsmac@yourdomain.com

Change how long PHP will let an Apache/PHP script run before it kills it. We want this set longer so things like 'clearing a stale processor' work.
max_execution_time = 7200

Some things in SMT can use a lot of memory if someone is dumb enough to request a really large block of data to view. Set the memory limit to something reasonable.
memory_limit = 16M

Turn on ASP tags(yes yes, bad form... I'm fixing them...)
asp_tags = On

Have PHP register global variables for HTTP variables. (OPTIONAL)Only due this if you want your SMT install to require SSL!
register_globals = On

Step 8. Under your htdocs root, create a 'login' directory.

Step 9. cd into the 'login' directory.

Step 10. Untar secframe software

Step 11. edit the -path-to-your-htdocs-root/login/lib/secframe.php file and provide the password you used for 'secframe';

Step 12. edit the -path-to-your-htdocs-root/login/admin/.htaccess file, change the Auth_PG_pwd entry to the password you used for 'secframe';

Step 13. cat admin/data/pgsql.secframe | -path-to-your-pgsql-bin-dir/psql -U secframe securityframework

Step 14. Untar smt software

Step 15. edit the -path-to-your-htdocs-root/login/.htaccess file, change the Auth_PG_pwd entry to the password you used for 'secframe';

Step 16. edit the -path-to-your-htdocs-root/login/smt/.htaccess file, change the Auth_PG_pwd entry to the password you used for 'secframe';

Step 17. cat -path-to-your-htdocs-root/login/smt/data/pgsql.secframe | -path-to-your-pgsql-bin-dir/psql -U secframe securityframework

Step 18. cat -path-to-your-htdocs-root/login/smt/data/pgsql.msyslog | -path-to-your-pgsql-bin-dir/psql -U msyslog TSyslog

Step 19. If you are using mod_auth_pgsql, you will need to run -path-to-your-htdocs-root/login/admin/data/convertpw.php!.

convertpw.php converts all passwords in the SecurityFramework to MD5SUMS. The default username & password for the Security Framework is 'sample' user with a password of 'password'.

Step 20. append -path-to-your-htdocs-root/login/smt/scripts/crontab/root to the appropriate crontab file.

This will turn on the scheduled services that are *needed* to maintain the SMT system as well as enable the monitoring processes

Step 21. Create some status files for SMT to send debug info to. By default scripts look for /tmp/webresults.html.*

Create three or four for a low volume system. Large databases will want maybe 200-500 files. This lets you go back and look at the debug for historical info. A SMT process will dump any debug output to a file for you to look at. Now why not let cron just email you? SMT can be very verbose relative to debug information. Besides, who wants a 300K email everytime SMT runs a set of logs?

Step 22. Install modular syslog w/ PostGreSQL support.

Install the modular syslog archive in -path-to-your-htdocs-root/login/smt/data directory

Step 23. Edit your syslog.conf to send EVERYTHING, yes EVERYTHING TO PGSQL.

ie. *.* %pgsql -s localhost -u msyslog -p --msyslog-user-password-goes-here -d TSyslog -t TSyslog

Step 24. Restart syslog

WARNING NESSUS CAN CAUSE TARGET SYSTEMS TO HARD LOCK AND CRASH, POSSIBLY CAUSING DATA LOSS, USE AT YOUR OWN RISK

Step 25. One last recommendation: USE AT YOUR OWN RISK Run Nessus against your SMT system to let you know if you left any security holes wide open.

Step 26. (Optional)For those using mod_auth_pgsql, setup your .htaccess file in your /login directory

AuthName "System Login"
AuthType basic
Auth_PG_host 127.0.0.1
Auth_PG_port 5432
Auth_PG_user secframe
Auth_PG_pwd PASSWORDGOESHERE
Auth_PG_encrypted on
Auth_PG_hash_type MD5
Auth_PG_nopasswd off
Auth_PG_database securityframework
Auth_PG_pwd_table SecFrame_TLogin
Auth_PG_uid_field TLogin_Username
Auth_PG_pwd_field TLogin_Password
<LIMIT GET POST>
require valid-user
</LIMIT>

Step 27. Visit your SMT install!

Run http[s]://[ip/name of server]/login/smt/

Last Modified: 8:25:00pm CST - 5/22/2006
For help write to: smt-AT-dangermen.com