IPAudit Guide


  1. This is a relatively simple installation guide to install IPAudit onto an Ubuntu 5.10 server.
  2. This guide is tested on IPAudit-web-1.0beta9 source code and Ubuntu 5.10 server.
  3. This guide utilizes IPAudit to monitor a network bridge using eth1 & eth2.
  4. NOTE - optional packages include: cron-apt, ntp-simple, iftop. These may be left out of the installation, but I recommend them.
  5. The "system time" versus "packet time" is important for IPAudit to function properly...please use some sort of NTP package.
  6. Commands shown in a black box must be executed in the Putty terminal window.
  7. Text shown in the dashed boxes must be entered into the file mentioned in the instructions.
  8. "Copy" is accomplished by a left-click on the mouse and dragging to highlight text.
  9. "Paste" is accomplished by a right-click on the mouse. Pasted items appear below the cursor postion.


  1. Install Ubuntu 5.10 using "server" mode and chose appropriate settings to reflect your network requirements during the installation.

  2. This guide uses eth0 as the primary interface with a LAN IP address, while eth1 & eth2 are used for the bridge.

  3. Leave the installation CD in the drive until all packages are installed.

  4. Once the installation of Ubuntu is finished, login as the user created during the install.


  5. Allow remote access via SSH: 

      sudo apt-get install openssh-server

  6. From a remote workstation use Putty to open an SSH connection to the Ubuntu server. Use a full-screen shell to aviod any line-wrap problems. Login as the user created during the install and issue the following commands to update the sources.list file:

      7. sudo nano /etc/apt/sources.list
    • Remove the comment mark # in the following lines to read as shown below:
      • deb http://us.archive.ubuntu.com/ubuntu breezy universe
deb-src http://us.archive.ubuntu.com/ubuntu breezy universe

deb http://security.ubuntu.com/ubuntu breezy-security universe
deb-src http://security.ubuntu.com/ubuntu breezy-security universe
    • Save the file

  7. Install the necessary packages:

      8. sudo apt-get update
sudo apt-get install build-essential gnuplot apache2 libtime-modules-perl cron-apt
sudo apt-get install libapache2-mod-perl2 ntp-simple iftop bridge-utils libpcap0.8-dev

  8. Create a network bridge using eth1 & eth2:

      9. sudo ifconfig eth1 0.0.0.0
sudo ifconfig eth2 0.0.0.0
sudo brctl addbr bridge
sudo brctl addif bridge eth1
sudo brctl addif bridge eth2
sudo ifconfig bridge up
sudo brctl show

  9. Write an init script to bring up the network bridge during bootup:

      10. sudo nano /etc/init.d/bridge

      #! /bin/sh
# /etc/init.d/bridge
#

# On startup configure a network bridge using eth1 & eth2
case "$1" in
  start)
    echo " * Configuring network bridge..."
      ifconfig eth1 0.0.0.0
      ifconfig eth2 0.0.0.0
      brctl addbr bridge
      brctl addif bridge eth1
      brctl addif bridge eth2
      ifconfig bridge up
      ;;
  stop)
    echo " * Removing network bridge..."
      ifconfig bridge down
      brctl delif bridge eth1
      brctl delif bridge eth2
      brctl delbr bridge
      ;;
  *)
    echo "Usage: /etc/init.d/bridge {start|stop}"
    exit 1
    ;;
esac

exit 0
    • Save the script

  10. Make the script executable and update rc.d:

      11. sudo chmod 755 /etc/init.d/bridge
sudo update-rc.d bridge defaults

  11. Now enable suexec for Apache2:

      12. cd /etc/apache2/mods-enabled
sudo ln -s /etc/apache2/mods-available/suexec.load suexec.load

  12. Edit the Apache2 configuration file :

      13. sudo nano /etc/apache2/apache2.conf
    • Add the following lines:
      • <Directory /home/*/public_html>
AllowOverride All
Options MultiViews Indexes Includes FollowSymLinks
Order allow,deny 
Allow from all
</Directory>

<Directory /home/*/public_html/cgi-bin>
Options +ExecCGI -Includes -Indexes
SetHandler cgi-script
</Directory>
    • Save the file

  13. Restart Apache to ensure no errors exist:

      14. sudo apache2ctl restart

  14. Add the ipaudit user and supply a password: 

      sudo adduser ipaudit

  15. Change user and directory and begin the download (use the appropriate filename as it's updated by the developers):

      16. su ipaudit
cd /home/ipaudit
wget http://voxel.dl.sourceforge.net/sourceforge/ipaudit/ipaudit-web-1.0BETA9.tar.gz

  16. Untar the newly downloaded package and change into the extracted "compile" directory:

      17. tar zxvf ipaudit-web-*.tgz
cd ipaudit-web-*/compile

  17. Execute the configure script & run make. Change users and run make install then exit that user:

      18. ./configure
make
su  (to user created at install)
sudo make install
sudo make install-cron
exit (back to ipaudit user)

  18. Edit the ipaudit-web.conf file to read as follows:

      19. $ nano ipaudit-web.conf
    • Edit these two lines and use an IP range suitable for your network and the appropriate bridge name:
      • LOCALRANGE="192.168.1"
INTERFACE=bridge
    • Save the file

  19. Create the ipaudit.conf configuration file:

      20. cd /home/ipaudit
nano ipaudit.conf
    • Add only this line to disable promiscuous mode:
      • promisc off
    • Save the file

  20. Limit access to the web reports:

      21. cd /home/ipaudit/public_html/cgi-bin
nano .htaccess
    • Add these lines to the newly create .htaccess file:
      • AuthType Basic
AuthName IPAUDIT
AuthUserFile /home/ipaudit/public_html/cgi-bin/passwd
require user (user created at install - or other users)
    • Save the file

  21. Set the passwords for the above mentioned user:

      22. htpasswd -c passwd (user created at install)
htpasswd passwd (- or other users)

  22. Exit and restart Apache:

      23. su (to user created at install)
sudo apache2ctl restart
exit

  23. Open a browser to: http://ip-address/~ipaudit



At this point, you might want to restart the machine to ensure everything is working correctly. Links:


IPaudit

Public forum for help