ossec / ossec-wui Goto Github PK

When you select a location, a period or different parameters in the search section
it would be interresting to export the Report in a file.
Pdf or html format will be great.
Thanks

The following link is dead in the README.md file.

1.1- Download the web ui package:
# wget http://www.ossec.net/files/ui/ossec-wui-0.3.tar.gz

hello Gitters.

I stay using the last version, and when I add a first agent the Main Screen then fail.

I get this log.

PHP Fatal error: Uncaught Error: Call to undefined function split() in /var/www/html/lib/os_lib_agent.php:111\nStack trace:\n#0 /var/www/html/site/main.php(33): os_getagents(Array)\n#1 /var/www/html/index.php(126): include('/var/www/html/s...')\n#2 {main}\n thrown in /var/www/html/lib/os_lib_agent.php on line 111

how solve then?

Thanks.

Yoinier.

After the update to OSSEC v2.8 I'm getting this message:

Unable to access ossec directory.

Nothing else has changed. Path is still /var/ossec

I am trying to install Ossec UI on a Cent OS. After the intsallation, i get an interface that reads,

Unable to include file: 'ossec_conf.php'.
Internal error. Try again later.

Kindly help me resolve this

Hi,

I have tried updating v.0.3 to the latest 0.9 but unfortunately once installed it shows only 1 latest alert on the main page instead of default 1000 configured.
setup.sh has also been run.

Have I missed something?

If selinux is enabled, ossec-wui is normally unable to access various ossec log files. One way to fix this is to install a selinux targeted policy.

module ossec-wui 1.0;

require {
    type var_log_t;
    type httpd_t;
    type var_t;
    class file { read getattr open };
}

#============= httpd_t ==============
allow httpd_t var_log_t:file read;
allow httpd_t var_t:file { read getattr open };

The above would go into a TE file (/etc/selinux/targeted/ossec-wui/ossec-wui.te) and then installed using:

checkmodule -M -m ossec-wui.te -o ossec-wui.mod
semodule_package -o ossec-wui.pp -m ossec-wui.mod
semodule -i ossec-wui.pp 

What could cause this?

I ran these commands:

sudo apt-get install build-essential gcc make apache2 libapache2-mod-php7.2 php7.2 php7.2-cli php7.2-common apache2-utils unzip wget sendmail inotify-tools
git clone https://github.com/ossec/ossec-wui.git
sudo mv ossec-wui /var/www/html/ossec
cd /var/www/html/ossec
sudo ./setup.sh
reboot

I need to export the Ossec report from server or webpage. Any one Please help me how can i do that?

nginx.org

be nice to know with HTTP servers are supported,
retired dev ebuilds are dead , so having to RE-create them from scratch so for use case flaggs , for gentoo , its a nice to know if ngix not supported it would be a nice to have.

Hey there,

It would be good to be able to create an Agent Auth Key from the WUI.

I have been able to successfully install ossec web UI. unfortunately it does not display any log or integrity checking logs. what could possibly be the issue.
attached are screenshots of the web UI

The rules links in ossec-wui are broken.
Version 0.8 links to http://ossec-docs.readthedocs.org/en/latest/search.html?q=rule-id-, but I cannot find any rule by searching on that documentation.
Ossec-wui 0.3 used to point to osse.net/wiki/index.php, but I get a 403 from those pages now.

Is there a page that lists and explains the default rules? Or has this functionality been removed?

i'd like to using nginx+php,how ?

I cloned ossec-wui from the repo and installed it on CentOS 6.6 with Apache 2.2 (latest version from the centos repo).
I followed the instructions in the README.

Yet, I get this error:
Results:
Total alerts found: 33
Nothing returned (or search expired).

In the http_error log I find dozens of these:
PHP Warning: fopen(./tmp/output-tmp.1-57-8cd5679a49c37a4583dfa34473436ab4.php): failed to open stream: No such file or directory in /var/www/html/ossec-wui/lib/os_lib_alerts.php on line 39

there's no tmp dir in /var/www/html/ossec-wui

the owner/group and perma of the /var/ossec/tmp dir however are:
root:apache and 770

selinux is disabled (set to permissive)

the temp file doesn't exist, nor does the tmp directory in the ossec-wui directory exist.
the whole ossec-wui directory (and its subdirectories) belong to root:root instead of apache:apache
maybe this is the problem?

dont know whether it can be fixed or not. but getting issue with ossec wui file.
due to that apache2 service wont be able to start. there are some mis-configuration happened while installing Ossec-wui.

need help to resolve the issue at the earliest.

Hi all,
i know that the Ossec WebUI project is currently dead, i would nevertheless post a solution for the above mentioned problem.
Since we tried the WebUI again out in the IPFire project --> https://forum.ipfire.org/viewtopic.php?f=50&p=125255#p125255 we discovered the problem that the stats.php and the search.php starts the time ranges at 1970 (epoch time) we find a work around with this diff:

--- /srv/web/ossec.orig/site/search.php	2019-06-10 12:58:12.516654796 +0200
+++ /srv/web/ossec/site/search.php	2019-06-10 12:48:30.129985517 +0200
@@ -28,7 +28,7 @@
 
 
 /* Initializing some variables */
-$u_final_time = time(0);
+$u_final_time = time();
 $u_init_time = $u_final_time - $ossec_search_time;
 $u_level = $ossec_search_level;
 $u_pattern = "";
diff -Nur /srv/web/ossec.orig/site/stats.php /srv/web/ossec/site/stats.php
--- /srv/web/ossec.orig/site/stats.php	2019-06-10 12:58:12.516654796 +0200
+++ /srv/web/ossec/site/stats.php	2019-06-10 12:48:30.106652183 +0200
@@ -29,7 +29,7 @@
 
 
 /* Current date values */
-$curr_time = time(0);
+$curr_time = time();
 $curr_day = date('d',$curr_time);
 $curr_month = date('m', $curr_time);
 $curr_year = date('Y', $curr_time);

We are using:
$ php -v PHP 7.3.6 (cli) (built: Jun 8 2019 13:33:53) ( ZTS DEBUG ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.6, Copyright (c) 1998-2018 Zend Technologies

Not sure if this might be a help for others. Would like to say a big thanks to the Ossec project and also to the done work for the WebUI .

Best regards,

Erik

The master branch is missing the following commits from the original bitbucket repository. They're in the hg/default branch though.

https://bitbucket.org/jbcheng/ossec-wui/commits/b4cf252936ce98509d4b0959dc51103ce33729c7

https://bitbucket.org/jbcheng/ossec-wui/commits/c373c2dd691a4b5d47eba673c7df1debc890379e

hi:
The main/search page of OSSEC-WUI is not showing information after upgrating PHP. Apache log is showing the next error:

PHP Fatal error: Uncaught Error: Call to undefined function split() in /var/www/html/ossec-wui/lib/os_lib_agent.php:111

Server data:
Debian 9, PHP 7.x and Apahe 2.4.

It seens that split() is not supported on the new PHP. I was able to fix the error changing the line 111 of /var/www/html/ossec-wui/lib/os_lib_agent.php from:

@list($_name, $_ip) = split("-", $tmp_file, 2);
to
@list($_name, $_ip) = explode("-", $tmp_file, 2);

The page can now be shown. Please to advice if the change is good.