IPAudit installation and configuration (step by step guide)

nasacis · Post by **nasacis** » Wed Jul 30, 2008 3:13 pm

IPAudit
IPAudit is a handy tool that will allow you to analyze all packets entering and leaving your network. It listens to a network device in promiscuous mode, just as an IDS sensor would, and provides details on hosts, ports, and protocols. It can be used to monitor bandwidth, connection pairs, detect compromises, discover botnets, and see whos scanning your network

Installing and Configuration

pre-installation check list
libpcap
Perl
Apache
GNUplot
perl module Time::ParseDate
you have installed all above mention packages then you are ready to begin install IPAudit

step-1.Become root on your system and create a user called "ipaudit". It will need a
valid shell and home directory (typically /home/ipaudit, which will be used in this
article for simplicity). Now switch to the newly created "ipaudit" user.

step-2. download and unpack the package
wget http://prdownloads.sourceforge.net/ipau ... z?download
tar zxvf ipaudit-web-1.0BETA9.tar.gz

step-3. change to the comile directory
cd ipaudit-web-1.0BETA9/compile

Step-4. execute the configure script and run make:
$ ./configure
$ make

Step-5. become root and execute the make install commands:
$ su -
Password:
# make install
# make install-cron
# exit (Leave root and become ipaudit user again)

Step-6. now you will need to edit /home/ipaudit/ipaudit-web.conf
LOCALRANGE=127.0.0
INTERFACE=eth1

Change the LOCALRANGE variable to your local subnet on the inside of your network.
Also be certain to set the INTERFACE variable to the interface that you have setup to
capture the desired traffic on your network.

Step-7a. add the following lines to your Apache httpd.conf file if they do not already exist:

<Directory /home/*/public_html>
AllowOverride All
Options MultiViews Indexes Includes FollowSymLinks
Order allow,deny
Allow from all
</Directory>

<Directory /home/*/public_html/cgi-bin>
Options +ExecCGI -Includes -Indexes
SetHandler cgi-script
</Directory>

setp-7b. search the following lines to your apache configuration file and comment the
first line and uncomment second line
UserDir disable # first line
UserDir public_html # second line

NOTE:
Your Apache server will need to support SUEXEC, Mod_Perl, and Mod_Userdir. Once you have
modified the Apache configuration restart your Apache server and for more details on
the IPAudit-Web installatio, see INSTALL file

setp-8. check your installation
Open a web browser and go to:
http://<your web server>/~ipaudit/

If your installation was successful you should now see a screen like graphs

Regards