Installing Observium on Security Onion
92 views
Skip to first unread message
Chris B
Sep 19, 2017, 2:32:16 PM9/19/17
to security-onion
Hello al,
I'm reaching out to see if anyone can point me to steps which may outline how to install and leverage observium on security onion.
I've followed all of the observium steps, however it appears security onion is restricting my ability to open observium as a subdomain.
Essentially I'd like to open observium as observium.mydomain.com
I'm certain its something easy, but it seems to be eluding me.
I've tried adding both a virtual host and an alias to the /etc/apache2/apache2.conf file, but this doesn't seem to work for me.
Here is the VirtualHost rules I'm trying to add:
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName observium.mydomain.com
DocumentRoot /opt/observium/html
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /opt/observium/html>
DirectoryIndex index.php
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerSignature On
</VirtualHost>
Would someone be able to point me in the right direction?
thank you very much for your help!
Chris
I'm reaching out to see if anyone can point me to steps which may outline how to install and leverage observium on security onion.
I've followed all of the observium steps, however it appears security onion is restricting my ability to open observium as a subdomain.
Essentially I'd like to open observium as observium.mydomain.com
I'm certain its something easy, but it seems to be eluding me.
I've tried adding both a virtual host and an alias to the /etc/apache2/apache2.conf file, but this doesn't seem to work for me.
Here is the VirtualHost rules I'm trying to add:
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName observium.mydomain.com
DocumentRoot /opt/observium/html
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /opt/observium/html>
DirectoryIndex index.php
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerSignature On
</VirtualHost>
Would someone be able to point me in the right direction?
thank you very much for your help!
Chris
Wes Lambert
Sep 19, 2017, 2:44:00 PM9/19/17
to securit...@googlegroups.com
Chris,
This isn't really relative to Security Onion (more Apache-related), but you may need to add your configuration instead to /etc/apache2/sites-available/, then use a2ensite to enable your config and make it available in /etc/apache2/sites-enabled/.
Thanks,
Wes
Chris
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Chris B
Sep 20, 2017, 2:41:55 PM9/20/17
to security-onion
Hi Wes,
I apologize, and thought so too, however I had already done the exact steps you indicated yet, I get a "This site can't be reached" error message.
so are the full steps on what I did.
1- I have an alias in DNS that points to the hostname of the server. (this resolves to the management IP on the server)
2 - I created a observium.conf file that has all of my VirtualHost rules in it.
3 - I enabled the site using: sudo a2ensite observium
4 - I then reloaded apache2 : sudo service apache2 reload.
When I browse the site in a browser, I get the above error. I have even gone as far as rebooting the server, and still no dice.
So based on your comments, it sounds like I did everything correct, yet nothing.
Is there anything else that might be blocking or restricting me from doing this within SO?
Thank you for your help!
Chris
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
>
> To post to this group, send email to securit...@googlegroups.com.
I apologize, and thought so too, however I had already done the exact steps you indicated yet, I get a "This site can't be reached" error message.
so are the full steps on what I did.
1- I have an alias in DNS that points to the hostname of the server. (this resolves to the management IP on the server)
2 - I created a observium.conf file that has all of my VirtualHost rules in it.
3 - I enabled the site using: sudo a2ensite observium
4 - I then reloaded apache2 : sudo service apache2 reload.
When I browse the site in a browser, I get the above error. I have even gone as far as rebooting the server, and still no dice.
So based on your comments, it sounds like I did everything correct, yet nothing.
Is there anything else that might be blocking or restricting me from doing this within SO?
Thank you for your help!
Chris
>
> To post to this group, send email to securit...@googlegroups.com.
Wes Lambert
Sep 20, 2017, 2:47:08 PM9/20/17
to securit...@googlegroups.com
Are you able to access other parts of Security Onion from a browser? Are you able to access the site locally? Have you allowed port 443 to your SO box via ufw or so-allow?
I wouldn't think SO would be blocking anything, except for connectivity to port 443.
Thanks,
Wes
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Chris B
Sep 20, 2017, 3:05:21 PM9/20/17
to security-onion
Yes sir, everything for SO operates fine. 443 is allowed, and I can access SO via SSL.
Even if I update my observium.conf. and change the port to *:80, I still get the same "This site cannot be reached" error. *head scratch*
I really appreciate you atleast walking through this with me.. thank you. this is a head scratcher for me.
If I do a wget of the page, I do get a connection refused..
Even if I update my observium.conf. and change the port to *:80, I still get the same "This site cannot be reached" error. *head scratch*
I really appreciate you atleast walking through this with me.. thank you. this is a head scratcher for me.
If I do a wget of the page, I do get a connection refused..
Chris B
Sep 20, 2017, 3:14:02 PM9/20/17
to security-onion
I figured it out.. and boy do I feel like a knucklehead..
I forgot to turn SSLEngine on in the observium.conf file. DOH!
Once again, thanks for walking through with my Wes!
Chris
I forgot to turn SSLEngine on in the observium.conf file. DOH!
Once again, thanks for walking through with my Wes!
Chris
Reply all
Reply to author
Forward
0 new messages