Host Based Intrusion Detection on ISPConfig3

Discussion in 'Installation/Configuration' started by sheshes, Apr 1, 2013.

  1. sheshes

    sheshes Member HowtoForge Supporter

    I am trying to follow the how-to guide Host Base Intrusion Detection to install samhain on already running ISPConfig 3.

    There is a part we I need to edit the samhain.conf in /etc/apache2/conf.d

    Usually this conf should have been created but I cannot see it. If I create a new conf and put only the lines suggested in the guide, I still can't view yule.html so i can continue further more.

    What am I doing wrong?
  2. zapyahoo

    zapyahoo Member

    Take a look at the apache error log. Usually helps to troubleshoot.
  3. sheshes

    sheshes Member HowtoForge Supporter

    already checked nothing that actually is informative in there.

    I think is better if I explained my setup better. I have an ISPConfig 3 server installation using multiple domains. The main FQDN domain that ISPconfig control panel is and I don't have any website setup on it.

    With mydomain I can access the ISPConfig control panel and phpmyadmin.

    I want to make the same as phpmyadmin uses i.e

    I hope this info helps
  4. zapyahoo

    zapyahoo Member

    How different is your samhain.conf when compared to phpmyadmin.conf file?
    Maybe if you take a look at the phpmyadmin file you can create samhain.conf with the necessary alias and folder path corrections.
  5. sheshes

    sheshes Member HowtoForge Supporter

    Firstly, samhain.conf isn't created when installed the software. I have to recreate it.

    I did copying phpmyadmin.conf to samhain.conf and fixed the alias and directory but still nothing!

    Also I notice that yule cannot start without giving any error or write anything in the logs.
  6. zapyahoo

    zapyahoo Member

    I would try and fix the logging first... without that it's pretty hard to troubleshoot :(
  7. sheshes

    sheshes Member HowtoForge Supporter

    yeah I would do so myself as well, if only I knew how!

    I think the only person who can answer this thread is falko who written the Host Based Intrusion Detection tutorial, if that applies on an ISPConfig 3 running server and if on Ubuntu 12.10 there some additional adjustments needed to be done.

    Please falko....

Share This Page