2 minute read

After completing pt.1 and pt.2 BIND, Apache and some permissions still need to be set before everything will work all hunky-dory.

Setting up DNS
Navigate to /etc/bind/
Edit the file ‘named.conf.local’
Add:
Zone “loc” {
Type master;
File “/etc/bind/loc.hosts”;
};


Create the file ‘/etc/bind/loc.hosts
Add:
$ttl 38400
loc. IN SOA serverName. Temp.invalid.com. (
2006081401
28800
3600
604800
38400 )
loc. IN NS serverName.
*.ocfa.loc. IN A IPAddress


where 'serverName' is the name of the DNS server, and 'serverIPAddress' is the address of the server running Apache (the IP you want to resolve to)

Save 'loc.hosts', and restart bind for good measure.
Update local machine DNS, and ping monkey.ocfa.loc
/etc/init.d/bind9 restart

Update the DNS servers on your local machine. Add the IP address of your newly created OCFA/DNS server. Now you should be able to ping any domain name from your local machine ending with 'ocfa.loc'

Try: 'ping monkey.ocfa.oc' - if you get a reply then DNS is working.
*Because it is a wildcard DNS entry anything ending with the ocfa.loc domain will resolve to the address assigned to the (server's IP address)

Apache and Permissions for the OCFA user
Before we being you will need to install some more packages to allow the cgi scripts to run. Install the following:
apt-get install libpg-perl libxml-dom-perl

Now to create a case you must log in as the newly created ocfa user.
*If you are use 'su' to switch to ocfa, make sure you use the 'su - ocfa' switch to load environment variables.

You will be prompted for a case name. Just to test lets use 'test'. The case should not have been created already, and you will get a message telling you to run 'createcase.pl'. Attempt to run this by typing 'createcase.pl test ocfa'.

At this point I have always gotten a 'permission denied' error. To remedy this, log in as 'root', and navigate to '/usr/local/ocfa(version)/'
Set permissions to 755 for the bin directory.
cd /usr/local/ocfa(version)/bin
chmod 755 *


Do the same for the following directories under 'ocfa(version)/': html, cgi-bin, sbin

Log back in as ocfa, and you should be able to run the script with 'createcase.pl test ocfa'. Now (as root) restart apache with '/etc/init.d/apache2 restart'

*If you are still getting a permission denied, make sure you are changing permissions on the files, and not on the directory itself.

Now you can open a browser on your local computer, and navigate to 'casename.ocfa.loc' where 'casename' is the case you just created. In this example I am using 'test.ocfa.loc'

You should get a page displaying the case name.

If you get a '500 - Internal Server Error' message, ensure the directories listed above are set to '755'. If permissions are correct, check '/var/log/apache2/error.log'.
Most of the errors I received were similar to this:
If error: “can’t locate Pg.pm in @INC (@INC contains: blab la) at /usr/local/ocfa2.1.1pl0/html/index.cgi line 20”

In cases such as this, it was usually a perl module that needed to be installed. Verify that you did install the 'libpg-perl libxml-dom-perl' packages. If so try searching google and the apt repositories for the cause of the error; 'Pg.pm' in this case.

If you were successful you should be able to access OCFA from a browser to view added evidence.

Please see singles labeled 'OCFAHowTo' for instructions on using the Open Computer Forensic Architecture to analyze evidence.