I am in the process of setting up a Prelude SIEM environnement. Although, Prelude have already a few good tutorials that takes you through the process of installing the various Prelude components, I lost quite some time on a technicality that I didn’t found documented especially for this case. Since I followed differents tutorials and none of them worked for me, I decided to write a post about the solution.
My problem was with Prewikka which is the Web-UI part of Prelude. It is written in Python and, on mainstream distributions, its installation is available on package managers as one simple package (# apt-get install prewikka). As described in every tutorial, it is commonly used with Apache. Configuring Prewikka as a virtual host is simply done by pointing requests to Prewikka CGI script and by setting a few path parameters. After enabling the virtual host and reloading Apache to consider the modifications, Prewikka is supposed to be working. This was not my case. I looked maybe at not default port or a specific path but it was not it.
I googled specifically on Apache and Prewikka (which was my mistake, since Prelude and Prewikka and not very popular) and got nothing to help me. Google, are you failing me? Not at all. At this point, i thought the problem was with Prewikka so I spent quite some time in that direction. After “chmod 777” gradually all files related to prewikka and its rendering, I looked in Apache errors for clues: nothing. This made sense since it didn’t seem to be an error as much as a bad behaviour. I found the bash script “prewikka-httpd” on my system and I used it to test Prewikka without Apache. It worked, so the problem was not related to Prewikka configuration but its rendering with Apache.
Finally I came around a Stack Overflow post with my problem, which is that the CGI script is not executed. By listing Apache modules on my system, I could see that the Apache module “cgi” was not listed. I enabled it and everything worked. This module enables the use of CGI script by interpreting as a CGI script any scripts that ends with “.cgi”.
I am surprised that this module is not loaded by default with Apache2 on Ubuntu 14.04. I know that I should have already took some time to understand Apache because it is a widely used Web server. But I never did because
it is too mainstream I see it has a very fat bloated beast and as a infosec student, I have always associated it with PHP which I am not a fan of.