Install and configure OSSEC ( Host-based Intrusion Detection System ) - By Subhash C

OSSEC is  used to meet PCI Compliance central logging and intrusion monitoring requirements with a free and self-managed solution. OSSEC monitors all types of logs such as syslog, apache, maillogs, mysql logs, ftp logs, and more.

1.     Deploying OSSEC core server:

# Wget  http://www.ossec.net/files/ossec-hids-2.7.tar.gz

2.       Extract the compressed OSSEC package and run the “./install.sh” script (It will guide you through the installation).

# tar -xvf ossec-hids-2.7.tar.gz 

# cd ossec-hids-2.7

# ./install.sh

The interactive installation begins and during this process it prompts for installation type either server or agent or local. However, installation path for OSSEC can be defined but by default it installs in (/var/ossec) directory. It is advised to select default settings and follow accordingly till the end of the installation. Finally, it is compiled and installed successfully according to the specification provided.

Select the language (in this example it is EN)

Select the type of installation as server

Accept the default folder, unless you want to change it:

Enable email notification by specifying the email address which will be used to send email alerts FROM:

If setup fails to determine your SMTP gateway automatically, you may specify it manually (change the IP as necessary to reflect your environment):

Enable integrity check daemon:

Enable rootkit detection daemon:

Whether or not you want to have “Active response” enabled is up to you. Although in prod environment, it can be quite risky.

We will not be using Syslog daemon feature in this example, so disable it.

OSSEC core server installation is now completed.

1.     Generating client keys

OSSEC server with the agent names in order to generate unique authentication keys required to bind the agent to the corresponding OSSEC server.

a. Firstly, create agents.TXT file containing the IPs and names separated by comma, of all target Linux Servers:

192.168.9.101,rwca1

...

…

….

Save:wq!

b. Place this file to /var/ossec folder on OSSEC server.

c. Now execute the following command: /var/ossec/bin/manage_agents -f /agents.txt

More info: http://www.ossec.net/doc/programs/manage_agents.html

1.    Start OSSEC Server


# /var/ossec/bin/ossec-control start
# /var/ossec/bin/ossec-control restart
#/var/ossec/bin/ossec-control stop  

2.     Install the OSSEC Agents

Follow above server installation steps, instead of server choose type agent

            # tar -xvf ossec-hids-2.7.tar.gz 

# cd ossec-hids-2.7

# ./install.sh

Select the type of installation as agent

3.     Add Agents to OSSEC Manager

To add an agent to an OSSEC manager with manage_agents you need to follow the steps below.

1. Run manage_agents on the OSSEC server.
2. Add an agent.
3. Extract the key for the agent.
4. Copy that key to the agent.
5. Run manage_agents on the agent.
6. Import the key copied from the manager.
7. Restart the manager’s OSSEC processes.
8. Start and restart the agent.

Follow online Guide: http://www.ossec.net/doc/manual/agent/agent-management.html#running-manage-agents-and-start-screen

4.     Verify successful installation of the agent

Then verify that the client has been installed successfully and communicating with the OSSEC server.

# tail –f /var/ossec/log/ossec.log

5.     Deploy OSSEC Web UI dashboard

Install PHP for OSSEC UI

#  yum install php-mysql php-devel php-gd php-pecl-memcache php-pspell php-snmp php-xmlrpc php-xml

# Start Apache:  /etc/init.d/httpd  start

# Configure Apache autostart: /sbin/chkconfig httpd on

# Restart Apache: /etc/init.d/httpd restart

Download OSSEC webUI module

# cd /var/ww/html/

#  Wget   http://www.ossec.net/files/ossec-wui-0.8-alpha-0.tar.gz

# tar –xvf ossec-wui-0.8-alpha-0.tar.gz

# mv ossec-wui-0.8-alpha ossec-wui

# Switch to the ossec-wui and run

./setup.sh -  specify user and password to protect Web UI.

# Add apache user to ossec group: 

Change permissions for /var/ossec/tmp directory:

# chmod 770 /var/ossec/ tmp/

# chgrp apache  /var/ossec/tmp/

# /etcinit.d/httpd restart

# /var/ossec/bin/ossec-control restart (restart the OSSEC server)

Access the OSSEC web portal: http://your-ip-address/ossec-wui

in the above URL replace your-ip-address with ip address where you installed ossec-wui

More info: http://www.ossec.net/wiki/index.php/OSSECWUI:Install

Install configure sophos antivirus on linux servers

Download sav-linux-xx-xxx.tgz 
from
( http://www.sophos.com )

after untar we will get dir "sophos-av"


install.sh
sav.tar
talpa.tar
uncdownload.tar


Run ./install.sh to install

-------------------------------
Configuration
---------------------------------


/opt/sophos-av/bin/savdstatus


/opt/sophos-av/bin/savdctl enable


Start stop restart disable service as normal linux service

/etc/init.d/sav-protect start

(or)

service sav-protect start


Scanning your computer
-----------------------

savscan /  ( we can use sophos enterprise console to scan all computers at once )

Scanning bootsectors
---------------------

savscan -bs=drivename

scanning masterboot record

savscan -mbr


Enable on reboot
---------------------
/opt/sophos-av/bin/savdctl enableOnBoot savd

Enable onaccess scanning
---------------------------
/opt/sophos-av/bin/savconfig query EnableOnStart

to enable onaccess scanning after reboot

/opt/sophos-av/bin/savconfig set EnableOnStart true


chkconfig --list  ( check if is starting on reboot )



Update sophos antivirus
---------------------------
/opt/sophos-av/bin/savupdate

Step by Step method to upgrade RHEL5 to RHEL6

First on current RHEL5 backup the list of packages installed just in case if you want to cross verify.

rpm -qa --queryformat "%{NAME}\n" | sort > /root/all_old_packages

--------------------------------
Check Selinux is enabled or not if enable disable it and uninstall it .

command used is

sestatus

SELinux status:                 disabled  ( in my case it is disabled )
---------------------------------
 vi /etc/inittab change to runlevel 3

id:3:initdefault:  ( mine is a server which is already in runlevel 3 )

-------------------------------------

remove old docs

rm -rf /usr/share/doc/HTML/*/docs/common ( this is mandatory else upgrade will fail)

-----------------------------------------

Now boot with RHEL6 DVD on boot menu press esc

then enter " linux upgradeany "

Follow instructions and you are done . IF you face any issues you can got to other run levels and check what caused failure. You can troubleshoot that issue and upgrade. During my installation i faced only one issue . That is the reason i have deleted old documents.

Step by Step method to install Media Wiki

Step-By-Step Installation Procedure of Mediawiki on Ubuntu Server 9.04 or Other Distribution as well (If it is rpm distribution replace aptitude/apt-get to yum)

Ubuntu installation using these commands:
aptitude Update
aptitude install apache2 mysql-server php5 php5-mysql mediawiki php5-gd -y

After installation Make sure that Apache is up and running

gedit /etc/apache2/apache2.conf 

(Note that it’s a good idea to back up any system configuration file before editing it. You can do so quickly by using sudo cp /etc/apache2/apache2.conf ~/Desktop to save a copy to your Desktop. You can of course use vi or emacs or the editor of your choice, but most new users seem to prefer gedit’s GUI.)

Once you are in gedit, add the following line to the end of the file:

AddType application/x-httpd-php .html 

Save the file and exit gedit.
Now we’ll need to prepare MySQL for use with MediaWiki. First, you’ll need to run MySQL’s install script:
sudo mysql_install_db
Once this is completed, log into the MySQL command-line client:
mysql -u root –p
Enter your MySQL root user password from above, and you’ll find yourself at the MySQL> local client prompt. First, create a database for MediaWiki to use:
CREATE DATABASE mediawiki;
(Note that all commands entered in the MySQL local client must end with a semicolon to denote the end of the statement.)

Once the database is created, you’ll need to create a database user so MediaWiki can access your newly created database. While still in the MySQL command line client, type this:

CREATE USER mediawikiuser; 

Then create a password for your new user (note that your password will actually go within the quotation marks, and is case-sensitive):

SET PASSWORD FOR mediawikiuser = PASSWORD(“password”); 

Now that you’ve got your MediaWiki database and your MediaWiki database user, you’ll need to grant the user all permissions on the database (again, the password goes within the quotation marks, and is case sensitive):

GRANT ALL PRIVILEGES ON mediawiki.* TO mediawikiuser@localhost IDENTIFIED BY ‘password’; 

(Make sure to append “@localhost” to mediawikiuser; otherwise you might get a database error later on when MediaWiki tries to run its installation script.)
Configure MediaWiki
gedit /etc/mediawiki/apache.conf
Remove the '#' on the third line so that line reads:

Alias /mediawiki /var/lib/mediawiki

/etc/init.d/apache2 restart
http://localhost/mediawiki ( Follow up the Index page Configuration U need to give the database username and password etc)
Note: makesure user the username, password and Database should be correct

Step by step Method to install OpenNMS

Note: Make sure snmp is already installed on the Server. If not run

apt-get install snmpd -y 

Add the OpenNMS Repository to Your sources.list

deb http://debian.opennms.org stable main
deb-src http://debian.opennms.org stable main 

Add the OpenNMS PGP Key to APT

wget -O - http://debian.opennms.org/OPENNMS-GPG-KEY | sudo apt-key add - 
apt-get update 

(or)

apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 4C4CBBD9
apt-get update

Installing PostgreSQL

apt-get install postgresql-8.3  

Modify pg_hba.conf file in /etc/postgresql/8.3/main/ 

comment all other lines in this file.

local   all         all                               trust
# IPv4 local connections:
host    all         all         127.0.0.1/32          trust
# IPv6 local connections:
host    all         all         ::1/128               trust
host    all         all         192.168.1.0           255.255.255.0 trust     <=== Double check 192.168.1.0 it can be 10.10.20.0

Edit postgresql.conf to Allow TCP/IP Connections

vi /etc/postgresql/8.3/main/postgresql.conf 
Uncomment following line 
listen_addresses = 'localhost' 

Restart the Postgresql Database

/etc/init.d/postgresql-8.3 restart 

Installing OpenNMS

apt-get install opennms 

we need to set opennms home in /etc/environment

add the following line
OPENNMS_HOME=/usr/share/opennms 
execute the following command for setting OPENNMS_HOME for existing session 
export OPENNMS_HOME=/usr/share/opennms 

Before you can run the post-install, OpenNMS needs to be configured to use an appropriate Java Runtime Environment (JRE). The OpenNMS tool runjava is used to set this up, and it can either search for a suitable JRE or you can tell it exactly which JRE to use.

# /usr/share/opennms/bin/runjava -s 

This tool will setup the opennms database within PostgreSQL among other things.

# /usr/share/opennms/bin/install -l /usr/local/lib -dis 

you should see similar output after executing above command

- checking table "qrtz_fired_triggers"...
- checking table "qrtz_fired_triggers"... CREATED
- granting access to 'qrtz_fired_triggers' for user 'opennms'... DONE
- checking table "qrtz_scheduler_state"...
- checking table "qrtz_scheduler_state"... CREATED
- granting access to 'qrtz_scheduler_state' for user 'opennms'... DONE
- checking table "qrtz_locks"...
- checking table "qrtz_locks"... CREATED
- granting access to 'qrtz_locks' for user 'opennms'... DONE
- creating tables... DONE
- inserting initial table data for "categories"... OK
- inserting initial table data for "qrtz_locks"... OK
- inserting initial table data for "distPoller"... OK
- checking if iplike is usable... YES
- checking for stale eventtime.so references... OK 
Installer completed successfully! 

Start opennms using the following command

/etc/init.d/opennms start 

OpenNMS will take some time to start, you can check the status of opennms using the following command

root@server1:/usr/local/lib# /etc/init.d/opennms status

OpenNMS.Eventd         : running
OpenNMS.Trapd          : running 
OpenNMS.Queued         : running
OpenNMS.Actiond        : running
OpenNMS.Capsd          : running
OpenNMS.Notifd         : running
OpenNMS.Scriptd        : running
OpenNMS.Rtcd           : running
OpenNMS.Pollerd        : running
OpenNMS.PollerBackEnd  : running
OpenNMS.Ticketer       : running
OpenNMS.Collectd       : running
OpenNMS.Threshd        : running
OpenNMS.Discovery      : running
OpenNMS.Vacuumd        : running
OpenNMS.EventTranslator: running
OpenNMS.PassiveStatusd : running
OpenNMS.Statsd         : running
OpenNMS.Importer       : running
OpenNMS.JettyServer    : running
opennms is running 

if you are able to see like above your opennms is running without any problems.
If you don't see the above output and get at error asking you to look at a log file.. /var/log/opennms/daemon/output.log and the log file mentions the following error..

An error occurred while attempting to start the "OpenNMS:Name=Dhcpd"

service (class org.opennms.netmgt.dhcpd.jmx.Dhcpd).  Shutting down and exiting.

Edit the file $OPENNMS_HOME/etc/service-configuration.xml and comment out the following portion as follows; and restart the opennms service.

<service>
               <name>OpenNMS:Name=Dhcpd</name>
               <class-name>org.opennms.netmgt.dhcpd.jmx.Dhcpd</class-name>
               <invoke at="start" pass="1" method="start"/>
               <invoke at="status" pass="0" method="status"/>
               <invoke at="stop" pass="0" method="stop"/>
</service>

Finally you can access web UI using the following URL ( replace yourhost to the IP of the opennms server)

http://yourhost:8980/opennms

Configuration of OpenNMS

Login in to the web interface  with  login / pass  admin/admin
Configure Discovery - Select  Home  /  Admin  /  Discovery  / Add New    -- Include Range.
Configure SNMP  - Select Home  / Admin  / Configure SNMP by IP

Database Login Details

opennms/postgres ( test user and password i have given )

Add Alert sound to the OpenNMS webUI 

In /usr/share/opennms/jetty-webapps/opennms/includes/servicesdown-box.jsp
Find below tags should be at the end of the file

 
  
<c:otherwise>
  <embed src="tngchime.wav" type="audio/x-pn-realaudio-plugin" hidden="true" autostart="true" loop="false" height="0"  width="0">
  <ul class="plain">
  <c:forEach var="summary" items="${summaries}">
  <c:url var="nodeLink" value="element/node.jsp">
  <c:param name="node" value="${summary.nodeId}"/>
  </c:url>
  <li><a href="${nodeLink}">${summary.nodeLabel}</a> (${summary.fuzzyTimeDown})</li>
  </c:forEach>
  </ul>
  <c:if test="${moreCount > 0}">
  <p class="noBottomMargin" align="right">
  <c:url var="moreLink" value="outage/current.jsp"/>
  <a href="${moreLink}">${moreCount} more...</a>
  </p>
  </c:if>
  </c:otherwise>

The line with the tag is new, the rest is stock
Download the following .wav file and pleace it in /usr/share/opennms/jetty-webapps/

wget http://www.nirvani.net/misc/trek_sounds/tngchime.wav

You don't need to restart OpenNMS to effect
Once you are done with above settings please install QuickTimeInstaller.exe in your windows system and restart the browser if opennms find any outages as soon as you login to OpenNMS webGUI you will hear alert sound ( check your sound volume)

Step by step method to create a SSL certificate for your websites

cd  /etc/apache2/ssl/client

Run following commands

openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.crs
openssl ca -in client.crs -cert ../ca/ca.crt -keyfile ../ca/ca.key -out client.crt
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12



Importing Certs in Browser

Make sure to enter the password which was assigned during cert creation.

FireFox

1) Remove your current Certificates.
Firefox : Preferences > Advanced > Encryption > View Certificates > Your Certificates > Select Certificates and Delete.
2) Import : select client.p12 password: test123

Chrome

1) Remove your current Certificates.
   Chrome > Preferences > Under the Hood > Manage Certificates > Remove current one..and import the new one.
2) Import  select  Import : select client.p12 password: test123

 

Install and configure SVN ( Subversion ) on Ubuntu Linux

Install Subversion

sudo apt-get install subversion 


Install apache module


sudo apt-get install  libapache2-svn



Create Repository
--------------------
Repository is a central place where the data is stored and maintained in  an organized way.

Command to create the repository.

            sudo svnadmin create /svn


Edit the configuration file for the subversion webdav.

            vi /etc/apache2/mods-enabled/dav_svn.conf 


               uncomment this element  : this is the end tag of location
               uncomment DAV svn


Location element in this file denotes the root directory where the subversion will be accessible from,
for example


http://YOUR-IP-ADDRESS/svn

               uncomment  SVNPath /svn
SVNPath should be set to the same place where you created your repository using svnadmin command

Basic Authentication.

Uncomment the following three lines to enable the basic authentication.AuthUserFile sets the password file

              AuthType Basic
              AuthName "Subversion Repository"
             AuthUserFile /etc/apache2/dav_svn.passwd

 Creating users for the repository:
Command to create user:
             sudo htpasswd -cm etc/apache2/dav_svn.passwd
             -c   --  Create user for the first time.
             -m  --  Create another user for same repository.
If  -c is given after having some users, all those users will be deleted . Use -m to create new user for same repository.

Restart apache2 server to see the web console  of svn

             sudo /etc/init.d/apache2 restart.

Centralized Log Management with RSyslog , Recording in MySql DB , Viewing and querying in Web UI - By Raja Antony

Why Rsyslog?

For Centralized logging.Having a centralized logging is a prerequisite if you want to have your logs intacts. But having the events recorded in plain files is virtually impossible for queries.Because of this, we can configure rsyslog to write events in MySQL DB and a web interface for queries with filters to facilitate viewing of the logs without have to access the console for such task.

Rsyslog Installation

Installing rsyslog on Ubuntu is easy:

 #aptitude install rsyslog
 #aptitude install rsyslog-doc

All configuration is placed in the /etc/rsyslog.conf file or in files found under the /etc/rsyslog.d directory.

• Configuration structure :Configuration files are structured in the following manner:
  
  
  
  
  • Modules
  • Global directives
  • Filter rules
• Rsyslog Server configuration: 

 #vim /etc/rsyslog.conf

Local logging functionality is provided by the imuxsock plug-in (also 
enabled by default).

$ModLoad imuxsock
 $ModLoad imklog

On the server, assuming you are running rsyslog, you do this by enabling the appropriate input module, as well as specifying the port to be used:
UDP:

$ModLoad imudp
$UDPServerRun 514

TCP:

$ModLoad imtcp 
$InputTCPServerRun 514 

Rsyslog provides a flexible system to specify the output formats. It is template-based. A template with the traditional syslog format looks as follows:

$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"

 Now we have the right template - but how to write it to a file? You probably have a line like this in your rsyslog.conf:

*.* -/var/log/messages.log;TraditionalFormat

 

 

 -------------------------------------------------------------------------

Writing syslog messages to MySQL

--------------------------------------------------------------------------

 

 

rsyslog-mysql mysql-server php-mysql

while installing you will be prompted for mysql rsyslog user password.Enter the details and remember them.Next, the server should load the output module ommysql and be configured to connect to the database. Its configuration should be similar to the following:

#vim /etc/rsyslog.conf
# service mysqld start
# mysql -uroot -predhat
mysql> GRANT SELECT, UPDATE, INSERT ON Syslog.* TO rsyslog@localhost IDENTIFIED BY 'password'; 
mysql> \q 
#vim /etc/rsyslog.conf 
$ModLoad ommysql 
*.* :ommysql:127.0.0.1,Syslog,rsyslog,rsyslog 
[*.*  :ommysql:database-server,database-name,database-userid,database-password]
#restart mysql 
#restart rsyslog 

Now check your database:

#mysql -uroot -predhat 
#show databases; 
#USE Syslog;
#show tables;
#DESCRIBE SystemEvents; 
#select * from SystemEvents; 

you can see all your log messages here,if you have properly configured.Generate few log messages with logger command, then open three terminals.

#tail -f /var/log/messages
#logger system rebooted 
#mysql 


check the timestamps of the logs and whether they are being logged into database or not.

• Clients Setup:

#apt-get install rsyslog


First, you need to create a working directory for rsyslog. This is where it stores its queue files (should need arise). You may use any location on your local system. There is nothing else to do. With the following simple config file, you forward anything you receive to a remote server and have buffering applied automatically when it goes down. This must be done on the client machine.

#vim /etc/syslog.conf
$ModLoad imuxsock    # local message reception 
$WorkDirectory /rsyslog/work       # default location for work (spool) files 
$ActionQueueType LinkedList       # use asynchronous processing
$ActionQueueFileName srvrfwd    # set file name, also enables disk mode 
$ActionResumeRetryCount -1       # infinite retries on insert failure 
$ActionQueueSaveOnShutdown on  # save in-memory data if rsyslog shuts down. 

*.* @@server:port 
*.* @172.168.155.75:514      #forward all its logs via UDP 
*.* @@172.168.155.75:514  #forward all its logs via TCP.

 

-----------------------------------------------------------

LogAnalyzer - WebUI

------------------------------------------------------------

The LogAnalyzer project provides an easy to use but powerful frontend for searching, reviewing and analyzing syslog, event log and many other event sources.

• HOWTO install LogAnalyzer

To install LogAnalyzer, you need:

* Apache
* PHP5

#apt-get install apache2
#apt-get install php5
#apt-get install libapache2-mod-php5
#/etc/init.d/apache2 restart 

Now install Loganalyzer. It's pretty easy.
#wget http://download.adiscon.com/loganalyzer/loganalyzer-3.0.1.tar.gz 
#tar -xvzf loganalyzer-3.0.1.tar.gz 
#mkdir -p /var/www/loganalyzer

Upload all files from the loganalyzer/src/ folder to you webserver. The other files are not needed on the webserver.

#cp -R loganalyser-v3.0.1/src/* /var/www/loganalyzer 


Upload the scripts configure.sh and secure.sh from the contrib folder to your webserver, into the same folder where you uploaded the other LogAnalyzer files into. Then set the execution flag to them (chmod +x configure.sh secure.sh).Now run ./configure.sh, this will create a blank config.php, and will also set write access to everyone to it.You can of course do this manually if you want.

#chmod +x configure.sh secure.sh 
#./configure.sh 

Now open your LogAnalyzer installation in your favourite webbrowser, you will see an error, and you will be pointed to the installation script. The install script will guide you through the LogAnalyzer installation, just follow the instructions.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Some Related Links for more information

http://www.ubuntu.com/system/files/CentralLogging-v4-20090901-03.pdf

How to Configure Local Apt-Cacher-Server for Intranet -- Raja Arulappagari

Server Installation:

1. Install apt-cacher and apache2 webserver

#apt-get install apt-cacher apache2

2.Enable apt-cacher

Edit /etc/default/apt-cacher and change autostart to 1. (This will automatically start
cache server).

#vi /etc/default/apt-cacher

autostart=1

3.Restart the apache server

#/etc/init.d/apache2 restart

4.Restart the apt-cacher server

#/etc/init.d/apt-cacher restart

Now test your apt-cacher server.Go to remote machine in your network.open your
browser type the hostname or IP address of your apt-cacher
server.

#firefox http:///apt-cacher  [ hostname / ip ]

 
sometimes it won't work. Then try

#firefox http://hostname/ip :3142";

save and quit
 
[OR]

Create a small script.

#vi check-apt-cacher.sh
---------------------------------------------------------------------------------------------------
 
. /lib/lsb/init-functions
log_daemon_msg "Configuring APT cache proxy" "(based on SERVER_NAME_HERE's
presence...)"
ping -c 1 SERVER_NAME_HERE &> /dev/null
if [ $? = "0" ]; then
echo "Acquire::http::Proxy \"http://SERVER_NAME_HERE:3142\";" > /etc/apt/
apt.conf.d/01SERVER_NAME_HEREproxy
else
rm /etc/apt/apt.conf.d/01SERVER_NAME_HEREproxy &> /dev/null
fi
log_end_msg 0
---------------------------------------------------------------------------------------------------
 
(Note: Replace SERVER_NAME_HERE with the ipaddress of apt-cacher server).
save and quit
#chmod +x /root/check-apt-cacher
#crontab -e
*/1 * * * * /bin/bash /root/check-apt-cacher
save and quit
This script will run each minute (*/1) you can change it as you see fit.
You're done.
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------
How It Works?
 
In each and every client machine in our network, we are going to mention the apt-
cacher server as a proxy server in the /etc/apt/apt.conf.d/ directory. So in our network,
If anyone Downloads packages using apt-get command. First, it checks in the cache
folder of apt-cacher server i.e.., /var/cache/apt-cacher/packages. If it doesn't find any
packages, it downloads from the internet and keeps in its cache folder and as well as
installs on the client machines(regardless of what version of ubuntu they are using). So
that if any other people tries to install the same package,they can directly install it from
the cache instead of hitting internet all the time,which saves bandwidth.
---------------------------------------------------------------------------------------------------
(Note : I have installed apt-cacher server on ubuntu 9.04 and i tried to access from
client side which is of ubuntu 9.04 and ubuntu 10.04. i installed few packages on the
client side, which client and as well as server doesn't have. The new package is fetched
form the internet and is kept in the apt-cacher cache directory.)