我们来自五湖四海,不为别的,只因有共同的爱好,为中国互联网发展出一分力!

OSSEC installation guide

2013年08月22日16:52 阅读: 20738 次
OSSEC installation guide
?
SSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Mac OS X, Solaris and Windows.
The official document link: http://www.ossec.net/doc/index.html
?
?
How to install OSSEC
Download the latest version
[plain]?
#wget http://www.ossec.net/files/ossec-hids-2.7.1-beta-1.tar.gz ?
?
?
Extract the compressed package and run the “./install.sh” script (It will guide you through the installation).
[plain]?
# tar -zxvf ossec-hids-*.tar.gz (or gunzip -d; tar -xvf) ?
# cd ossec-hids-* ?
# ./install.sh ?
?
?
Follow the installation prompts and complete all steps.
Install Server on server host.
Install Agent on client host.
?
?
The configuration part
?
Add client agent into Server host.
On server machine type command.?
[plain]?
#/var/ossec/bin/manage_agents ?
Select "A" to enter into add agent menu, and input the agent name and IP.
Back to main menu and select "E" option for extract key for client agent.
Copy the Key to somewhere save for agent machine.
On agent machine side.?
[plain]?
#/var/ossec/bin/manage_agents ?
Select "I" option for import the key which just extracted from server machine.
You are all set now!
?
?
Some simple command examples.
Check the status of your agents
[html]?
#/var/ossec/bin/agent_control -lc ?
or
[plain]?
#/var/ossec/bin/agent_control -i agentID ?
?
Check the latest log status
[plain]?
# tail -F /var/ossec/logs/ossec.log ?
?
Start/Stop OSSEC process
[plain]?
#/var/ossec/bin/ossec-control start/stop ?
?
Manage agent main menu
[plain]?
#/var/ossec/bin/manage_agents ?
?
Issues:
There is a bug in official build 2.7 that the agents disconnect after a few minutes. ?for resolve it, you may need to upgrade to version 2.7.1 beta.
分享到: 更多
蓝客门户