Created
October 4, 2016 07:12
-
-
Save anri-c/20dd317f0560e8fd597ae58ee1ac499b to your computer and use it in GitHub Desktop.
CentOS7.x で OSSEC マネージャとエージェントのインストール ref: http://qiita.com/anri-c/items/18a72fc2bd0d8b168c6e
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget -q -O - http://www.atomicorp.com/installers/atomic | sh |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| manager $ sudo yum install ossec-hids ossec-hids-server |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| agent $ sudo /etc/init.d/ossec-hids start |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| manager $ sudo /var/ossec/bin/agent_control -i 001 | |
| OSSEC HIDS agent_control. Agent information: | |
| Agent ID: 001 | |
| Agent Name: agent | |
| IP address: 192.168.0.128 | |
| Status: Active | |
| Operating system: Linux agent 3.10.0-327.36.1.el7.x86_64 #1 S.. | |
| Client version: OSSEC HIDS v2.8.3 / 6322ee12ea9a05951f97923a8341a01a | |
| Last keep alive: Tue Oct 4 15:05:19 2016 | |
| Syscheck last started at: Tue Oct 4 15:07:18 2016 | |
| Rootcheck last started at: Unknown |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo /etc/init.d/ossec-hids restart |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| agent $ sudo yum install ossec-hids ossec-hids-client |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| manager $ sudo /etc/init.d/ossec-hids start |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| manager $ sudo /var/ossec/bin/manage_agents | |
| **************************************** | |
| * OSSEC HIDS v2.8.3 Agent manager. * | |
| * The following options are available: * | |
| **************************************** | |
| (A)dd an agent (A). | |
| (E)xtract key for an agent (E). | |
| (L)ist already added agents (L). | |
| (R)emove an agent (R). | |
| (Q)uit. | |
| Choose your action: A,E,L,R or Q: A # A を入力し Enter | |
| - Adding a new agent (use '\q' to return to the main menu). | |
| Please provide the following: | |
| * A name for the new agent: agent # エージェントのホスト名を入力し Enter | |
| * The IP Address of the new agent: 192.168.0.128 # エージェントの IP アドレスを入力し Enter | |
| * An ID for the new agent[001]: # エージェントの ID は入力せずに Enter でも大丈夫 | |
| Agent information: | |
| ID:001 | |
| Name:agent | |
| IP Address:192.168.0.128 | |
| Confirm adding it?(y/n): y # 間違いがなければ y を入力し Enter | |
| Agent added. | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| **************************************** | |
| * OSSEC HIDS v2.8.3 Agent manager. * | |
| * The following options are available: * | |
| **************************************** | |
| (A)dd an agent (A). | |
| (E)xtract key for an agent (E). | |
| (L)ist already added agents (L). | |
| (R)emove an agent (R). | |
| (Q)uit. | |
| Choose your action: A,E,L,R or Q: E # E を入力し Enter | |
| Available agents: | |
| ID: 001, Name:agent, IP: 192.168.0.128 | |
| Provide the ID of the agent to extract the key (or '\q' to quit): 001 # 対象のエージェントの ID を入力し Enter | |
| Agent key information for '001' is: | |
| <AGENT_KEY> # 表示されたキーをこぴーしておく | |
| ** Press ENTER to return to the main menu. | |
| # メインメニューが表示されら Q を入力 Enter |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| manager $ sudo /etc/init.d/ossec-hids restart |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| agent $ sudo ls -la /var/ossec/etc/ossec.conf | |
| lrwxrwxrwx 1 root root 16 10月 4 14:42 ossec.conf -> ossec-agent.conf | |
| agent $ sudo vi /var/ossec/etc/ossec.conf # 実体は ossec-agent.conf | |
| <!-- OSSEC example config --> | |
| <ossec_config> | |
| <client> | |
| <server-ip>192.168.0.254</server-ip> # マネージャの IP アドレスへ変更 | |
| </client> | |
| <syscheck> | |
| <!-- Frequency that syscheck is executed -- default every 2 hours --> | |
| <frequency>7200</frequency> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| agent $ sudo /var/ossec/bin/manage_client | |
| **************************************** | |
| * OSSEC HIDS v2.8.3 Agent manager. * | |
| * The following options are available: * | |
| **************************************** | |
| (I)mport key from the server (I). | |
| (Q)uit. | |
| Choose your action: I or Q: i |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| * Provide the Key generated by the server. | |
| * The best approach is to cut and paste it. | |
| *** OBS: Do not include spaces or new lines. | |
| Paste it here (or '\q' to quit): | |
| <AGENT_KEY> # マネージャで発行したキーを貼り付けて Enter | |
| Agent information: | |
| ID:001 | |
| Name:agent | |
| IP Address:192.168.0.128 | |
| Confirm adding it?(y/n): y # 間違いなければ y 入力して Enter | |
| Added. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment