本文档详细介绍了如何在服务器上安装ossec并配置其使用MySQL数据库,包括安装依赖、创建数据库、设置权限、安装ossec服务器端、修改配置、生成客户端证书以及安装web界面的过程。
ossec主要功能有日志分析、完整性检查、rookit检测、基于时间的警报和主动响应。
///服务端安装
1、yum install wget gcc make httpd php php-mysql sendmail install MariaDB-server MariaDB MariaDB-devel -y
2、启动
systemctl start httpd
systemctl start sendmail.service
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation
firewall-cmd --permanent --add-service mysql
systemctl restart firewalld.service
3、创建数据库ossec
create database ossec;
grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on ossec.* to ossec@localhost;
set password for ossec@localhost=PASSWORD('ossec');
flush privileges;
4、ossec服务器端安装:
wget https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz
tar zxf ossec-hids-2.8.3.tar.gz
cd ossec-hids-2.8.3/
cd src; make setdb; cd ..
./install.sh
/var/ossec/bin/ossec-control enable database
mysql -uossec -possec ossec < ./src/os_dbd/mysql.schema
chmod u+w /var/ossec/etc/ossec.conf
5、修改配置文件 vi /var/ossec/etc/ossec.conf
在标签内添加
127.0.0.1
ossec
ossec
ossec
mysql
syslog
6、生成客户端证书:/var/ossec/bin/manage_agents
填入客户端主机名、IP,记录生成的KEY
7、安装web界面:
wget https://github.com/ECSC/analogi/archive/master.zip
unzip master.zip
mv analogi-master/ /var/www/html/analogi
cd /var/www/html/
chown -R apache.apache analogi/
cd analogi/
cp db_ossec.php.new db_ossec.php
//修改PHP的db链接参数
vi db_ossec.php
//添加APAche的虚拟主机
vim /etc/httpd/conf.d/analogi.conf
Alias /analogi /var/www/html/analogi
Order deny,allow
Deny from all
Allow from 192.168.0.0/16
//重启apache,登录方式http://ip/analogi/
systemctl restart httpd
service ossec start
//客户端搭建
wget https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz
tar zxf ossec-hids-2.8.3.tar.gz
cd ossec-hids-2.8.3/
./install.sh
/var/ossec/bin/manage_agents
//需要填入服务端生成的KEY
//启动ossec客户端 /var/ossec/bin/ossec-control start
查看状态:/var/ossec/bin/ossec-control status
/var/ossec/bin/list_agents -a
/var/ossec/bin/agent_control -lc
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
