* The best approach is to cut and paste it. * Provide the Key generated by the server. mo GET YOUR VPS # /var/ossec/bin/manage_agents Execute the /var/ossec/bin/manage_agents command: ** Press ENTER to return to the main menu.Ĭopy the key and switch to your OSSEC agent console. Provide the ID of the agent to extract the key (or '\q' to quit): 001 ID: 001, Name: ossec-client, IP: enter the IP address of the OSSEC agent Run the /var/ossec/bin/manage_agents command again and extract the key for the agent: # /var/ossec/bin/manage_agents * The IP Address of the new agent: here you should enter the IP address of the OSSEC agent Adding a new agent (use '\q' to return to the main menu). Now choose the A option, enter the name for the new agent, it’s IP address and ID. Use the below command: # /var/ossec/bin/manage_agents Go back to your OSSEC server console and generate a key for the agent. You can run the 'manage_agents' tool to import theĪs the above statement shows, you should now add the agent to the OSSEC server. You first need to add this agent to the server so theyĬan communicate with each other. Press ENTER to finish (maybe more information below). If you have any question, suggestion or if you find any bug,Ĭontact us at or using our public maillist ). The configuration can be viewed or modified at /var/ossec/etc/nf Init script modified to start OSSEC HIDS during boot. System is Debian (Ubuntu or derivative). The nf and add a new localfile entry.Īny questions about the configuration can be answered If you want to monitor any other file, just change var/log/apache2/access.log (apache log) var/log/apache2/error.log (apache log) Running syscheck (integrity check daemon).ģ.3- Do you want to run the rootkit detection engine? (y/n) :ģ.4 - Do you want to enable active response? (y/n) :ģ.5- Setting the configuration to analyze the following logs: ģ.1- What's the IP Address or hostname of the OSSEC HIDS server?: enter the IP address of the OSSEC server machineģ.2- Do you want to run the integrity check daemon? (y/n) : Installation will be made at /var/ossec. Choose where to install the OSSEC HIDS : install.sh 1- What kind of installation do you want (server, agent, local, hybrid or help)? agentĢ- Setting up the installation environment. Now, start the OSSEC installation script and follow the easy instructions as shown in the output below: #. If you happen to already have the LAMP stack installed on your Ubuntu 14.04 instance, then proceed and execute the following command: # apt-get install libmysqlclient-dev libapache2-mod-php5 php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xslĭownload OSSEC into the ‘/opt’ directory, unpack the archive and enter the unpacked directory: # cd /opt But first, install the modules as shown in the first part of this tutorial. Next, you need to install OSSEC as agent on your other Ubuntu instance. You can now visit the Analogi dashboard from your favorite web browser. Once you modify the values, they should look like this: define ('DB_USER_O', 'ossecuser') ĭefine ('DB_PASSWORD_O', 'your_password') Enter the default document root for Apache which is ‘/var/analogi/db_ossec.php Once that is out of the picture, let’s install the Analogi Web Dashboard. Log in to the Linux VPS where you installed OSSEC as server: # ssh the package index and check whether you have available upgrades for the server: # apt-get update & apt-get upgrade Then we will add the installed agent (client) to the OSSEC server. Today, we will install the Analogi Web Dashboard and cover the OSSEC agent installation on another Ubuntu 14.04 VPS. In the first part, we installed OSSEC as server and it’s web user interface on an Ubuntu 14.04 VPS. This article is the second part of our Install OSSEC on Ubuntu 14.04 tutorial.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |