浮雲雅築: [研究] OSSEC - HIDS 2.8 主機型入侵偵測系統

2014年8月16日星期六

[研究] OSSEC - HIDS 2.8 主機型入侵偵測系統 - local 安裝 (CentOS 7.0 x86_64)

[研究] OSSEC - HIDS 2.8 主機型入侵偵測系統 - local 安裝 (CentOS 7.0 x86_64)

2014-08-16

官方網站
http://www.ossec.net/

下載
http://www.ossec.net/main/downloads

安裝

yum -y install gcc httpd php
service httpd restart
cd /usr/local/src
wget http://www.ossec.net/files/ossec-hids-2.8.tar.gz
wget http://www.ossec.net/files/ossec-wui-0.8.tar.gz

tar zxvf ossec-hids-2.8.tar.gz
cd ossec-hids-2.8
./install.sh
cd ..

tar zxvf ossec-wui-0.8.tar.gz -C /var/www/html
mv /var/www/html/ossec-wui-0.8 /var/www/html/ossec

usermod -G ossec apache
cat /etc/group | grep ossec

# /var/ossec/bin/ossec-control start
# vi /var/ossec/etc/ossec.conf

service ossec restart
systemctl status ossec
service httpd restart
firefox http://localhost/ossec &

對 ossec-hids-2.8.tar.gz 做 install.sh 時候會出現一些設定詢問，基本上都是 Enter 用預設值
(安裝型態小弟選 local，有空再測試 server 和 agent)

(en/br/cn/de/el/es/fr/it/jp/nl/pl/ru/sr/tr) [en]:

1- What kind of installation do you want (server, agent, local or help)? local
...(略)

- System is Redhat Linux.
- Init script modified to start OSSEC HIDS during boot.

- Configuration finished properly.

- To start OSSEC HIDS:
/var/ossec/bin/ossec-control start

- To stop OSSEC HIDS:
/var/ossec/bin/ossec-control stop

- The configuration can be viewed or modified at /var/ossec/etc/ossec.conf

Thanks for using the OSSEC HIDS.
If you have any question, suggestion or if you find any bug,
contact us at contact@ossec.net or using our public maillist at
ossec-list@ossec.net
( http://www.ossec.net/main/support/ ).

More information can be found at http://www.ossec.net

--- Press ENTER to finish (maybe more information below). ---

[root@localhost ossec-hids-2.8]#