This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_ossec [2016/10/07 14:00] val |
сервис_ossec [2020/07/15 13:27] val |
||
---|---|---|---|
Line 2: | Line 2: | ||
* [[https://ru.wikipedia.org/wiki/OSSEC|OSSEC — Википедия]] | * [[https://ru.wikipedia.org/wiki/OSSEC|OSSEC — Википедия]] | ||
- | * [[http://city.chel.com.ru/forum/entry.php?b=506|OSSEC-HIDS (Open Source Host-based Intrusion Detection System) – хостовая система обнаружения атак]] | + | |
- | * [[http://ossec.github.io/downloads.html|Downloads - DEBs for Debian and Ubuntu]] | + | |
* [[http://forum.lissyara.su/viewtopic.php?t=9588|www.lissyara.su - статья об OSSEC]] | * [[http://forum.lissyara.su/viewtopic.php?t=9588|www.lissyara.su - статья об OSSEC]] | ||
* [[http://ossec-docs.readthedocs.io/en/latest/manual/agent/agent-management.html|Managing Agents]] | * [[http://ossec-docs.readthedocs.io/en/latest/manual/agent/agent-management.html|Managing Agents]] | ||
* [[http://ossec-docs.readthedocs.io/en/latest/faq/syscheck.html|Syscheck: FAQ - How to force an immediate syscheck scan?]] | * [[http://ossec-docs.readthedocs.io/en/latest/faq/syscheck.html|Syscheck: FAQ - How to force an immediate syscheck scan?]] | ||
+ | * [[http://www.ossec.net/downloads.html|OSSEC Downloads]] | ||
+ | |||
+ | ===== Debian ===== | ||
+ | |||
+ | ==== Подключение репозитория ===== | ||
+ | <code> | ||
+ | # wget -q -O - https://updates.atomicorp.com/installers/atomic | bash | ||
+ | |||
+ | # apt install apt-transport-https | ||
+ | |||
+ | # apt update | ||
+ | </code> | ||
+ | ==== Установка и запуск сервера ==== | ||
+ | <code> | ||
+ | # apt install ossec-hids-server | ||
+ | |||
+ | ossec-server# /var/ossec/bin/agent_control -l | ||
+ | ... | ||
+ | </code> | ||
+ | |||
+ | ==== Настройка сервера для подключения агента ==== | ||
+ | <code> | ||
+ | ossec-server# /var/ossec/bin/manage_agents | ||
+ | ... | ||
+ | (A)dd an agent (A). | ||
+ | ... | ||
+ | Agent information: | ||
+ | ID:001 | ||
+ | Name:server | ||
+ | IP Address:192.168.X.10 | ||
+ | ... | ||
+ | (E)xtract key for an agent (E). | ||
+ | ... | ||
+ | |||
+ | ossec-server# /var/ossec/bin/ossec-control restart | ||
+ | |||
+ | ossec-server# ss -panu | grep 1514 | ||
+ | </code> | ||
+ | |||
+ | ==== Установка, запуск и подключение агента ==== | ||
+ | <code> | ||
+ | ossec-agent# apt install ossec-hids-agent | ||
+ | |||
+ | ossec-agent# vim /var/ossec/etc/ossec.conf | ||
+ | </code><code> | ||
+ | <ossec_config> | ||
+ | <client> | ||
+ | <server-ip>192.168.100+X.10</server-ip> | ||
+ | ... | ||
+ | </code><code> | ||
+ | ossec-agent# /var/ossec/bin/manage_agents | ||
+ | ... | ||
+ | |||
+ | ossec-agent# /var/ossec/bin/ossec-control start | ||
+ | </code> | ||
+ | |||
+ | ==== Проверка подключения агента ==== | ||
+ | <code> | ||
+ | ossec-server# /var/ossec/bin/agent_control -i 001 | ||
+ | ... | ||
+ | </code> | ||
+ | ==== Просмотр отчетов ==== | ||
+ | |||
+ | https://ossec-docs.readthedocs.io/en/latest/programs/ossec-reportd.html | ||
+ | |||
+ | <code> | ||
+ | # cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f level 1 | ||
+ | </code> |