This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
сервис_ossec [2020/07/15 16:04] val [Просмотр отчетов] |
сервис_ossec [2024/05/15 10:32] (current) val [Контроль целостности файлов] |
||
---|---|---|---|
Line 2: | Line 2: | ||
* [[https://ru.wikipedia.org/wiki/OSSEC|OSSEC — Википедия]] | * [[https://ru.wikipedia.org/wiki/OSSEC|OSSEC — Википедия]] | ||
- | |||
* [[https://habr.com/ru/post/262479/|Инструкция: внедряем HIDS OSSEC]] | * [[https://habr.com/ru/post/262479/|Инструкция: внедряем HIDS OSSEC]] | ||
- | |||
* [[http://www.ossec.net/downloads.html|OSSEC Downloads]] | * [[http://www.ossec.net/downloads.html|OSSEC Downloads]] | ||
Line 45: | Line 43: | ||
==== Установка, запуск и подключение агента ==== | ==== Установка, запуск и подключение агента ==== | ||
+ | |||
+ | === Windows === | ||
+ | |||
+ | * [[https://www.ossec.net/docs/docs/manual/installation/installation-windows.html|Windows Agent Installation]] | ||
+ | |||
+ | === Debian === | ||
+ | |||
<code> | <code> | ||
server# apt install ossec-hids-agent | server# apt install ossec-hids-agent | ||
Line 76: | Line 81: | ||
<!-- Frequency that syscheck is executed (default every 2 hours) --> | <!-- Frequency that syscheck is executed (default every 2 hours) --> | ||
<frequency>300</frequency> | <frequency>300</frequency> | ||
- | <auto_ignore>no</auto_ignore> | + | <auto_ignore>no</auto_ignore> <!-- may not be needed --> |
<directories check_all="yes">/usr/local/sbin</directories> | <directories check_all="yes">/usr/local/sbin</directories> | ||
... | ... | ||
Line 86: | Line 91: | ||
* [[https://www.ossec.net/docs/docs/programs/ossec-reportd.html|ossec-reportd]] | * [[https://www.ossec.net/docs/docs/programs/ossec-reportd.html|ossec-reportd]] | ||
+ | * [[https://www.ossec.net/docs/manual/output/reports-email-output.html|Daily E-Mail Reports]] | ||
<code> | <code> | ||
- | lan# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f level 1 | + | lan# cat /var/ossec/logs/alerts/alerts.log |
+ | |||
+ | lan# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f level 7 | ||
+ | |||
+ | lan# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f group authentication -r user srcip | ||
</code> | </code> |