This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_ossec [2019/03/15 16:07] val |
сервис_ossec [2020/07/15 09:54] val [Подключение] |
||
---|---|---|---|
Line 11: | Line 11: | ||
===== Debian ===== | ===== Debian ===== | ||
- | ==== Подключение ===== | + | ==== Подключение репозитория ===== |
<code> | <code> | ||
# wget -q -O - https://updates.atomicorp.com/installers/atomic | bash | # wget -q -O - https://updates.atomicorp.com/installers/atomic | bash | ||
Line 23: | Line 23: | ||
# apt install ossec-hids-server | # apt install ossec-hids-server | ||
- | # /var/ossec/bin/ossec-control start | ||
- | возможно, лучше | ||
- | # systemctl status ossec.service | ||
- | |||
- | # ss -panu | grep 1514 | ||
</code> | </code> | ||
- | ==== Установка и запуск агента ==== | + | ==== Установка, запуск и подключение агента ==== |
- | + | ||
- | Похоже, нельзя ставить вместе с сервером. | + | |
<code> | <code> | ||
- | # apt install ossec-hids-agent | + | ossec-agent# apt install ossec-hids-agent |
- | # vim /var/ossec/etc/ossec.conf | + | ossec-agent# vim /var/ossec/etc/ossec.conf |
+ | </code><code> | ||
<ossec_config> | <ossec_config> | ||
<client> | <client> | ||
<server-ip>192.168.155.10</server-ip> | <server-ip>192.168.155.10</server-ip> | ||
... | ... | ||
- | </code> | + | </code><code> |
+ | ossec-server# /var/ossec/bin/manage_agents | ||
+ | ... | ||
- | ==== Подключение агента ==== | + | ossec-server# /var/ossec/bin/ossec-control restart |
- | С двух сторон запускаем: | + | |
- | <code> | + | ossec-server# ss -panu | grep 1514 |
- | # /var/ossec/bin/manage_agents | + | |
+ | |||
+ | ossec-agent# /var/ossec/bin/manage_agents | ||
+ | ... | ||
+ | |||
+ | ossec-agent# /var/ossec/bin/ossec-control restart | ||
+ | |||
+ | ossec-server# /var/ossec/bin/agent_control -l | ||
+ | ... | ||
+ | |||
+ | ossec-server# /var/ossec/bin/agent_control -i 001 | ||
+ | ... | ||
</code> | </code> | ||
==== Просмотр отчетов ==== | ==== Просмотр отчетов ==== |