• OSSEC — Википедия
• Инструкция: внедряем HIDS OSSEC
• OSSEC Downloads

# wget -q -O - https://updates.atomicorp.com/installers/atomic | bash

# apt install apt-transport-https

# apt update

lan# apt install ossec-hids-server

lan# /var/ossec/bin/agent_control -l
...

lan# /var/ossec/bin/manage_agents
...
   (A)dd an agent (A).
...
Agent information:
   ID:001
   Name:server
   IP Address:192.168.X.10
...
   (E)xtract key for an agent (E).
...

lan# /var/ossec/bin/ossec-control restart

lan# ss -panu | grep 1514

• Windows Agent Installation

server# apt install ossec-hids-agent

server# vim /var/ossec/etc/ossec.conf

<ossec_config>
  <client>
    <server-ip>192.168.100+X.10</server-ip>
...

server# /var/ossec/bin/manage_agents
...
   (I)mport key from the server (I).
...

server# /var/ossec/bin/ossec-control start

lan# /var/ossec/bin/agent_control -i 001
...

server# cat /var/ossec/etc/ossec.conf

...
  <syscheck>
    <!-- Frequency that syscheck is executed (default every 2 hours) -->
    <frequency>300</frequency>
    <auto_ignore>no</auto_ignore> <!-- may not be needed -->
    <directories check_all="yes">/usr/local/sbin</directories>
...

server# /var/ossec/bin/ossec-control restart

• ossec-reportd
• Daily E-Mail Reports

lan# cat /var/ossec/logs/alerts/alerts.log

lan# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f level 7

lan# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f group authentication -r user srcip