Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
сервис_ossec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
сервис_ossec [2016/10/07 13:54]
val 		сервис_ossec [2020/07/21 09:36] (current)
val [Просмотр отчетов]
Line 1: Line 1:
 ====== Сервис OSSEC ====== ====== Сервис OSSEC ======
  
-  * [[http://ossec.github.io/downloads.html|Downloads - DEBs for Debian and Ubuntu]] +  * [[https://ru.wikipedia.org/wiki/OSSEC|OSSEC — Википедия]]
-  * [[http://​forum.lissyara.su/​viewtopic.php?​t=9588|www.lissyara.su - статья об OSSEC]] +
-  * [[http://​ossec-docs.readthedocs.io/​en/​latest/​manual/​agent/​agent-management.html|Managing Agents]] +
-  * [[http://​ossec-docs.readthedocs.io/​en/​latest/​faq/​syscheck.html|Syscheck:​ FAQ - How to force an immediate syscheck scan?]]+
  
 +  * [[https://​habr.com/​ru/​post/​262479/​|Инструкция:​ внедряем HIDS OSSEC]]
 +
 +  * [[http://​www.ossec.net/​downloads.html|OSSEC Downloads]]
 +
 +===== Debian =====
 +
 +==== Подключение репозитория =====
 +<​code>​
 +# wget -q -O - https://​updates.atomicorp.com/​installers/​atomic | bash
 +
 +# apt install apt-transport-https
 +
 +# apt update
 +</​code>​
 +==== Установка и запуск сервера ====
 +<​code>​
 +lan# apt install ossec-hids-server
 +
 +lan# /​var/​ossec/​bin/​agent_control -l
 +...
 +</​code>​
 +
 +==== Настройка сервера для подключения агента ====
 +<​code>​
 +lan# /​var/​ossec/​bin/​manage_agents
 +...
 +   (A)dd an agent (A).
 +...
 +Agent information:​
 +   ​ID:​001
 +   ​Name:​server
 +   IP Address:​192.168.X.10
 +...
 +   ​(E)xtract key for an agent (E).
 +...
 +
 +lan# /​var/​ossec/​bin/​ossec-control restart
 +
 +lan# ss -panu | grep 1514
 +</​code>​
 +
 +==== Установка,​ запуск и подключение агента ====
 +<​code>​
 +server# apt install ossec-hids-agent
 +
 +server# vim /​var/​ossec/​etc/​ossec.conf
 +</​code><​code>​
 +<​ossec_config>​
 +  <​client>​
 +    <​server-ip>​192.168.100+X.10</​server-ip>​
 +...
 +</​code><​code>​
 +server# /​var/​ossec/​bin/​manage_agents
 +...
 +   ​(I)mport key from the server (I).
 +...
 +
 +server# /​var/​ossec/​bin/​ossec-control start
 +</​code>​
 +
 +==== Проверка подключения агента ====
 +<​code>​
 +lan# /​var/​ossec/​bin/​agent_control -i 001
 +...
 +</​code>​
 +==== Контроль целостности файлов ====
 +<​code>​
 +server# cat /​var/​ossec/​etc/​ossec.conf
 +</​code><​code>​
 +...
 +  <​syscheck>​
 +    <!-- Frequency that syscheck is executed (default every 2 hours) -->
 +    <​frequency>​300</​frequency>​
 +    <​auto_ignore>​no</​auto_ignore>​
 +    <​directories check_all="​yes">/​usr/​local/​sbin</​directories>​
 +...
 +</​code><​code>​
 +server# /​var/​ossec/​bin/​ossec-control restart
 +</​code>​
 +
 +==== Просмотр отчетов ====
 +
 +  * [[https://​www.ossec.net/​docs/​docs/​programs/​ossec-reportd.html|ossec-reportd]]
 +  * [[https://​www.ossec.net/​docs/​manual/​output/​reports-email-output.html|Daily E-Mail Reports]]
 +
 +<​code>​
 +lan# cat /​var/​ossec/​logs/​alerts/​alerts.log
 +
 +lan# cat /​var/​ossec/​logs/​alerts/​alerts.log | /​var/​ossec/​bin/​ossec-reportd -f level 7
 +
 +lan# cat /​var/​ossec/​logs/​alerts/​alerts.log | /​var/​ossec/​bin/​ossec-reportd -f group authentication -r user srcip
 +</​code>​
сервис_ossec.1475837692.txt.gz · Last modified: 2016/10/07 13:54 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki