User Tools
сервис_ossec
This is an old revision of the document!
Table of Contents
Сервис OSSEC
Debian
Подключение
# wget -q -O - https://updates.atomicorp.com/installers/atomic | bash # apt install apt-transport-https # apt update
Установка и запуск сервера
# apt install ossec-hids-server # /var/ossec/bin/ossec-control start # ss -panu | grep 1514
Установка и запуск и подключение агента
Похоже, нельзя ставить вместе с сервером.
ossecagent# apt install ossec-hids-agent ossec-agent# vim /var/ossec/etc/ossec.conf
<ossec_config>
<client>
<server-ip>192.168.155.10</server-ip>
...
ossec-server# /var/ossec/bin/manage_agents ... ossec-agent# /var/ossec/bin/manage_agents ... ossec-agent# /var/ossec/bin/ossec-control start ossec-server# /var/ossec/bin/agent_control -l ... ossec-server# /var/ossec/bin/agent_control -i 001 ...
Просмотр отчетов
https://ossec-docs.readthedocs.io/en/latest/programs/ossec-reportd.html
# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f level 1
сервис_ossec.1592989364.txt.gz · Last modified: 2020/06/24 12:02 by val
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
