This is an old revision of the document!
# wget -q -O - https://updates.atomicorp.com/installers/atomic | bash # apt install apt-transport-https # apt update
lan# apt install ossec-hids-server lan# /var/ossec/bin/agent_control -l ...
lan# /var/ossec/bin/manage_agents ... (A)dd an agent (A). ... Agent information: ID:001 Name:server IP Address:192.168.X.10 ... (E)xtract key for an agent (E). ... lan# /var/ossec/bin/ossec-control restart lan# ss -panu | grep 1514
server# apt install ossec-hids-agent server# vim /var/ossec/etc/ossec.conf
<ossec_config> <client> <server-ip>192.168.100+X.10</server-ip> ...
server# /var/ossec/bin/manage_agents ... (I)mport key from the server (I). ... server# /var/ossec/bin/ossec-control start
lan# /var/ossec/bin/agent_control -i 001 ...
server# cat /var/ossec/etc/ossec.conf
... <syscheck> <!-- Frequency that syscheck is executed (default every 2 hours) --> <frequency>300</frequency> <auto_ignore>no</auto_ignore> <directories check_all="yes">/usr/local/sbin</directories> ...
server# /var/ossec/bin/ossec-control restart
lan# cat /var/ossec/logs/alerts/alerts.log lan# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f level 7 lan# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f group authentication -r user srcip