- Instant OSSEC Host-based Intrusion Detection System
- Brad Lhotsky
- 458字
- 2021-08-13 16:28:00
There's more…
Congratulations! You just installed, configured, and started OSSEC to protect your server. An excellent first step in the mastery of OSSEC! You might also be thinking that there is a lot of work to run this setup process on each server, and you're right. It's not always desirable or possible to perform source installs on every server in your network. Luckily for us, there's a speedier way!
Binary installations
On most production systems, a C compiler may not available. Don't worry, it is still possible to deploy it on these systems without requiring administrators to install hefty development packages.
OSSEC provides a binary installer for Windows on the Downloads page (http://www.ossec.net/?page_id=19) of the site. This is an agent-only binary, so you will still require a Linux/BSD server to manage any Windows agents.
For Linux systems, there are two major package managers, RPM and APT. Distributions based on Red Hat use a binary package called an RPM. Atomicorp provides a handy installer for their nicely packaged OSSEC RPMs, which you can install using the following command on your Red Hat server:
$ wget -q -O - https://www.atomicorp.com/installers/atomic |sudo sh
After that, you'll be able to install the OSSEC server or agent through yum:
$ sudo yum install ossec-hids-server
Or for a client install, use the following command:
$ sudo yum install ossec-hids-client
If you intend to install it on a Debian-based Linux distribution, Nicolas Zin has packaged OSSEC for Ubuntu. His work is available at the following link:
https://launchpad.net/~nicolas-zin/+archive/ossec-ubuntu
Follow his instructions to enable the source in APT. Install OSSEC server by running the following command:
$ sudo apt-get install ossec-hids-server
Or for a client install, use the following command:
$ sudo apt-get install ossec-hids-agent
Integrating the deployment of OSSEC into your organization's configuration management solution is much easier with binary packaging. Servers receiving a binary package do not require a C compiler to be installed. This often fits within the organization's requirements to remove unnecessary software from its infrastructure.
Starting OSSEC at boot
Even though OSSEC may already be running, we need to make sure that we configure our installation to start during the operating system's boot sequence. This step varies depending on the operating system you're running. The easiest way to start OSSEC on Linux/BSD is to add the /var/ossec/bin/ossec-control start command to the /etc/rc.d/rc.local file, which is executed at boot.
If you've chosen the binary package install, chances are that the package provides an initialization script for your operating system. Most modern systems use an initialization script usually installed as /etc/init.d/ossec-hids, and the following commands will enable it:
- Red Hat-based:
/sbin/chkconfig ossec-hids on - Debian-based:
/sbin/update-rc.d ossec-hids defaults
The Microsoft Windows binary installer configures OSSEC to run at startup, so no additional steps are necessary.
- Metasploit Penetration Testing Cookbook(Second Edition)
- CSO進階之路:從安全工程師到首席安全官
- 可信計算3.0工程初步
- Enterprise Cloud Security and Governance
- 數字安全藍皮書:本質屬性與重要特征
- 黑客攻防與無線安全從新手到高手(超值版)
- 防火墻技術與應用(第2版)
- 計算機網絡安全基礎(第5版)
- 信息安全導論(第2版)
- 數據安全架構設計與實戰
- 博弈論與數據安全
- Mastering Python for Networking and Security
- 華為Anti-DDoS技術漫談
- Mastering Malware Analysis
- Web安全攻防從入門到精通