Difference between revisions of "CentOS 7.x Install OSSEC agent"

From Notes_Wiki
m
m
Line 1: Line 1:
<yambe:breadcrumb>CentOS_7.x_OSSEC|CentOS 7.x OSSEC</yambe:breadcrumb>
<yambe:breadcrumb self="Install OSSEC agent">CentOS_7.x_OSSEC|OSSEC</yambe:breadcrumb>
=CentOS 7.x Install OSSEC agent=
=CentOS 7.x Install OSSEC agent=


Line 74: Line 74:
Steps contributed by Pavan Ponamala
Steps contributed by Pavan Ponamala


<yambe:breadcrumb>CentOS_7.x_OSSEC|CentOS 7.x OSSEC</yambe:breadcrumb>
<yambe:breadcrumb self="Install OSSEC agent">CentOS_7.x_OSSEC|OSSEC</yambe:breadcrumb>

Revision as of 11:17, 27 January 2019

<yambe:breadcrumb self="Install OSSEC agent">CentOS_7.x_OSSEC|OSSEC</yambe:breadcrumb>

CentOS 7.x Install OSSEC agent

To install OSSEC agent on CentOS 7.x use following steps:

  1. Install gcc compiler
    yum install -y gcc
  2. Download OSSEC hids
    git clone https://github.com/ossec/ossec-hids.git
  3. Install OSSEC
    cd ossec-hids
    ./install.sh
    Answer the following
    (en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]: '''en'''
    What kind of installation do you want (server, agent, local, hybrid or help)? '''agent'''
    Choose where to install the OSSEC HIDS [/var/ossec]: Enter
    What's the IP Address or hostname of the OSSEC HIDS server?: 192.168.1.X
    Do you want to run the integrity check daemon? (y/n) [y]: y
    Do you want to run the rootkit detection engine? (y/n) [y]: y
    Do you want to enable active response? (y/n) [y]: n
    --- Press ENTER to continue ---
  4. Start OSSEC for first time
    /var/ossec/bin/ossec-control start

On OSSEC server, Generate Key for the agent

  1. Run below command on OSSEC server
    /var/ossec/bin/manage_agents
    Answer the following
    Choose your action: A,E,L,R or Q: A
    A name for the new agent: Centos_Client
    The IP Address of the new agent: 192.168.1.X
    An ID for the new agent[001]: 001
    Confirm adding it?(y/n): y
    (Generate key for Agent)
    Choose your action: A,E,L,R or Q: e
    Provide the ID of the agent to extract the key (or '\q' to quit): 001
    (Copy the key)
  2. Restart OSSEC server
    systemctl restart ossec


On OSSEC Agent - Remaining agent configuration

  1. From the OSSEC agent, run the command
    /var/ossec/bin/manage_agents
    Choose your action: I or Q: i
    Paste it here (or '\q' to quit): (Paste Key)
    Confirm adding it?(y/n): y
  2. Restart OSSEC agent
    systemctl restart ossec



Steps contributed by Pavan Ponamala

<yambe:breadcrumb self="Install OSSEC agent">CentOS_7.x_OSSEC|OSSEC</yambe:breadcrumb>