文件防篡改系統ossec搭建
OSSEC簡要介紹: php
OSSEC 是一款開源的***檢測系統,包括了日誌分析,全面檢測,rook-kit檢測。做爲一款HIDS,OSSEC應該被安裝在一臺實施監控的系統中。另外有時候不須要安裝徹底版本的OSSEC,若是有多臺電腦都安裝了OSSEC,那麼就能夠採用客戶端/服務器模式來運行。客戶機經過客戶端程序將數據發回到服務器端進行分析。在一臺電腦上對多個系統進行監控對於企業或者家庭用戶來講都是至關經濟實用的。
環境:
centos5.5 x86_64
ossec-hids-2.7-beta1
10.10.10.240 ossec server
10.10.10.141 ossec client1
ossec-hids-2.7-beta1
10.10.10.240 ossec server
10.10.10.141 ossec client1
下載軟件包
1、ossec server安裝
配置源碼,使可以兼容mysql
[root@logserver src]# tar -xf ossec-hids-2.7-beta-1.tar.gz
[root@logserver src]# cd ossec-hids-2.7-beta1/
[root@logserver ossec-hids-2.7-beta1]# cd src
[root@logserver src]# make setdb
Info: Compiled with MySQL support
[root@logserver src]# cd ossec-hids-2.7-beta1/
[root@logserver ossec-hids-2.7-beta1]# cd src
[root@logserver src]# make setdb
Info: Compiled with MySQL support
[root@logserver ossec-hids-2.7-beta1]# ./install.sh
[root@logserver ossec-hids-2.7-beta1]# /var/ossec/bin/ossec-control enable database
[root@logserver ossec-hids-2.7-beta1]# mysql -u root -p
mysql> create database ossec;
Query OK, 1 row affected (0.04 sec)
mysql> grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on ossec.* to ossecuser@ identified by 'ossecpass';
Query OK, 0 rows affected (0.10 sec)
[root@logserver ossec-hids-2.7-beta1]# mysql -u root -p
mysql> create database ossec;
Query OK, 1 row affected (0.04 sec)
mysql> grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on ossec.* to ossecuser@ identified by 'ossecpass';
Query OK, 0 rows affected (0.10 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
[root@logserver ossec-hids-2.7-beta1]# cd contrib/
[root@logserver contrib]# vim ossec2mysql.conf
# PARAMS USED BY OSSEC2BASED
dbhost=localhost
database=ossecuser
debug=5
dbport=3306
dbpasswd=ossecpass
dbuser=ossec
daemonize=0
sensor=centralserver
hids_inter>
# PARAMS USED BY OSSEC2BASED
dbhost=localhost
database=ossecuser
debug=5
dbport=3306
dbpasswd=ossecpass
dbuser=ossec
daemonize=0
sensor=centralserver
hids_inter>
導入數據
[root@logserver contrib]# mysql -u ossecuser -p < /usr/local/src/ossec-hids-2.7-beta1/contrib/ossec2mysql.sql
在末尾添加
<database_output>
<hostname>10.10.10.137</hostname>
<username>ossecuser</username>
<password>ossecpass</password>
<database>ossec</database>
<type>mysql</type>
</database_output>
</ossec_config>
<hostname>10.10.10.137</hostname>
<username>ossecuser</username>
<password>ossecpass</password>
<database>ossec</database>
<type>mysql</type>
</database_output>
</ossec_config>
2.啓動ossec
[root@logserver etc]# /var/ossec/bin/ossec-control restart
添加agent key
2、ossec cilent安裝
tar xf ossec-hids-2.7-beta-1.tar.gz
cd ossec-hids-2.7-beta1/
./install.sh
-->cn
-->client
/usr/local/ossec/bin/manage_agents
3、添加ossec client到ossec server
server:
/usr/local/ossec/bin/manage_agents
A
name
IP
E
001
cpoy key
q
client
/usr/local/ossec/bin/manage_agents
-->i
-->paste key
-->y
/usr/local/ossec/bin/ossec-control start
Starting OSSEC HIDS v2.7-beta1 (by Trend Micro Inc.)...
Started ossec-execd...
Started ossec-agentd...
Started ossec-logcollector...
Started ossec-syscheckd...
Completed.
You have new mail in /var/spool/mail/root
Starting OSSEC HIDS v2.7-beta1 (by Trend Micro Inc.)...
Started ossec-execd...
Started ossec-agentd...
Started ossec-logcollector...
Started ossec-syscheckd...
Completed.
You have new mail in /var/spool/mail/root
[root@redmine src]# netstat -antup|grep ossec
udp 0 0 10.10.10.141:35928 10.10.10.240:1514 ESTABLISHED 28558/ossec-agentd
udp 0 0 10.10.10.141:35928 10.10.10.240:1514 ESTABLISHED 28558/ossec-agentd
4、安裝管理界面
[root@db src]# tar xf ossec-wui-0.3.tar.gz
[root@db src]# cd ossec-wui-0.3
[root@db ossec-wui-0.3]# ls
CONTRIB css htaccess_def.txt img index.php js lib LICENSE ossec_conf.php README README.search setup.sh site
[root@db ossec-wui-0.3]# cp -Rf * /usr/local/ossec/
[root@db ossec-wui-0.3]# cd /usr/local/ossec/
[root@db ossec-wui-0.3]# ls
CONTRIB css htaccess_def.txt img index.php js lib LICENSE ossec_conf.php README README.search setup.sh site
[root@db ossec-wui-0.3]# cp -Rf * /usr/local/ossec/
[root@db ossec-wui-0.3]# cd /usr/local/ossec/
運行配置腳本
[root@db ossec]# ./setup.sh
配置ossec權限
[root@db ossec]# chgrp apache tmp/
[root@db ossec]# chmod 770 -R tmp/
[root@db ossec]#cat /etc/group
apache:x:48:ossec
[root@db ossec]# yum install -y php.x86_64 php-cli.x86_64 php-devel.x86_64 httpd
yum install -y httpd php
添加虛擬目錄
[root@db ~]# cat /etc/httpd/conf.d/vdoc.conf
Alias /ossec/ "/usr/local/ossec/"
<Directory "/usr/local/ossec/">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Alias /ossec/ "/usr/local/ossec/"
<Directory "/usr/local/ossec/">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "OSSEC AUTH"
AuthType Basic
AuthUserFile /usr/local/ossec/.htpasswd
Require valid-user
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "OSSEC AUTH"
AuthType Basic
AuthUserFile /usr/local/ossec/.htpasswd
Require valid-user
</Directory>
ossec預覽
相關文章
- 1. Linux系統文件防篡改腳本初版
- 2. 網頁防篡改系統原理
- 3. 防篡改防重
- 4. MD5加密防止文件篡改
- 5. 防篡改
- 6. 防篡改問題
- 7. Linux服務器下如何創建文件防篡改規則
- 8. Java防止文件篡改之文件校驗和
- 9. fastDFS 文件系統搭建
- 10. Cookie防篡改機制
- 更多相關文章...
- • C# Windows 文件系統的操作 - C#教程
- • Maven 構建配置文件 - Maven教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • SpringBoot中properties文件不能自動提示解決方法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Linux系統文件防篡改腳本初版
- 2. 網頁防篡改系統原理
- 3. 防篡改防重
- 4. MD5加密防止文件篡改
- 5. 防篡改
- 6. 防篡改問題
- 7. Linux服務器下如何創建文件防篡改規則
- 8. Java防止文件篡改之文件校驗和
- 9. fastDFS 文件系統搭建
- 10. Cookie防篡改機制