# cd /usr/local/src/ # wget http://www.ossec.net/files/ossec-hids-2.8.1.tar.gz #下载客户端 # tar -zxvf ossec-hids-2.8.1.tar.gz #解压 # cd ossec-hids-2.8.1 # ./install.sh 运行install.sh
以下是几个输入的地方:
1 2 3 4 5 6 7
(en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]: en #使用英文安装的方式 What kind of installation do you want (server, agent, local, hybrid or help)? agent #安装的类型 Choose whereto install the OSSEC HIDS [/var/ossec]: #安装的路径 默认就行 直接回车 What's the IP Address or hostname ofthe OSSEC HIDS server?: 192.168.31.111#输入你服务端的地址 Do you want torunthe integrity check daemon? (y/n) [y]: #默认回车 Do you want torunthe rootkit detection engine? (y/n) [y]: #rootkit 检查 默认回车 Do you want to enable active response? (y/n) [y]: #默认回车
**************************************** * OSSEC HIDS v2.8 Agent manager. * * The following options are available: * **************************************** (I)mport key from the server (I). (Q)uit. Choose your action: I or Q: I #输入i
* Provide the Key generated by the server. * The best approach is to cut and paste it. *** OBS: Do not include spaces or new lines.
Paste it here (or '\q' to quit): MyBIb3N0LTE5Mi0xNjgtMzEtOTcgMTkyLjE2OC4zMS45NyA5YTBhODA0OTFlZDQ2ZTUwMmQ1MWQ2MGE3YzA2NDgxZTIzZTIyOGUxZjIzNTJlM2FkM2FkNTk5NYjNiY2Fh #粘贴上key
Agent information: ID:3 Name:Host-192-168-31-97 IP Address:192.168.31.97
Confirm adding it?(y/n): Y #确认信息 Added. ** Press ENTER to return to the main menu.
**************************************** * OSSEC HIDS v2.8 Agent manager. * * The following options are available: * **************************************** (I)mport key from the server (I). (Q)uit. Choose your action: I or Q: Q #输入q 退出
** You must restart OSSEC for your changes to take effect.
2017/01/0913:00:36 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning... 2017/01/0913:00:36 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit Cleaning... 2017/01/0913:00:36 ossec-agentd(1225): INFO: SIGNAL Received. Exit Cleaning... 2017/01/0913:00:36 ossec-execd(1314): INFO: Shutdown received. Deleting responses. 2017/01/0913:00:36 ossec-execd(1225): INFO: SIGNAL Received. Exit Cleaning... 2017/01/0913:00:37 ossec-execd:INFO: Started (pid:22890). 2017/01/0913:00:37 ossec-agentd:INFO: Using notify time:600 and max time to reconnect:1800 2017/01/0913:00:37 ossec-agentd(1410): INFO: Reading authentication keys file. 2017/01/0913:00:37 ossec-agentd:INFO: Assigning counter for agent Host-192-168-31-97: '2:2760'. 2017/01/0913:00:37 ossec-agentd:INFO: Assigning sender counter:54:9664 2017/01/0913:00:37 ossec-agentd:INFO: Started (pid:22894). 2017/01/0913:00:37 ossec-agentd:INFO: Server IP Address:192.168.31.111 2017/01/0913:00:37 ossec-agentd:INFO: Trying to connect to server (192.168.31.111:1514). 2017/01/0913:00:37 ossec-agentd:INFO: Using IPv4 for:192.168.31.111 . 2017/01/0913:00:38 ossec-agentd(4102): INFO: Connected to the server (192.168.31.111:1514).