Install some stuff so we can compile
OSSEC later.Download the latest version of
OSSEC .Extract the files from the tar and run the "install.sh" script.
Start
OSSEC HIDS Stop
OSSEC HIDS
[root@glt ~]# yum -y install gcc gcc-c++ autoconf automake
[root@glt ~]# wget http://www.ossec.net/files/ossec-hids-latest.tar.gz
[root@glt ~]# tar -zxvf ossec-hids-latest.tar.gz [root@glt ~]# cd ossec-hids-2.7 [root@glt ossec-hids-2.7]# ./install.sh
When asked for what kind of installation options choose local. You can chose server if you plan on accepting logs from a remote agents. Accept default values for the remaining options.
[root@glt ~]# /var/ossec/bin/ossec-control start
[root@glt ~]# /var/ossec/bin/ossec-control stop
Install OSSEC Web User Interface (OSSEC WUI )
Install Apache and PHP.
Open the Apache configuration file.
Change AllowOverride None to AllowOverride All inside the DocumentRoot Directory Directive.
Create a SSL Certificate on Apache for CentOS 6. To encrypt the site's information and create a more secure connection.
Generate private key
Generate CSR
Generate Self Signed Key
Copy the files to the correct locations
Set up the virtual hosts to display the new certificate.
Find the following two lines, and make sure that they match the extensions below.
Download the latest version of
OSSEC web user interface.Extract the files from the tar and move the folder to web-server root directory.
Run the setup.sh script
Add your web server user (apache) to the ossec group:
Start apache:
[root@glt ~]# yum -y httpd php mod_ssl openssl [root@glt ~]# chkconfig --levels 235 httpd on
[root@glt ossec]# vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
[root@glt ossec]# openssl genrsa -out ca.key 2048
[root@glt ~]# openssl req -new -key ca.key -out ca.csr
[root@glt ~]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
[root@glt ~]# cp ca.crt /etc/pki/tls/certs/ [root@glt ~]# cp ca.key /etc/pki/tls/private/ [root@glt ~]# cp ca.csr /etc/pki/tls/private/
[root@glt ~]# vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key
[root@glt ~]# wget http://www.ossec.net/files/ossec-wui-0.3.tar.gz
[root@glt ~]# tar -zxvf ossec-wui-0.3.tar.gz [root@glt ~]# mv ossec-wui-0.3 /var/www/html/ossec
[root@glt ~]# cd /var/www/html/ossec/ [root@glt ossec]# ./setup.sh Setting up ossec ui... Username: admin New password: Re-type new password: Adding password for user admin Setup completed successfuly.
[root@glt ossec]# usermod -a -G ossec apache [root@glt ossec]# chmod 770 tmp/ [root@glt ossec]# chgrp apache tmp/
[root@glt ossec]# /etc/init.d/httpd restart
No comments:
Post a Comment