OSSEC Version 3.6.0 Install Successful on Google Cloud



Created by Andrew Francis
March 11, 2020

 ******************    OSSEC v. 3.6.0 INSTALL SUCCESSFUL  *************

 This is on a CentOS 7 vm on Google Cloud Platform 

 uname -a
Linux ids-server 3.10.0-1062.12.1.el7.x86_64 #1 SMP Tue Feb 4 23:02:59 UTC 2020 x86_64 x86_64 x86_64 

 CentOS Linux release 7.7.1908 (Core)

 [andy@ids-server ossec-hids-3.6.0]$ 

  sudo yum install zlib-devel pcre2-devel make gcc
 sudo  yum install mysql-devel postgresql-devel
 sudo  yum install sqlite-devel

  sudo yum install  libevent libevent-devel.x86_64

  wget https://github.com/ossec/ossec-hids/archive/3.6.0.tar.gz
 tar -xzvf 3.6.0.tar.gz

  cd ossec-hids-3.6.0/

 [andy@ids-server ossec-hids-3.6.0]$ sudo  PCRE2_SYSTEM=yes ./install.sh

(en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]:

OSSEC HIDS v3.6.0 Installation Script - http://www.ossec.net

 You are about to start the installation process of the OSSEC HIDS.
You must have a C compiler pre-installed in your system.

 System: Linux ids-server 3.10.0-1062.12.1.el7.x86_64

 User: root

 Host: ids-server

 -- Press ENTER to continue or Ctrl-C to abort. --

 1- What kind of installation do you want (server, agent, local, hybrid or help)? server

 Server installation chosen.

 2- Setting up the installation environment.

 Choose where to install the OSSEC HIDS [/var/ossec]:

 Installation will be made at  /var/ossec .

 3- Configuring the OSSEC HIDS.

 3.1- Do you want e-mail notification? (y/n) [y]:

 What's your e-mail address? root@localhost

 What's your SMTP server ip/host? 127.0.0.1

 3.2- Do you want to run the integrity check daemon? (y/n) [y]:

 Running syscheck (integrity check daemon).

 3.3- Do you want to run the rootkit detection engine? (y/n) [y]:

 Running rootcheck (rootkit detection).

 3.4- Active response allows you to execute a specific
command based on the events received. For example,
you can block an IP address or disable access for
a specific user.
More information at:
http://www.ossec.net/en/manual.html#active-response

 Do you want to enable active response? (y/n) [y]:

 Active response enabled.

 By default, we can enable the host-deny and the
firewall-drop responses. The first one will add
a host to the /etc/hosts.deny and the second one
will block the host on iptables (if linux) or on
ipfilter (if Solaris, FreeBSD or NetBSD).

 They can be used to stop SSHD brute force scans,
portscans and some other forms of attacks. You can
also add them to block on snort events, for example.

 Do you want to enable the firewall-drop response? (y/n) [y]:

 firewall-drop enabled (local) for levels >= 6

169.254.169.254

 Do you want to add more IPs to the white list? (y/n)? [n]:

 3.5- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:

 Remote syslog enabled.

 3.6- Setting the configuration to analyze the following logs:
-- /var/log/messages
-- /var/log/secure
-- /var/log/maillog

 If you want to monitor any other file, just change
the ossec.conf and add a new localfile entry.
Any questions about the configuration can be answered
by visiting us online at http://www.ossec.net .

 --- Press ENTER to continue ---

 5- Installing the system

 Running the Makefile

 ...........Make details omitted .........

 System is Redhat Linux.

 Init script modified to start OSSEC HIDS during boot.

 Configuration finished properly.

 To start OSSEC HIDS:
/var/ossec/bin/ossec-control start

 To stop OSSEC HIDS:
/var/ossec/bin/ossec-control stop

 The configuration can be viewed or modified at /var/ossec/etc/ossec.conf

 Thanks for using the OSSEC HIDS.
If you have any question, suggestion or if you find any bug,
contact us at https://github.com/ossec/ossec-hids

  or using
our public maillist at
https://groups.google.com/forum/#!forum/ossec-list

 More information can be found at http://www.ossec.net

 ---  Press ENTER to finish (maybe more information below). ---

 In order to connect agent and server, you need to add each agent to the server.
Run the 'manage_agents' to add or remove them:

 /var/ossec/bin/manage_agents

 More information at:
http://www.ossec.net/en/manual.html#ma

 [andy@ids-server ossec-hids-3.6.0]$

Comments

Post a Comment

Popular posts from this blog

Linux Performance Monitoring

****Linux Performance Monitoring **** Check :   CPU Utilization, Memory, Disk space, # of network connections, disk i/o top df -h  cat /proc/cpuinfo  free -m  netstat -n iostat  Other : /var/log/messages docker ps  netstat -n  java logs  Tools: New Relic ,  Nagios ,  App Dynamics  chkmk , scout--  scoutapp,com  PRTG    vCenter    monitor network traffic bits/sec Articles : http://www.brendangregg.com/blog/2017-08-08/linux-load-averages.html http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages http://www.linuxjournal.com/article/9001 https://stackoverflow.com/questions/21617500/understanding-load-average-vs-cpu-usage https://en.wikipedia.org/wiki/Load_(computing) https://www.cyberciti.biz/tips/top-linux-monitoring-tools.html https://www.tecmint.com/linux-performance-monitoring-with-vmstat-and-iostat-commands/ https://linux.101hacks....
Read more