Centos 6.4 ossec Batch Installation deployment client

Last Update:2015-12-29 Source: Internet

Author: User

Tags vars install perl ossec

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

First, the article is mainly to learn from the Internet, made a small change

server:192.168.153.172

client:192.168.153.173

192.168.153.174

Second, the server configuration

Server detailed installation process see http://whnba.blog.51cto.com/1215711/1633004

Build ftp to facilitate our download of configuration files

[Email protected] ~]# yum-y install httpd

[[Email protected] ~]# service httpd start

[Email protected] ~]# mkdir/var/www/html/ossec

[Email protected] ~]# cd/var/www/html/ossec

[[email protected] ossec]#/etc/init.d/iptables stop

See if FTP can access the http://192.168.153.172/ossec/

Ip.txt used to store the client host name and IP address

[email protected] ~]# cat Ip.txt

agent01:192.168.153.173

agent02:192.168.153.174

The script used to generate the key

[email protected] ~]# cat key_gen.py

#!/usr/bin/env python

#-*-Coding:utf-8-*-

Import OS

if __name__ = = ' __main__ ':

Save_keys_path = "Keys.logs"

f = open ("Ip.txt")

lines = F.read (). Splitlines ()

F.close ()

#perl文件在安装包里面

Shell_path = "/root/ossec-hids-2.8.1/contrib/ossec-batch-manager.pl"

For line in lines:

arr = Line.split (":")

HOST_NAME = arr[0]

ip = arr[1]

#服务端根据name和ip添加客户端

cmd = "%s-a--ip%s--name%s"% (Shell_path,ip,host_name)

Os.system (CMD)

cmd = "%s-e%s >>%s"% (Shell_path,ip,save_keys_path)

Os.system (CMD)

Execute error and resolve:

[email protected] ~]# python key_gen.py

Can ' t locate time/hires.pm in @INC (@INC contains:/usr/local/lib64/perl5/usr/local/share/perl5/usr/lib64/perl5/ Vendor_perl/usr/share/perl5/vendor_perl/usr/lib64/perl5/usr/share/perl5.) at/root/ossec-hids-2.7/contrib/ossec-batch-manager.pl Line 113.

BEGIN failed--compilation aborted at/root/ossec-hids-2.7/contrib/ossec-batch-manager.pl line 113.

[Email protected] ~]# yum-y install Perl-time-hires

Generated key file/var/ossec/etc/client.keys

[email protected] ~]# python key_gen.py

[Email protected] ~]# Cat/var/ossec/etc/client.keys

001 agent01 192.168.153.173 316260854925970ce8953064b1ff2fafe1245f38dd06ed1203a60f9a465a9f44

002 agent02 192.168.153.174 2ec85cdc3ac7512572cd1927ecdea88f46521c00896632c1d8b880256a117ebb

Put the configuration files and packages required by the client in FTP

[Email protected] ~]# cd/var/www/html/ossec

[Email protected] ossec]# Tar XF ossec_client_conf.tar.gz

[email protected] ossec]# LL

Total 2416

-rw-r--r--1 root root 21:49 client.keys

-rw-r--r--1 root root 820077 Dec 02:22 ossec_client_conf.tar.gz

-rw-r--r--1 root root 2781 Dec 23:55 ossec.conf

-rw-r--r--1 root root 1634812 Apr ossec-hids-2.8.1.tar.gz

-rwxr-xr-x 1 root root 3275 Dec 02:16 preloaded-vars.conf

[Email protected] ossec]# Grep-ev ' ^#|^$ ' preloaded-vars.conf

User_language= "en" # for 中文版

user_no_stop= "Y"

User_install_type= "Agent"

User_dir= "/var/ossec"

User_enable_active_response= "Y"

user_enable_syscheck= "Y"

user_enable_rootcheck= "Y"

user_agent_server_ip= "192.168.153.172"

Third, the Client Agent batch installation

[[email protected] ~]# yum-y install GCC

[[email protected] ~]#/etc/init.d/iptables stop

Execute script to install Agent client automatically

[Email protected] ~]# sh ossec-agent-batch-install.sh

[email protected] ~]# cat ossec-agent-batch-install.sh

#!/bin/bash

Cd/usr/local

wget http://192.168.153.172/ossec/ossec-hids-2.8.1.tar.gz

Tar XF ossec-hids-2.8.1.tar.gz

CD ossec-hids-2.8.1/etc/

MV Preloaded-vars.conf Preloaded-vars.conf.bak

wget http://192.168.153.172/ossec/preloaded-vars.conf

Cd..

./install.sh

Cd/var/ossec/etc

wget Http://192.168.153.172/ossec/client.keys

host_ip= '/sbin/ifconfig eth0 |grep ' bcast ' |cut-d:-f2 |cut-d '-f1 '

Sed-i '/' $HOST _ip '/! ' D/var/ossec/etc/client.keys

RM-RF ossec.conf

wget http://192.168.153.172/ossec/ossec.conf

Cd..

./bin/ossec-control Start

Iv. Viewing client ports

[Email protected] ~]# Netstat-lanpu |grep ossec

UDP 0 0 192.168.153.173:60090 192.168.153.172:1514 established 4827/OSSEC-AGENTD

V. View server ports

[Email protected] ~]# Netstat-lanpu |grep ossec

UDP 0 0 0.0.0.0:514 0.0.0.0:* 5657/ossec-remoted

UDP 0 0 0.0.0.0:1514 0.0.0.0:* 5658/ossec-remoted

[Email protected] ~]#/VAR/OSSEC/BIN/AGENT_CONTROL-LC

Ossec HIDS Agent_control. List of available agents:

id:000, Name:ossec-server (server), ip:127.0.0.1, active/local

id:001, name:agent01, ip:192.168.153.173, Active

id:002, name:agent02, ip:192.168.153.174, Active

This article is from "Kaka West" blog, please be sure to keep this source http://whnba.blog.51cto.com/1215711/1729606

Centos 6.4 ossec Batch Installation deployment client

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More