安装

#tar zxvf ossec-hids-2.8.2.tar.gz

#cd ossec-hids-2.8.2

#./install.sh


选择安装语言


选择安装类型,agent 客户端


设置相关功能


安装完成


启动

# /etc/init.d/ossec start


Client认证注册

Ossec Server端,生成客户端密钥

[root@Server]# /var/ossec/bin/manage_agents
  
****************************************
* OSSEC HIDS v2.8 Agent manager.     *
* The following options are available: *
****************************************
   (A)dd an agent (A).                                    #添加客户端
   (E)xtract key for an agent (E).                        #提取客户端密钥
   (L)ist already added agents (L).                       #查看已注册认证客户端
   (R)emove an agent (R).                                 #移除客户端
   (Q)uit.                                                #退出
Choose your action: A,E,L,R or Q: A
  
- Adding a new agent (use '\q' to return to the main menu).
  Please provide the following:
   * A name for the new agent: web-10-10-51-51           #客户端名称
   * The IP Address of the new agent: 10.10.51.51        #客户端IP地址
   * An ID for the new agent[001]:                       #ID号,默认即可
Agent information:
   ID:001
   Name:web-10-10-51-51
   IP Address:10.10.51.51
  
Confirm adding it?(y/n): y                               #确认是否添加
Agent added.
 
提取客户端密钥
 
****************************************
* OSSEC HIDS v2.8 Agent manager.     *
* The following options are available: *
****************************************
   (A)dd an agent (A).
   (E)xtract key for an agent (E).
   (L)ist already added agents (L).
   (R)emove an agent (R).
   (Q)uit.
Choose your action: A,E,L,R or Q: E                  #提取客户端密钥
  
Available agents:
   ID: 001, Name: web-10-10-51-51, IP: 10.10.51.51
Provide the ID of the agent to extract the key (or '\q' to quit): 001    #输入客户端ID
  
Agent key information for '001' is:                   #客户端密钥
MDAxIHdlYi0xMC0xMC01MS01MSAxMC4xMC41MS41MSBkZDNmZWExOTBlMGNjMmJjYzY2YjYzOGZiYzEwMTc2YmI1MDljNGViZGVmNDA3YmE5Zjg2ZTE3MmIzNTQyNjIz
  
** Press ENTER to return to the main menu.


Client端,导入密钥

[root@Client]# /var/ossec/bin/manage_agents
****************************************
* OSSEC HIDS v2.8 Agent manager.     *
* The following options are available: *
****************************************
   (I)mport key from the server (I).
   (Q)uit.
Choose your action: I or Q: I                    #导入密钥
  
* Provide the Key generated by the server.
* The best approach is to cut and paste it.
*** OBS: Do not include spaces or new lines.
  
Paste it here (or '\q' to quit):                  #输入密钥,ossec server端生成时的密钥
MDAxIHdlYi0xMC0xMC01MS01MSAxMC4xMC41MS41MSBkZDNmZWExOTBlMGNjMmJjYzY2YjYzOGZiYzEwMTc2YmI1MDljNGViZGVmNDA3YmE5Zjg2ZTE3MmIzNTQyNjIz
  
Agent information:
   ID:001
   Name:web-10-10-51-51
   IP Address:10.10.51.51
  
Confirm adding it?(y/n): y
Added.
** Press ENTER to return to the main menu.
  
导入成功后,会在ossec目录后成client.keys文件
#cat /var/ossec/etc/client.keys
001 web-10-10-51-51 10.10.51.51 dd3fea190e0cc2bcc66b638fbc10176bb509c4ebdef407ba9f86e172b3542623


查看agent client端是否激活

[root@Client]# /var/ossec/bin/agent_control -l
OSSEC HIDS agent_control. List of available agents:
   ID: 000, Name: ossec-server-10-10-51-50 (server), IP: 127.0.0.1, Active/Local
   ID: 002, Name: web-10-10-51-51, IP: 10.10.51.51, Active