https://github.com/shjwudp/ossec

learn to use ossec
https://github.com/shjwudp/ossec

Last synced: about 1 month ago
JSON representation

learn to use ossec

• Host: GitHub
• URL: https://github.com/shjwudp/ossec
• Owner: shjwudp
• Created: 2016-07-22T06:58:13.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2016-08-17T08:16:50.000Z (over 8 years ago)
• Last Synced: 2024-11-19T01:54:03.807Z (about 2 months ago)
• Language: Shell
• Size: 411 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
BaishanCloud

# install

server:

```

wget -q -O – https://www.atomicorp.com/installers/atomic | sh

yum update -y

yum install -y mysql-devel openssl-devel ossec-hids ossec-hids-server

cd /var/ossec

# 开启ossec-agent注册服务器（用完关掉

./bin/ossec-authd

```

client:

```

sh ./sh/install.sh SERVER_IP SERVER_PORT(1515)

```

# Features

- log

  command file decoder rules

- syscheck

  integrity checking (md5 sha1sum size owner group permission ...)

- rootcheck (rootkit check)

  1. stats fopen opendir

  2. signatures of trojaned

  3. check /dev

  4. permission problem

  5. hidden-processes trojaned-ps

  6. hidden-ports

# HELP

默认ossec根目录：

$OSSEC_HOME=/var/ossec

配置文件：

$OSSEC_HOME/etc/ossec.conf

ossec启动停止命令：

$OSSEC_HOME/bin/ossec-control

ossec-server注册agent命令（执行后开始接受注册）：

$OSSEC_HOME/bin/ossec-authd

ossec-agent注册命令：

$OSSEC_HOME/bin/agent-auth