CentOS 7.x Install OSSEC agent
From Notes_Wiki
<yambe:breadcrumb>CentOS_7.x_OSSEC|CentOS 7.x OSSEC</yambe:breadcrumb>
CentOS 7.x Install OSSEC agent
To install OSSEC agent on CentOS 7.x use following steps:
- Install gcc compiler
- yum install -y gcc
- Download OSSEC hids
- git clone https://github.com/ossec/ossec-hids.git
- Install OSSEC
- cd ossec-hids
- ./install.sh
- Answer the following
- (en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]: '''en'''
- What kind of installation do you want (server, agent, local, hybrid or help)? '''agent'''
- Choose where to install the OSSEC HIDS [/var/ossec]: Enter
- What's the IP Address or hostname of the OSSEC HIDS server?: 192.168.1.X
- Do you want to run the integrity check daemon? (y/n) [y]: y
- Do you want to run the rootkit detection engine? (y/n) [y]: y
- Do you want to enable active response? (y/n) [y]: n
- --- Press ENTER to continue ---
- Start OSSEC for first time
- /var/ossec/bin/ossec-control start
On OSSEC server, Generate Key for the agent
- Run below command on OSSEC server
- /var/ossec/bin/manage_agents
- Answer the following
- Choose your action: A,E,L,R or Q: A
- A name for the new agent: Centos_Client
- The IP Address of the new agent: 192.168.1.X
- An ID for the new agent[001]: 001
- Confirm adding it?(y/n): y
- (Generate key for Agent)
- Choose your action: A,E,L,R or Q: e
- Provide the ID of the agent to extract the key (or '\q' to quit): 001
- (Copy the key)
- Restart OSSEC server
- systemctl restart ossec
On OSSEC Agent - Remaining agent configuration
- From the OSSEC agent, run the command
- /var/ossec/bin/manage_agents
- Choose your action: I or Q: i
- Paste it here (or '\q' to quit): (Paste Key)
- Confirm adding it?(y/n): y
- Restart OSSEC agent
- systemctl restart ossec
<yambe:breadcrumb>CentOS_7.x_OSSEC|CentOS 7.x OSSEC</yambe:breadcrumb>
