Difference between revisions of "OSSEC: Ubuntu 18.04"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 88: | Line 88: | ||
- Configuration finished properly. | - Configuration finished properly. | ||
− | + | ||
- To start OSSEC HIDS: | - To start OSSEC HIDS: | ||
/var/ossec/bin/ossec-control start | /var/ossec/bin/ossec-control start | ||
− | + | ||
- To stop OSSEC HIDS: | - To stop OSSEC HIDS: | ||
/var/ossec/bin/ossec-control stop | /var/ossec/bin/ossec-control stop | ||
− | + | ||
- The configuration can be viewed or modified at /var/ossec/etc/ossec.conf | - The configuration can be viewed or modified at /var/ossec/etc/ossec.conf | ||
− | + | ||
− | |||
Thanks for using the OSSEC HIDS. | Thanks for using the OSSEC HIDS. | ||
If you have any question, suggestion or if you find any bug, | If you have any question, suggestion or if you find any bug, | ||
Line 103: | Line 102: | ||
our public maillist at | our public maillist at | ||
https://groups.google.com/forum/#!forum/ossec-list | https://groups.google.com/forum/#!forum/ossec-list | ||
− | + | ||
More information can be found at http://www.ossec.net | More information can be found at http://www.ossec.net | ||
+ | ==Selesai & Bisa digunakan== | ||
+ | |||
+ | Run | ||
+ | /var/ossec/bin/ossec-control start | ||
+ | Stop | ||
+ | /var/ossec/bin/ossec-control stop | ||
Revision as of 06:51, 30 March 2020
Install Pendukung
sudo su apt update apt -y install build-essential make zlib1g-dev libpcre2-dev libz-dev libssl-dev libevent-dev
Download & Install
sudo su cd /usr/local/src wget https://github.com/ossec/ossec-hids/archive/3.6.0.tar.gz tar zxvf 3.6.0.tar.gz cd /usr/local/src/ossec-hids-3.6.0 ./install.sh
Cuplikan Proses Instalasi
CATATAN: Sebagian besar cukup tekan ENTER
- Pilih Bahasa: [en]
OSSEC HIDS v3.6.0 Installation Script - http://www.ossec.net You are about to start the installation process of the OSSEC HIDS. You must have a C compiler pre-installed in your system. - System: Linux ubuntu 4.15.0-20-generic - User: root - Host: ubuntu
ENTER
1- What kind of installation do you want (server, agent, local, hybrid or help)?
server hybrid
2- Setting up the installation environment.
ENTER [/var/ossec]
3- Configuring the OSSEC HIDS.
3.1- Do you want e-mail notification? (y/n) [y]: ENTER - What's your e-mail address? email@address.anda - We found your SMTP server as: smtp.server.anda - Do you want to use it? (y/n) [y]: ENTER 3.2- Do you want to run the integrity check daemon? (y/n) [y]: ENTER - Running syscheck (integrity check daemon). 3.3- Do you want to run the rootkit detection engine? (y/n) [y]: ENTER 3.4- Active response allows you to execute a specific command based on the events received. For example, you can block an IP address or disable access for a specific user. More information at: http://www.ossec.net/en/manual.html#active-response - Do you want to enable active response? (y/n) [y]: 'ENTER - Active response enabled.
- By default, we can enable the host-deny and the firewall-drop responses. The first one will add a host to the /etc/hosts.deny and the second one will block the host on iptables (if linux) or on ipfilter (if Solaris, FreeBSD or NetBSD). - They can be used to stop SSHD brute force scans, portscans and some other forms of attacks. You can also add them to block on snort events, for example. - Do you want to enable the firewall-drop response? (y/n) [y]: ENTER
- firewall-drop enabled (local) for levels >= 6 - - 127.0.0.53 - Do you want to add more IPs to the white list? (y/n)? [n]: ENTER
3.5- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]: - Remote syslog enabled. 3.6- Setting the configuration to analyze the following logs: -- /var/log/auth.log -- /var/log/syslog -- /var/log/dpkg.log - If you want to monitor any other file, just change the ossec.conf and add a new localfile entry. Any questions about the configuration can be answered by visiting us online at http://www.ossec.net .
Selesai Compile
- Configuration finished properly. - To start OSSEC HIDS: /var/ossec/bin/ossec-control start - To stop OSSEC HIDS: /var/ossec/bin/ossec-control stop - The configuration can be viewed or modified at /var/ossec/etc/ossec.conf Thanks for using the OSSEC HIDS. If you have any question, suggestion or if you find any bug, contact us at https://github.com/ossec/ossec-hids or using our public maillist at https://groups.google.com/forum/#!forum/ossec-list More information can be found at http://www.ossec.net
Selesai & Bisa digunakan
Run
/var/ossec/bin/ossec-control start
Stop
/var/ossec/bin/ossec-control stop
Fast way steps:
1- Run the script ./install.sh. It will guide you through the
installation process.
2- The script will create everything in /var/ossec and try to
create the initialization script in your system (/etc/rc.local or /etc/rc.d/init.d/ossec). If the init script is not created, make sure to follow the instructions from the install.sh to make OSSEC HIDS start during the boot. To start it by hand, just run /var/ossec/bin/ossec-control start
3- If you are running it on multiple clients, make sure to install
the server first. Use the manage_agents tool to create the right encryption keys.
4- Enjoy.