PEMASANGAN OSSEC SECARA RINGKAS:
OS = BT5 & UBUNTU
OSSEC = OSSEC 2.7 Beta-1
OSSEC-WUI = OSWUI v0.3
1- OSSEC - SERVER
*** manage-agents untuk membuat tambahan ejen
root@haruan:/home/akmal# cd /usr/local/src/
root@haruan:/usr/local/src# wget http://www.ossec.net/files/ossec-hids-2.7-beta-1.tar.gz
root@haruan:/usr/local/src# tar zxvf ossec-hids-2.7-beta-1.tar.gz
root@haruan:/usr/local/src# cd ossec-hids-2.7-beta*
root@haruan:/usr/local/src/ossec-hids-2.7-beta1# sh install.sh
root@haruan:/usr/local/src/ossec-hids-2.7-beta1# /var/ossec/bin/ossec-control start
root@haruan:/usr/local/src/ossec-hids-2.7-beta1#/var/ossec/bin/manage_agents
** Pilih server semasa membuat pilihan *** manage-agents untuk membuat tambahan ejen
2- OSSEC - AGENT
root@kelah:/usr/local/src# cd ossec-hids-2.7-beta*
root@kelah:/usr/local/src/ossec-hids-2.7-beta1# sh install.sh
root@kelah:/usr/local/src/ossec-hids-2.7-beta1# cd /var/ossec/bin
root@kelah:/var/ossec/bin# ./manage_agents
root@kelah:/var/ossec/bin# ./ossec-control restart
*** Pilih agent semasa membuat pilihan
3- OSSEC - WUI
root@haruan:/usr/local/src# wget http://www.ossec.net/files/ossec-wui-0.3.tar.gz
root@haruan:/usr/local/src# wget http://www.ossec.net/files/ossec-wui-0.3-checksum.txt
root@haruan:/usr/local/src# wget http://www.ossec.net/files/ossec-wui-0.3.tar.gz.sig
root@haruan:/usr/local/src# md5sum ossec-wui-0.3.tar.gz
root@haruan:/usr/local/src# sha1sum ossec-wui-0.3.tar.gz
root@haruan:/usr/local/src# tar zxvf ossec-wui-0.3.tar.gz
root@haruan:/usr/local/src# mv ossec-wui-0.3 /var/www/ossec
root@haruan:/usr/local/src# chown -R www-data.www-data /var/www/ossec
root@haruan:/var/www# cd /var/www/ossec/
root@haruan:/var/www/ossec# sh setup.sh
root@haruan:/var/www/ossec# usermod -a -G ossec www-data
root@haruan:/var/www/ossec# chmod 770 tmp/
root@haruan:/var/www/ossec# chgrp www-data tmp/
# Sampingan - Menggunakan kata-kunci untuk akses
root@haruan:/var/www/ossec# htpasswd -m /var/www/ossec/.htpasswd userid
root@haruan:/var/www/ossec# vi /etc/apache2/apache2.conf
* Tambahan yang diperlukan pada konfigurasi apache2
4- WEB/SSL
<Directory "/var/www/ossec">
AllowOverride All
</Directory>
root@haruan:/var/www/ossec# /etc/init.d/apache2 reload
root@haruan:/usr/local/src/ossec-hids-2.7-beta1# cd /usr/local/src
root@haruan:/usr/local/src# apache2ctl start
root@haruan:/usr/local/src# openssl genrsa -des3 -out server.key 1024
root@haruan:/usr/local/src# openssl req -new -key server.key -out server.csr
root@haruan:/usr/local/src# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
root@haruan:/usr/local/src# mkdir /etc/apache2/ssl
root@haruan:/usr/local/src# mv server.key /etc/apache2/ssl/
root@haruan:/usr/local/src# mv server.crt /etc/apache2/ssl/
root@haruan:/usr/local/src# a2enmod ssl
root@haruan:/usr/local/src# a2ensite default-ssl
root@haruan:/usr/local/src# cd /etc/apache2/sites-available
root@haruan:/usr/local/src# vi default
root@haruan:/usr/local/src# vi default-ssl
root@haruan:/usr/local/src# /etc/init.d/apache2 reload
root@haruan:/usr/local/src# apache2ctl restart
root@haruan:/usr/local/src# netstat -tepan |grep 443
Semoga nota ini dapat memberi manfaat. WA
Assalamualaikum..
ReplyDeleteSaya mempunyai masalah dengan ossec nie..
masalah saya ossec nie x dapat nak hantar notification email keluar untuk alert-kan saya.
setiap kali ossec cuba hantar email keluar mesti ada error macam ni --> ossec-maild(1223): ERROR: Error Sending email
jenis installation saya ialah local installation dalam VMWare Workstation 9
OS Ubuntu 10.04 LTS 32bit
bridged connection dgn host OS
email dan smtp server betul.
package postfix juga telah diinstall.
port 25 juga terbuka.