PEMASANGAN OSSEC - OSSEC|OSSEC-WUI


PEMASANGAN OSSEC SECARA RINGKAS:
OS = BT5 & UBUNTU
OSSEC = OSSEC 2.7 Beta-1
OSSEC-WUI = OSWUI v0.3

1- OSSEC - SERVER

root@haruan:/home/akmal# cd /usr/local/src/
root@haruan:/usr/local/src# wget http://www.ossec.net/files/ossec-hids-2.7-beta-1.tar.gz
root@haruan:/usr/local/src# tar zxvf ossec-hids-2.7-beta-1.tar.gz
root@haruan:/usr/local/src# cd ossec-hids-2.7-beta*
root@haruan:/usr/local/src/ossec-hids-2.7-beta1# sh install.sh
root@haruan:/usr/local/src/ossec-hids-2.7-beta1# /var/ossec/bin/ossec-control start
root@haruan:/usr/local/src/ossec-hids-2.7-beta1#/var/ossec/bin/manage_agents

** Pilih server semasa membuat pilihan
*** manage-agents untuk membuat tambahan ejen


2- OSSEC - AGENT

root@kelah:/usr/local/src# cd ossec-hids-2.7-beta*
root@kelah:/usr/local/src/ossec-hids-2.7-beta1# sh install.sh
root@kelah:/usr/local/src/ossec-hids-2.7-beta1# cd /var/ossec/bin
root@kelah:/var/ossec/bin# ./manage_agents
root@kelah:/var/ossec/bin# ./ossec-control restart

*** Pilih agent semasa membuat pilihan

3- OSSEC - WUI

root@haruan:/usr/local/src# wget http://www.ossec.net/files/ossec-wui-0.3.tar.gz
root@haruan:/usr/local/src# wget http://www.ossec.net/files/ossec-wui-0.3-checksum.txt
root@haruan:/usr/local/src# wget http://www.ossec.net/files/ossec-wui-0.3.tar.gz.sig
root@haruan:/usr/local/src# md5sum ossec-wui-0.3.tar.gz
root@haruan:/usr/local/src# sha1sum ossec-wui-0.3.tar.gz
root@haruan:/usr/local/src# tar zxvf ossec-wui-0.3.tar.gz
root@haruan:/usr/local/src# mv ossec-wui-0.3 /var/www/ossec
root@haruan:/usr/local/src# chown -R www-data.www-data /var/www/ossec
root@haruan:/var/www# cd /var/www/ossec/
root@haruan:/var/www/ossec# sh setup.sh
root@haruan:/var/www/ossec# usermod -a -G ossec www-data
root@haruan:/var/www/ossec# chmod 770 tmp/
root@haruan:/var/www/ossec# chgrp www-data tmp/

# Sampingan - Menggunakan kata-kunci untuk akses
root@haruan:/var/www/ossec# htpasswd -m /var/www/ossec/.htpasswd userid
root@haruan:/var/www/ossec# vi /etc/apache2/apache2.conf

* Tambahan yang diperlukan pada konfigurasi apache2
<Directory "/var/www/ossec">
    AllowOverride All
</Directory>
root@haruan:/var/www/ossec# /etc/init.d/apache2 reload

4- WEB/SSL

root@haruan:/usr/local/src/ossec-hids-2.7-beta1# cd /usr/local/src
root@haruan:/usr/local/src# apache2ctl start
root@haruan:/usr/local/src# openssl genrsa -des3 -out server.key 1024
root@haruan:/usr/local/src# openssl req -new -key server.key -out server.csr
root@haruan:/usr/local/src# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
root@haruan:/usr/local/src# mkdir /etc/apache2/ssl
root@haruan:/usr/local/src# mv server.key /etc/apache2/ssl/
root@haruan:/usr/local/src# mv server.crt /etc/apache2/ssl/
root@haruan:/usr/local/src# a2enmod ssl
root@haruan:/usr/local/src# a2ensite default-ssl
root@haruan:/usr/local/src# cd /etc/apache2/sites-available
root@haruan:/usr/local/src# vi default
root@haruan:/usr/local/src# vi default-ssl
root@haruan:/usr/local/src# /etc/init.d/apache2 reload
root@haruan:/usr/local/src# apache2ctl restart
root@haruan:/usr/local/src# netstat -tepan |grep 443


Semoga nota ini dapat memberi manfaat. WA

Comments

  1. Assalamualaikum..
    Saya mempunyai masalah dengan ossec nie..
    masalah saya ossec nie x dapat nak hantar notification email keluar untuk alert-kan saya.
    setiap kali ossec cuba hantar email keluar mesti ada error macam ni --> ossec-maild(1223): ERROR: Error Sending email

    jenis installation saya ialah local installation dalam VMWare Workstation 9
    OS Ubuntu 10.04 LTS 32bit
    bridged connection dgn host OS
    email dan smtp server betul.
    package postfix juga telah diinstall.
    port 25 juga terbuka.

    ReplyDelete

Post a Comment

Pandangan anda dihargai

Popular Posts

Scanned

Website Security Test