Comandos frecuentes OSSEC

De Luis Moreno Wiki
Revisión del 22:49 19 jul 2020 de Mayordomowiki (discusión | contribuciones) (Página creada con «OSSEC /var/ossec/bin - list_agents ./list_agents -c (connected) ./list_agents -a (all) ./list_agents -n (not connected) https://www.alienvault.com/forum/index.php?t…»)
(dif) ← Revisión anterior | Revisión actual (dif) | Revisión siguiente → (dif)
Ir a la navegación Ir a la búsqueda

OSSEC

/var/ossec/bin - list_agents 

 ./list_agents -c (connected)
 ./list_agents -a (all)
 ./list_agents -n (not connected)

https://www.alienvault.com/forum/index.php?t=msg&goto=7019&S=f1136d40054e6ac26170dce046be7f30#msg_7019


Adding clients to the OSSEC server All important files for OSSEC are located in /var/ossec, the control utilities are in /var/ossec/bin 1. Add a new client: - cd /var/ossec/bin - ./manage_agents --- Choose A to add an agent, enter the client IP and ID you'd like to use (accepting the defaults is fine, ID's are how OSSEC keeps track of clients internally so it doesn't have to match anything else it just has to be unique)

Personally I prefer to pre-configure all of my clients here at once so I add each and every host that will have OSSEC agents installed now. I'm going to presume you do the same and don't have RSS injuries when you're done. So from this point on I will act as if you have added every agent to the master server.

2. Restart the OSSEC server to make the changes (in this case new agents) active. 

 ./ossec-control stop
 ./ossec-control start

Installing on Linux Hosts 1. Download the agent software to the TMP folder: 

 cd /tmp
 wget http://www.ossec.net/files/ossec-hids-1.6.tar.gz

(it uses the same package for all 3 types of Linux installs so you could just copy the file you used on the server)

2. Extract the package 

 tar -zxvf ossec-hids-1.6.tar.gz

3. Install it 

 cd ossec-hids-1.6
 ./install.sh

--- When prompted for the installation type choose "agent" --- When prompted for the OSSEC server IP use the OSSIM/OSSEC Master server --- Accept all other defaults. 4. Configure the agent authentication from the client 

 /var/ossec/bin/manage_agent

--- choose 'I' to import the key --- follow the steps described in the Windows agent install to copy the client's key from the Master Server and paste it into the Import Key prompt. 5. Restart the agent 

 /var/ossec/bin/ossec-control stop
 /var/ossec/bin/ossec-control start


-- agregar ip a whitelist para hacer pentest desde un host remoto por ejemplo 

 cp /var/ossec/etc/ossec.conf /opt/ossec.conf.bck
 chmod 700 /var/ossec/etc/ossec.conf
 vim /var/ossec/etc/ossec.conf

Buscar donde diga whitelist Reiniciar el servicio 

 /var/ossec/bin/ossec-control restart
Obtenido de «https://www.luismoreno.io/wiki/index.php?title=Comandos_frecuentes_OSSEC&oldid=21»