For this you will need two machine, one for OSSEC server and other one for OSSEC client. Post contains mainly two components
- OSSEC server
- OSSEC agent (client)
1. Install the server and steps are explain in previous article. and same way install OSSEC agent in other machine.
2. In server add new agent by
# /var/ossec/bin/manage_agents
(Enter you client IP in here, give unique agent ID number also)
3. Extract OSSEC agent key from
# /var/ossec/bin/manage_agents
Enter : e
4. Adding key to the client which is given from server. (make sure you copy it correctly). Enter below command in client machine (command is same that is is used to extract key from server machine)
# /var/ossec/bin/manage_agents
5. Start the client and server
# /var/ossec/bin/ossec-control start
It is done. As extract point I like to mention that if you having OSSIM in you server side you can find the new agent if you restart the OSSIM config
# ossim-reconfig -c -v -d
Here is our active agent in in OSSIM
Environment->Detection->HIDS->Agents
You can remove OSSEN client from below command in client and server you have to remove from OSSEC manager also.
# rm -rf /var/ossec/
No comments:
Post a Comment