配置好Ossec服務端和用戶端後,每次重新開機各虛拟機後需要先啟動一些服務才能進行入侵檢測,現對步驟流程做如下筆記:
服務端:
[[email protected] ~]$ su -
[[email protected] ~]# systemctl start httpd
[[email protected] ~]# systemctl start mariadb
[[email protected] ~]# systemctl start sendmail.service
[[email protected] ~]# cd ossec-hids-2.8.3
[[email protected] ossec-hids-2.8.3]# /opt/ossec/bin/ossec-control enable database
[[email protected] ossec-hids-2.8.3]# systemctl restart httpd
[[email protected] ossec-hids-2.8.3]# systemctl stop firewalld.service
[[email protected] ossec-hids-2.8.3]# setenforce 0
[[email protected] ossec-hids-2.8.3]# systemctl restart httpd
用戶端:
[email protected]:~# cd ossec-hids-2.8.3/
[email protected]:~/ossec-hids-2.8.3# /opt/ossec/bin/ossec-control start
Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)...
ossec-execd already running...
ossec-agentd already running...
ossec-logcollector already running...
ossec-syscheckd already running...
Completed.
服務端:
浏覽器打開http://<你的伺服器ip>/analogi/