cd /tmp
wget http://www.ossec.net/files/ossec-hids-0.9-1a.tar.gz
tar xvfz ossec-hids-0.9-1a.tar.gz
Dann führen wir das Installationsskript aus:
cd ossec-hids-0.9-1a
./install.sh
Das Installationsskript wird Dir ein paar Fragen stellen:
** Para instalação em português, escolha [br].
** Fur eine deutsche Installation wohlen Sie [de].
** For installation in English, choose [en].
** Para instalar en Español , eliga [es].
** Pour une installation en français, choisissez [fr]
** Per l'installazione in Italiano, scegli [it].
** æ¥æ¬èªã§ã¤ã³ã¹ãã¼ã«ãã¾ãï¼é¸æãã¦ä¸ãã
ï¼[jp].
** Aby instalowaÄ w jÄzyku Polskim, wybierz [pl].
** ÐÐ»Ñ Ð¸Ð½ÑÑÑÑкÑий по ÑÑÑановке на ÑÑÑÑком ,введиÑе [ru].
** Türkçe kurulum için seçin [tr].
(en/br/de/es/fr/it/jp/pl/ru/tr) [en]: <-- en (oder eine der anderen Optionen, wenn nicht Englisch verwenden möchtest)
OSSEC HIDS v0.9-1 Installation Script - http://www.ossec.net
You are about to start the installation process of the OSSEC HIDS.
You must have a C compiler pre-installed in your system.
If you have any questions or comments, please send an e-mail
to dcid@ossec.net (or daniel.cid@gmail.com).
- System: Linux server1.example.com 2.6.8-2-386
- User: root
- Host: server1.example.com
-- Press ENTER to continue or Ctrl-C to abort. -- <-- [ENTER]
1- What kind of installation do you want (server, agent, local or help)? <-- local
- Choose where to install the OSSEC HIDS [/var/ossec]: <-- /var/ossec
3.1- Do you want e-mail notification? (y/n) [y]: <-- y
- What's your e-mail address? <-- example@example.com (gib hier bitte Deine eigene E-Mail Adresse ein)
- We found your SMTP server as: mail.example.com.
- Do you want to use it? (y/n) [y]: <-- y (normalerweise kannst Du den Vorschlag des Installers akzeptieren, wenn Du keinen anderen SMTP Server verwenden möchtest)
3.2- Do you want to run the integrity check daemon? (y/n) [y]: <-- y
3.3- Do you want to run the rootkit detection engine? (y/n) [y]: <-- y
- Do you want to enable active response? (y/n) [y]: <-- y
- Do you want to enable the firewall-drop response? (y/n) [y]: <-- y
- Do you want to add more IPs to the white list? (y/n)? [n]: <-- n (wenn Du keine weiteren IP Adressen der Whitelist hinzufügen möchtest)
3.6- Setting the configuration to analyze the following logs:
-- /var/log/messages
-- /var/log/auth.log
-- /var/log/syslog
-- /var/log/mail.info
- If you want to monitor any other file, just change
the ossec.conf and add a new localfile entry.
Any questions about the configuration can be answered
by visiting us online at http://www.ossec.net .
--- Press ENTER to continue --- <-- [ENTER]
- System is Linux (SysV).
- Init script modified to start OSSEC HIDS during boot.
Adding system startup for /etc/init.d/ossec ...
/etc/rc0.d/K20ossec -> ../init.d/ossec
/etc/rc1.d/K20ossec -> ../init.d/ossec
/etc/rc6.d/K20ossec -> ../init.d/ossec
/etc/rc2.d/S20ossec -> ../init.d/ossec
/etc/rc3.d/S20ossec -> ../init.d/ossec
/etc/rc4.d/S20ossec -> ../init.d/ossec
/etc/rc5.d/S20ossec -> ../init.d/ossec
- Configuration finished properly.
- To start OSSEC HIDS:
/var/ossec/bin/ossec-control start
- To stop OSSEC HIDS:
/var/ossec/bin/ossec-control stop
- The configuration can be viewed or modified at /var/ossec/etc/ossec.conf
Thanks for using the OSSEC HIDS.
If you have any question, suggestion or if you find any bug,
contact us at contact@ossec.net or using our public maillist at
ossec-list@ossec.net
(http://mailman.underlinux.com.br/mailman/listinfo/ossec-list).
More information can be found at http://www.ossec.net
--- Press ENTER to finish (maybe more information below). --- <-- [ENTER]
Das war's, OSSEC HIDS ist nun installiert und kann gestartet werden.