在 CentOS 6.x x64 上安裝 OSSEC – HIDS 主機型入侵偵測系統

參考網站：
OSSEC 主機型入侵偵測系統 (HIDS) 安裝與設定 « Jamyy’s Weblog
建置OSSEC　主機型入侵偵測系統<br>網路威脅危害大，萬全準備不可少 – 技術專欄 – 網管人NetAdmin
浮雲雅築: [研究] OSSEC – HIDS 2.7.1 主機型入侵偵測系統 – server/agent 安裝 (CentOS 6.5 x64)
How to Install OSSEC on Red Hat or CentOS 6 – scottlinux.com | Linux Blog

OSSEC 官方網站：http://ossec.github.io

1. 增加 atomic 套件庫
到 http://ossec.github.io/downloads.html 下載所須要的版本
# wget http://updates.atomicorp.com/channels/ossec/centos/6/x86_64/RPMS/atomic-release-1.0-21.el6.art.noarch.rpm
# rpm -ivh atomic-release-1.0-21.el6.art.noarch.rpm
或
# wget -q -O – https://www.atomicorp.com/installers/atomic | sh

[@more@]2. 取消啟用 atomic 套件庫
# sed -i ‘s/enabled = 1/enabled = 0/’ /etc/yum.repos.d/atomic.repo

3. 更新 atomic 套件庫
# yum update –enablerepo=atomic

4. 搜尋 ossec 相關套件
# yum search ossec –enablerepo=atomic
ossec-hids-agent.x86_64 : The OSSEC HIDS Client
ossec-hids-client.x86_64 : The OSSEC HIDS Client
ossec-hids-debuginfo.x86_64 : Debug information for package ossec-hids
ossec-hids-hybrid.x86_64 : The OSSEC HIDS hybrid client
ossec-hids-mysql.x86_64 : The OSSEC HIDS Server
ossec-hids-postgres.x86_64 : The OSSEC HIDS Server postgres connector
ossec-hids-server.x86_64 : The OSSEC HIDS Server
ossec-wui.noarch : OSSEC Web Interface
ossec-hids.x86_64 : An Open Source Host-based Intrusion Detection System

ossec-hids-hybird 包含 Server / Agent

5. 安裝 ossec 相關套件
# yum install ossec-hids-mysql ossec-wui ossec-hids ossec-hids-server –enablerepo=atomic

6. 取消電子郵件通知
# sed -i ‘s/<email_notification>yes/<email_notification>no/’ /var/ossec/etc/ossec.conf

7. 建立 ossec-wui 管理帳號及密碼
# /usr/bin/htpasswd /usr/share/ossec-wui/.htpasswd ossec
New password:
Re-type new password:
Updating password for user ossec

8. 限制可以連線的範圍
# vim /etc/httpd/conf.d/ossec.conf
Alias /ossec /usr/share/ossec-wui/
<Directory /usr/share/ossec-wui/>
AllowOverride AuthConfig Limit
Order deny,allow
Deny from all
Allow from 192.168.1.0/24

9. 重新啟動 Apache Web Server
# /etc/init.d/httpd restart

10. 啟動 ossec-hids
# /etc/init.d/ossec-hids start