Centos 6.4 ossec批量安装部署客户端

标签：ossec

一、本文主要还是借鉴网上，自己做了小改动

server：192.168.153.172

client：192.168.153.173

    192.168.153.174

二、服务器配置

服务器详细安装过程见http://whnba.blog.51cto.com/1215711/1633004

搭建ftp方便我们下载配置文件

[root@ossec-server ~]# yum -y install httpd

[root@ossec-server ~]# service httpd start

[root@ossec-server ~]# mkdir /var/www/html/ossec

[root@ossec-server ~]# cd /var/www/html/ossec

[root@ossec-server ossec]# /etc/init.d/iptables stop

查看ftp是否能访问到http://192.168.153.172/ossec/

ip.txt用来存放客户端主机名称和ip地址

[root@ossec-server ~]# cat ip.txt 

agent01:192.168.153.173

agent02:192.168.153.174

用来生成key的脚本

[root@ossec-server ~]# cat key_gen.py 

#!/usr/bin/env python

# -*- coding: utf-8 -*-

import os    

if __name__ == ‘__main__‘:

    save_keys_path = "keys.logs"

    f = open("ip.txt")

    lines = f.read().splitlines()

f.close()

#perl文件在安装包里面

shell_path ="/root/ossec-hids-2.8.1/contrib/ossec-batch-manager.pl"

for line in lines:

arr = line.split(":")

        host_name = arr[0]

        ip = arr[1]

        #服务端根据name和ip添加客户端

        cmd = "%s -a --ip %s --name %s" % (shell_path,ip,host_name)

        os.system(cmd)

        cmd = "%s -e %s >> %s" % (shell_path,ip,save_keys_path)

        os.system(cmd)

执行报错及解决：

[root@ossec-server ~]# python key_gen.py 

Can‘t locate Time/HiRes.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /root/ossec-hids-2.7/contrib/ossec-batch-manager.pl line 113.

BEGIN failed--compilation aborted at /root/ossec-hids-2.7/contrib/ossec-batch-manager.pl line 113.

Can‘t locate Time/HiRes.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /root/ossec-hids-2.7/contrib/ossec-batch-manager.pl line 113.

BEGIN failed--compilation aborted at /root/ossec-hids-2.7/contrib/ossec-batch-manager.pl line 113.

[root@ossec-server ~]# yum -y  install perl-Time-HiRes

生成的key文件/var/ossec/etc/client.keys

[root@ossec-server ~]# python key_gen.py 

[root@ossec-server ~]# cat /var/ossec/etc/client.keys 

001 agent01 192.168.153.173 316260854925970ce8953064b1ff2fafe1245f38dd06ed1203a60f9a465a9f44

002 agent02 192.168.153.174 2ec85cdc3ac7512572cd1927ecdea88f46521c00896632c1d8b880256a117ebb

把客户端需要的配置文件和包放在ftp里面

[root@ossec-server ~]# cd /var/www/html/ossec

[root@ossec-server ossec]# tar xf ossec_client_conf.tar.gz 

[root@ossec-server ossec]# ll

total 2416

-rw-r--r-- 1 root root      93 Dec 15 21:49 client.keys

-rw-r--r-- 1 root root  820077 Dec 16 02:22 ossec_client_conf.tar.gz

-rw-r--r-- 1 root root    2781 Dec 28 23:55 ossec.conf

-rw-r--r-- 1 root root 1634812 Apr 17  2015 ossec-hids-2.8.1.tar.gz

-rwxr-xr-x 1 root root    3275 Dec 16 02:16 preloaded-vars.conf

[root@ossec-server ossec]# grep -Ev ‘^#|^$‘ preloaded-vars.conf 

USER_LANGUAGE="en"     # For english

USER_NO_STOP="y"

USER_INSTALL_TYPE="agent"

USER_DIR="/var/ossec"

USER_ENABLE_ACTIVE_RESPONSE="y"

USER_ENABLE_SYSCHECK="y"

USER_ENABLE_ROOTCHECK="y"

USER_AGENT_SERVER_IP="192.168.153.172"

三、客户端agent批量安装

[root@ossec-client01 ~]# yum -y install gcc

[root@ossec-client01 ~]# /etc/init.d/iptables stop

执行脚本自动安装agent客户端

[root@ossec-client01 ~]# sh ossec-agent-batch-install.sh

[root@ossec-client01 ~]# cat ossec-agent-batch-install.sh 

#!/bin/bash

cd /usr/local

wget http://192.168.153.172/ossec/ossec-hids-2.8.1.tar.gz

tar xf ossec-hids-2.8.1.tar.gz

cd ossec-hids-2.8.1/etc/

mv preloaded-vars.conf preloaded-vars.conf.bak

wget http://192.168.153.172/ossec/preloaded-vars.conf

cd ..

./install.sh

cd /var/ossec/etc

wget http://192.168.153.172/ossec/client.keys

HOST_IP=`/sbin/ifconfig eth0 |grep ‘Bcast‘ |cut -d: -f2 |cut -d‘ ‘ -f1`

sed -i ‘/‘$HOST_IP‘/!‘d /var/ossec/etc/client.keys

rm -rf ossec.conf

wget http://192.168.153.172/ossec/ossec.conf

cd ..

./bin/ossec-control start

四、查看客户端端口

[root@ossec-client01 ~]# netstat -lanpu |grep ossec

udp        0      0 192.168.153.173:60090       192.168.153.172:1514        ESTABLISHED 4827/ossec-agentd

五、查看服务器端口

[root@ossec-server ~]# netstat -lanpu |grep ossec

udp        0      0 0.0.0.0:514                 0.0.0.0:*                               5657/ossec-remoted  

udp        0      0 0.0.0.0:1514                0.0.0.0:*                               5658/ossec-remoted

[root@ossec-server ~]# /var/ossec/bin/agent_control -lc

OSSEC HIDS agent_control. List of available agents:

   ID: 000, Name: ossec-server (server), IP: 127.0.0.1, Active/Local

   ID: 001, Name: agent01, IP: 192.168.153.173, Active

   ID: 002, Name: agent02, IP: 192.168.153.174, Active

本文出自 “卡卡西” 博客，请务必保留此出处http://whnba.blog.51cto.com/1215711/1729606

Centos 6.4 ossec批量安装部署客户端

标签：ossec

原文地址：http://whnba.blog.51cto.com/1215711/1729606