配置好Ossec服務端和客戶端後,每次重啓各虛擬機後需要先啓動一些服務才能進行入侵檢測,現對步驟流程做如下筆記:
服務端:
[matrix@localhost ~]$ su -
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl start mariadb
[root@localhost ~]# systemctl start sendmail.service
[root@localhost ~]# cd ossec-hids-2.8.3
[root@localhost ossec-hids-2.8.3]# /opt/ossec/bin/ossec-control enable database
[root@localhost ossec-hids-2.8.3]# systemctl restart httpd
[root@localhost ossec-hids-2.8.3]# systemctl stop firewalld.service
[root@localhost ossec-hids-2.8.3]# setenforce 0
[root@localhost ossec-hids-2.8.3]# systemctl restart httpd
客戶端:
root@kali:~# cd ossec-hids-2.8.3/
root@kali:~/ossec-hids-2.8.3# /opt/ossec/bin/ossec-control start
Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)...
ossec-execd already running...
ossec-agentd already running...
ossec-logcollector already running...
ossec-syscheckd already running...
Completed.
服務端: