1.ossec服务端安装
解压>>>
#tar -zxvf ossec_server.tar.gz
#cd ossec
安装>>>
#./install.sh
agent.conf初始化>>>
#touch /var/ossec/etc/shared/agent.conf
服务启动>>>
#/var/ossec/bin/ossec-control start
安装授权>>>
# openssl genrsa -out /var/ossec/etc/sslmanager.key
# openssl req -new -x509 -key
# openssl req -new -x509 -key /var/ossec/etc/sslmanager.key -out /var/ossec/etc/sslmanager.cert -days 365
授权监听启动>>>
# /var/ossec/bin/ossec-authd &
2.利用salt做客户端salt安装
#salt '192.168.190.101' state.sls ossec
客户端启动
#/var/ossec/bin/ossec-control start
服务端重启
#/var/ossec/bin/ossec-control restart
salt模板init.sls
/root/Downloads:
file.directory:
- user: root
- group: root
- file_mode: 644
- dir_mode: 644
- makedirs: True
- include_empty: True
- template: jinja
- backup: minion
install_packages:
pkg.latest:
- pkgs:
- openssl-devel
- gcc
- prelink
install_ossec:
cmd.run:
- name: tar zxf ossec.tar.gz && cd ossec && sh install.sh
- cwd: /root/Downloads
- unless: test -e /var/ossec/bin/ossec-control
- require:
- file: /root/Downloads/ossec.tar.gz
/var/ossec/etc/ossec.conf:
file.managed:
- source: salt://ossec/conf/etc/ossec.conf
- user: root
- group: root
- mode: 644
- template: jinja
- require:
- cmd: install_ossec
/var/ossec/etc/shared/agent.conf:
file.managed:
- source: salt://ossec/conf/etc/shared/agent.conf
- user: root
- group: root
- mode: 644
- template: jinja
- require:
- cmd: install_ossec
/var/ossec/monitor.sh:
file.managed:
- source: salt://ossec/conf/monitor.sh
- user: root
- group: root
- mode: 755
- template: jinja
- require:
- cmd: install_ossec
/root/Downloads/ossec.tar.gz:
file.managed:
- source: salt://ossec/ossec.tar.gz
- user: root
- group: root
- mode: 755
- template: jinja
- require:
- file: /root/Downloads
agentauth:
cmd.run:
- name: /var/ossec/bin/agent-auth -m 192.168.190.217 -p 1515 -A $(ifconfig | egrep -o '192.168.[0-9]{1,3}.[0-9]{1,3}' | head -n 1)
- unless: test -s /var/ossec/etc/client.keys
- require:
- cmd: install_ossec
serverstart:
cmd.run:
- name: /var/ossec/bin/ossec-control restart
- onchanges: