配置好Ossec服务端和客户端后,每次重启各虚拟机后需要先启动一些服务才能进行入侵检测,现对步骤流程做如下笔记:
服务端:
[matrix@localhost ~]$ su -
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl start mariadb
[root@localhost ~]# systemctl start sendmail.service
[root@localhost ~]# cd ossec-hids-2.8.3
[root@localhost ossec-hids-2.8.3]# /opt/ossec/bin/ossec-control enable database
[root@localhost ossec-hids-2.8.3]# systemctl restart httpd
[root@localhost ossec-hids-2.8.3]# systemctl stop firewalld.service
[root@localhost ossec-hids-2.8.3]# setenforce 0
[root@localhost ossec-hids-2.8.3]# systemctl restart httpd
客户端:
root@kali:~# cd ossec-hids-2.8.3/
root@kali:~/ossec-hids-2.8.3# /opt/ossec/bin/ossec-control start
Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)...
ossec-execd already running...
ossec-agentd already running...
ossec-logcollector already running...
ossec-syscheckd already running...
Completed.
服务端: