Code: Select all
elatov@fed:~$rpm -qa | grep ossec
ossec-hids-2.8-44.fc20.art.x86_64
ossec-hids-client-2.8-44.fc20.art.x86_64
Code: Select all
elatov@fed:~$sudo /var/ossec/bin/ossec-control start
Starting OSSEC HIDS v2.8 (by Trend Micro Inc.)...
Started ossec-execd...
2014/05/10 09:59:01 ossec-agentd: INFO: Using notify time: 600 and max time to reconnect: 1800
Started ossec-agentd...
/var/ossec/bin/ossec-control: line 144: /var/ossec/bin/ossec-logcollector: No such file or directory
ossec-logcollector did not start
Code: Select all
wget https://www6.atomicorp.com/channels/atomic/fedora/20/x86_64/RPMS/ossec-hids-client-2.8-44.fc20.art.x86_64
Code: Select all
elatov@fed:~$rpm -qpl ossec-hids-client-2.8-44.fc20.art.x86_64.rpm
warning: ossec-hids-client-2.8-44.fc20.art.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 4520afa9: NOKEY
/etc/ossec-init.conf
/etc/rc.d/init.d/ossec-hids
/var/ossec/bin/agent-auth
/var/ossec/bin/ossec-agentd
/var/ossec/bin/ossec-client.sh
/var/ossec/bin/ossec-execd
/var/ossec/etc/internal_options.conf
/var/ossec/etc/ossec-agent.conf
/var/ossec/etc/ossec.conf.sample
/var/ossec/etc/shared/cis_debian_linux_rcl.txt
/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt
/var/ossec/etc/shared/cis_rhel_linux_rcl.txt
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/rootkit_trojans.txt
/var/ossec/etc/shared/system_audit_rcl.txt
/var/ossec/etc/shared/win_applications_rcl.txt
/var/ossec/etc/shared/win_audit_rcl.txt
/var/ossec/etc/shared/win_malware_rcl.txt
/var/ossec/queue/alerts
/var/ossec/queue/rids
/var/ossec/queue/syscheck
Code: Select all
elatov@fed:~$rpm -qpl apps/ossec-hids-client-2.7.1-36.fc19.art.x86_64.rpm
/etc/ossec-init.conf
/etc/rc.d/init.d/ossec-hids
/var/ossec/bin/agent-auth
/var/ossec/bin/client-logcollector
/var/ossec/bin/client-syscheckd
/var/ossec/bin/manage_client
/var/ossec/bin/ossec-agentd
/var/ossec/bin/ossec-client.sh
/var/ossec/bin/ossec-execd
/var/ossec/etc/internal_options.conf
/var/ossec/etc/internal_options.conf.orig
/var/ossec/etc/ossec-agent.conf
/var/ossec/etc/ossec.conf.sample
/var/ossec/etc/shared/agent.conf
/var/ossec/etc/shared/cis_debian_linux_rcl.txt
/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt
/var/ossec/etc/shared/cis_rhel_linux_rcl.txt
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/rootkit_trojans.txt
/var/ossec/etc/shared/system_audit_rcl.txt
/var/ossec/etc/shared/win_applications_rcl.txt
/var/ossec/etc/shared/win_audit_rcl.txt
/var/ossec/etc/shared/win_malware_rcl.txt
/var/ossec/queue/alerts
/var/ossec/queue/rids
/var/ossec/queue/syscheck
Code: Select all
/var/ossec/bin/client-logcollector
/var/ossec/bin/client-syscheckd
Code: Select all
elatov@fed:~$sudo yum provides '*/bin/*logcollector'
Loaded plugins: langpacks, refresh-packagekit, remove-with-leaves
ossec-hids-server-2.8-44.fc20.art.x86_64 : The OSSEC HIDS Server
Repo : atomic
Matched from:
Filename : /var/ossec/bin/ossec-logcollector
Code: Select all
sudo yum install ossec-hids-server
...
...
--> Finished Dependency Resolution
Error: ossec-hids-client conflicts with ossec-hids-server-2.8-44.fc20.art.x86_64
Error: ossec-hids-server conflicts with ossec-hids-client-2.8-44.fc20.art.x86_64
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
Code: Select all
wget http://www.ossec.net/files/ossec-hids-2.8-beta-1.tar.gz
Code: Select all
elatov@fed:~/ossec-hids-2.8-beta-1$sudo ./install.sh
...
OSSEC HIDS v2.8 Installation Script - http://www.ossec.net
You are about to start the installation process of the OSSEC HIDS.
You must have a C compiler pre-installed in your system.
If you have any questions or comments, please send an e-mail
to dcid@ossec.net (or daniel.cid@gmail.com).
- System: Linux fed.local.com 3.14.2-200.fc20.x86_64
- User: root
- Host: fed.local.com
-- Press ENTER to continue or Ctrl-C to abort. --
- You already have OSSEC installed. Do you want to update it? (y/n): n
1- What kind of installation do you want (server, agent, local, hybrid or help)? agent
Choose where to install the OSSEC HIDS [/var/ossec]: /tmp/ossec
3.2 Do you want to run the integrity check daemon? (y/n) [y]: y
3.3- Do you want to run the rootkit detection engine? (y/n) [y]: y
3.4 - Do you want to enable active response? (y/n) [y]: y
...
...
- System is Redhat Linux.
- Init script modified to start OSSEC HIDS during boot.
- Configuration finished properly.
- To start OSSEC HIDS:
/tmp/ossec/bin/ossec-control start
- To stop OSSEC HIDS:
/tmp/ossec/bin/ossec-control stop
- The configuration can be viewed or modified at /tmp/ossec/etc/ossec.conf
Code: Select all
elatov@fed:~$ls /tmp/ossec/bin/
agent-auth ossec-agentd ossec-execd ossec-lua ossec-syscheckd
manage_agents ossec-control ossec-logcollector ossec-luac util.sh
Code: Select all
elatov@fed:~$ls /var/ossec/bin
agent-auth ossec-agentd ossec-client.sh ossec-control ossec-execd
Thank you for your time.
-Karim