下載好ossec安裝文件后解壓得到如下目錄
[root@localhost ~]# cd ossec-hids-2.8.3/ [root@localhost ossec-hids-2.8.3]# ll total 104 drwxrwxr-x. 4 root root 4096 Oct 13 2015 active-response drwxr-xr-x. 2 root root 4096 Jul 14 11:16 bin -rw-rw-r--. 1 root root 542 Oct 13 2015 BUGS -rw-rw-r--. 1 root root 291 Oct 13 2015 CONFIG drwxrwxr-x. 6 root root 4096 Oct 13 2015 contrib -rw-rw-r--. 1 root root 3198 Oct 13 2015 CONTRIBUTORS drwxrwxr-x. 4 root root 4096 Oct 13 2015 doc drwxrwxr-x. 4 root root 4096 Jul 14 11:14 etc -rw-rw-r--. 1 root root 1850 Oct 13 2015 INSTALL -rwxrwxr-x. 1 root root 32019 Oct 13 2015 install.sh -rw-rw-r--. 1 root root 24710 Oct 13 2015 LICENSE -rw-rw-r--. 1 root root 1666 Oct 13 2015 README.md drwxrwxr-x. 30 root root 4096 Jul 14 11:15 src
進入到該目錄后執行./install.sh后將開始安裝,具體的安裝過程如下:
[root@localhost ossec-hids-2.8.3]# ./install.sh
** Para instala??o em português, escolha [br].
** 要使用中文進行安裝, 請選擇 [cn].
** Fur eine deutsche Installation wohlen Sie [de].
** Για εγκατ?σταση στα Ελληνικ?, επιλ?ξτε [el].
** For installation in English, choose [en].
** Para instalar en Espa?ol , eliga [es].
** Pour une installation en fran?ais, choisissez [fr]
** A Magyar nyelv? telepítéshez válassza [hu].
** Per l'installazione in Italiano, scegli [it].
** 日本語でインストールします.選択して下さい.[jp].
** Voor installatie in het Nederlands, kies [nl].
** Aby instalowa? w j?zyku Polskim, wybierz [pl].
** Для инструкций по установке на русском ,введите [ru].
** Za instalaciju na srpskom, izaberi [sr].
** Türk?e kurulum i?in se?in [tr].
(en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]: cn
OSSEC HIDS v2.8.3 安裝腳本 - http://www.ossec.net
您將開始 OSSEC HIDS 的安裝.
請確認在您的機器上已經正確安裝了 C 編譯器.
如果您有任何疑問或建議,請給 dcid@ossec.net (或 daniel.cid@gmail.com) 發郵件.
- 系統類型: Linux localhost.localdomain 3.10.0-123.el7.x86_64
- 用戶: root
- 主機: localhost.localdomain
-- 按 ENTER 繼續或 Ctrl-C 退出. --
1- 您希望哪一種安裝 (server, agent, local or help)? server
- 選擇了 Server 類型的安裝.
2- 正在初始化安裝環境.
- 請選擇 OSSEC HIDS 的安裝路徑 [/var/ossec]: /opt/ossec
- OSSEC HIDS 將安裝在 /opt/ossec .
3- 正在配置 OSSEC HIDS.
3.1- 您希望收到e-mail告警嗎? (y/n) [y]:
- 請輸入您的 e-mail 地址? pentest^H^H
- 請輸入您的 e-mail 地址? [rmyrd^H^H
- 請輸入您的 e-mail 地址? pentest.txt^H
- 請輸入您的 e-mail 地址? pentest.test@163.com
- 我們找到您的 SMTP 服務器為: 163mx00.mxmail.netease.com.
- 您希望使用它嗎? (y/n) [y]: n
- 請輸入您的 SMTP 服務器IP或主機名 ? 127.0.0.1
3.2- 您希望運行系統完整性檢測模塊嗎? (y/n) [y]:
- 系統完整性檢測模塊將被部署.
3.3- 您希望運行 rootkit檢測嗎? (y/n) [y]:
- rootkit檢測將被部署.
3.4- 關聯響應允許您在分析已接收事件的基礎上執行一個
已定義的命令.
例如,你可以阻止某個IP地址的訪問或禁止某個用戶的訪問權限.
更多的信息,您可以訪問:
http://www.ossec.net/en/manual.html#active-response
- 您希望開啟聯動(active response)功能嗎? (y/n) [y]:
- 關聯響應已開啟
- 默認情況下, 我們開啟了主機拒絕和防火牆拒絕兩種響應.
第一種情況將添加一個主機到 /etc/hosts.deny.
第二種情況將在iptables(linux)或ipfilter(Solaris,
FreeBSD 或 NetBSD)中拒絕該主機的訪問.
- 該功能可以用以阻止 SSHD 暴力攻擊, 端口掃描和其他
一些形式的攻擊. 同樣你也可以將他們添加到其他地方,
例如將他們添加為 snort 的事件.
- 您希望開啟防火牆聯動(firewall-drop)功能嗎? (y/n) [y]:
- 防火牆聯動(firewall-drop)當事件級別 >= 6 時被啟動
- 聯動功能默認的白名單是:
- 192.168.218.2
- 您希望添加更多的IP到白名單嗎? (y/n)? [n]: y
- 請輸入IP (用空格進行分隔): 192.168.218.136
3.5- 您希望接收遠程機器syslog嗎 (port 514 udp)? (y/n) [y]:
- 遠程機器syslog將被接收.
3.6- 設置配置文件以分析一下日志:
-- /var/log/messages
-- /var/log/secure
-- /var/log/maillog
-- /var/log/httpd/error_log (apache log)
-- /var/log/httpd/access_log (apache log)
-如果你希望監控其他文件, 只需要在配置文件ossec.conf中
添加新的一項.
任何關於配置的疑問您都可以在 http://www.ossec.net 找到答案.
--- 按 ENTER 以繼續 ---
5- 正在安裝系統
- 正在運行Makefile
INFO: Little endian set.
*** Making zlib (by Jean-loup Gailly and Mark Adler) ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/external'
cd zlib-1.2.8/; ./configure; make libz.a;
Checking for gcc...
Checking for shared library support...
Building shared library libz.so.1.2.8 with gcc.
Checking for off64_t... Yes.
Checking for fseeko... Yes.
Checking for strerror... Yes.
Checking for unistd.h... Yes.
Checking for stdarg.h... Yes.
Checking whether to use vs[n]printf() or s[n]printf()... using vs[n]printf().
Checking for vsnprintf() in stdio.h... Yes.
Checking for return value of vsnprintf()... Yes.
Checking for attribute(visibility) support... Yes.
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/external/zlib-1.2.8'
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o adler32.o adler32.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o crc32.o crc32.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o deflate.o deflate.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o infback.o infback.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o inffast.o inffast.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o inflate.o inflate.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o inftrees.o inftrees.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o trees.o trees.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o zutil.o zutil.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o compress.o compress.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o uncompr.o uncompr.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzclose.o gzclose.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzlib.o gzlib.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzread.o gzread.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzwrite.o gzwrite.c
ar rc libz.a adler32.o crc32.o deflate.o infback.o inffast.o inflate.o inftrees.o trees.o zutil.o compress.o uncompr.o gzclose.o gzlib.o gzread.o gzwrite.o
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/external/zlib-1.2.8'
cp -pr zlib-1.2.8/libz.a .
cp -pr zlib-1.2.8/zlib.h zlib-1.2.8/zconf.h ../headers/
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/external'
*** Making cJSON (by Dave Gamble) ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/external/cJSON'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"cJSON\" -DOSSECHIDS -c cJSON.c
ar -crus libcJSON.a *.o
cp -pr cJSON.h ../../headers/
cp -pr libcJSON.a ../
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/external/cJSON'
*** Making Lua 5.2 (by team at PUC-Rio in Brazi) ***
Copyright ? 1994–2014 Lua.org, PUC-Rio.
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/external/lua-5.2.3'
cd src && make posix
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/external/lua-5.2.3/src'
make all SYSCFLAGS="-DLUA_USE_POSIX"
make[3]: Entering directory `/root/ossec-hids-2.8.3/src/external/lua-5.2.3/src'
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lapi.o lapi.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lcode.o lcode.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lctype.o lctype.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ldebug.o ldebug.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ldo.o ldo.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ldump.o ldump.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lfunc.o lfunc.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lgc.o lgc.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o llex.o llex.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lmem.o lmem.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lobject.o lobject.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lopcodes.o lopcodes.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lparser.o lparser.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lstate.o lstate.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lstring.o lstring.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ltable.o ltable.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ltm.o ltm.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lundump.o lundump.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lvm.o lvm.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lzio.o lzio.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lauxlib.o lauxlib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lbaselib.o lbaselib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lbitlib.o lbitlib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lcorolib.o lcorolib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ldblib.o ldblib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o liolib.o liolib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lmathlib.o lmathlib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o loslib.o loslib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lstrlib.o lstrlib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ltablib.o ltablib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o loadlib.o loadlib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o linit.o linit.c
ar rcu liblua.a lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o lstate.o lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o lauxlib.o lbaselib.o lbitlib.o lcorolib.o ldblib.o liolib.o lmathlib.o loslib.o lstrlib.o ltablib.o loadlib.o linit.o
ranlib liblua.a
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lua.o lua.c
cc -o ossec-lua lua.o liblua.a -lm
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o luac.o luac.c
cc -o ossec-luac luac.o liblua.a -lm
make[3]: Leaving directory `/root/ossec-hids-2.8.3/src/external/lua-5.2.3/src'
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/external/lua-5.2.3/src'
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/external/lua-5.2.3'
*** Making os_xml ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_xml'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"os_xml\" -DOSSECHIDS -c *.c
ar -crus os_xml.a *.o
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_xml'
*** Making os_regex ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_regex'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"os_regex\" -DOSSECHIDS -c *.c
ar -crus os_regex.a *.o
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_regex'
*** Making os_net ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_net'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"os_net\" -DOSSECHIDS -c os_net.c
ar -crus os_net.a os_net.o
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_net'
*** Making os_crypto ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_crypto'
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/os_crypto/blowfish'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"blowfish_op\" -DOSSECHIDS -c bf_op.c bf_skey.c bf_enc.c
ar cru bf_op.a bf_op.o bf_skey.o bf_enc.o
ranlib bf_op.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/os_crypto/blowfish'
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/os_crypto/md5'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"md5_op\" -DOSSECHIDS -c md5.c md5_op.c
ar cru md5_op.a md5_op.o md5.o
ranlib md5_op.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/os_crypto/md5'
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/os_crypto/sha1'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"sha1_op\" -DOSSECHIDS -c sha1_op.c
ar cru sha1_op.a sha1_op.o
ranlib sha1_op.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/os_crypto/sha1'
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/os_crypto/md5_sha1'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"md5_sha1_op\" -DOSSECHIDS -c ../md5/md5.c md5_sha1_op.c
ar cru md5_op.a md5_sha1_op.o ../md5/md5.o
ranlib md5_op.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/os_crypto/md5_sha1'
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/os_crypto/shared'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"shared\" -DOSSECHIDS -c *.c
ar cru shared.a *.o
ranlib shared.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/os_crypto/shared'
ar cru os_crypto.a blowfish/bf_op.o blowfish/bf_skey.o blowfish/bf_enc.o md5/md5_op.o md5/md5.o sha1/sha1_op.o md5_sha1/md5_sha1_op.o shared/*.o
ranlib os_crypto.a
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_crypto'
*** Making shared ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/shared'
cc -c -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"shared-libs\" -DOSSECHIDS *.c
file_op.c: In function ‘rename_ex’:
file_op.c:660:9: warning: too many arguments for format [-Wformat-extra-args]
);
^
ar cru lib_shared.a *.o
ranlib lib_shared.a
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/shared'
*** Making config ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/config'
cc -c -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-config\" -DOSSECHIDS *.c
ar cru lib_config.a *.o
ranlib lib_config.a
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/config'
*** Making os_maild ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_maild'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-maild\" -DOSSECHIDS maild.c config.c os_maild_client.c sendmail.c mail_list.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a -o ossec-maild
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_maild'
*** Making os_dbd ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_dbd'
Compiling DB support with:
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-dbd\" -DOSSECHIDS *.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a -o ossec-dbd -I/usr/include/mysql -L/usr/lib64/mysql -lmysqlclient -lpthread -lz -lm -lssl -lcrypto -ldl -DDBD -DUMYSQL
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_dbd'
*** Making os_csyslogd ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_csyslogd'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-csyslogd\" -DOSSECHIDS *.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../external/libcJSON.a -lm -o ossec-csyslogd
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_csyslogd'
*** Making agentlessd ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/agentlessd'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-agentlessd\" -DOSSECHIDS *.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../os_crypto/os_crypto.a -o ossec-agentlessd
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/agentlessd'
*** Making os_execd ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_execd'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-execd\" -DOSSECHIDS execd.c exec.c config.c ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a -o ossec-execd
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-execd\" -DOSSECHIDS -c execd.c exec.c config.c
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_execd'
*** Making analysisd ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd'
cd ./cdb; make
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/cdb'
cc -I../ -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"cdb\" -DOSSECHIDS -c cdb.c cdb_hash.c cdb_make.c uint32_pack.c uint32_unpack.c
ar cru cdb.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o
ar cru cdb_make.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o
ranlib cdb.a
ranlib cdb_make.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/cdb'
cd ./alerts; make
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/alerts'
cc -I../ -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"alerts\" -DOSSECHIDS -c mail.c log.c exec.c getloglocation.c
ar cru alerts.a mail.o log.o exec.o getloglocation.o
ranlib alerts.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/alerts'
cd ./decoders; make
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/decoders'
cd plugins; make;
make[3]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/decoders/plugins'
cc -g -Wall -I../../../ -I../../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -I../../ -c *.c
make[3]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/decoders/plugins'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -I../ -c *.c
ar cru decoders.a *.o plugins/*.o
ranlib decoders.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/decoders'
cd ./compiled_rules; make;
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/compiled_rules'
./register_rule.sh build
*Build completed.
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -I../ -c *.c
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/compiled_rules'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -I./ analysisd.c stats.c lists.c lists_list.c rules.c rules_list.c config.c fts.c dodiff.c eventinfo.c eventinfo_list.c cleanevent.c active-response.c picviz.c prelude.c zeromq_output.c compiled_rules/*.o ../config/lib_config.a decoders/decoders.a cdb/cdb.a cdb/cdb_make.a alerts/alerts.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a ../shared/lib_shared.a ../os_zlib/os_zlib.c ../external/libz.a ../external/libcJSON.a -lm -o ossec-analysisd
cd ./cdb; make
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/cdb'
cc -I../ -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"cdb\" -DOSSECHIDS -c cdb.c cdb_hash.c cdb_make.c uint32_pack.c uint32_unpack.c
ar cru cdb.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o
ar cru cdb_make.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o
ranlib cdb.a
ranlib cdb_make.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/cdb'
cd ./decoders; make logtest
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/decoders'
cd plugins; make;
make[3]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/decoders/plugins'
cc -g -Wall -I../../../ -I../../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -I../../ -c *.c
make[3]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/decoders/plugins'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -DTESTRULE -I../ -c *.c
ar cru decoders.a *.o plugins/*.o
ranlib decoders.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/decoders'
cd ./compiled_rules; make;
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/compiled_rules'
./register_rule.sh build
*Build completed.
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -I../ -c *.c
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/compiled_rules'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -DTESTRULE -I./ testrule.c analysisd.c stats.c lists.c lists_list.c rules.c rules_list.c config.c fts.c dodiff.c eventinfo.c eventinfo_list.c cleanevent.c active-response.c picviz.c prelude.c zeromq_output.c compiled_rules/*.o ../config/lib_config.a decoders/decoders.a cdb/cdb.a cdb/cdb_make.a alerts/alerts.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a ../shared/lib_shared.a ../os_zlib/os_zlib.c ../external/libz.a ../external/libcJSON.a -lm -o ossec-logtest
cd ./cdb; make
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/cdb'
cc -I../ -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"cdb\" -DOSSECHIDS -c cdb.c cdb_hash.c cdb_make.c uint32_pack.c uint32_unpack.c
ar cru cdb.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o
ar cru cdb_make.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o
ranlib cdb.a
ranlib cdb_make.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/cdb'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -DTESTRULE -I./ makelists.c lists_make.c stats.c lists.c lists_list.c rules.c rules_list.c config.c fts.c dodiff.c eventinfo.c eventinfo_list.c cleanevent.c active-response.c picviz.c prelude.c zeromq_output.c compiled_rules/*.o ../config/lib_config.a decoders/decoders.a cdb/cdb.a cdb/cdb_make.a alerts/alerts.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a ../shared/lib_shared.a ../os_zlib/os_zlib.c ../external/libz.a ../external/libcJSON.a -lm -o ossec-makelists
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd'
*** Making logcollector ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/logcollector'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-logcollector\" -DOSSECHIDS -DARGV0=\"ossec-logcollector\" *.c ../config/lib_config.a ../shared/lib_shared.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a ../os_crypto/os_crypto.a -o ossec-logcollector
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/logcollector'
*** Making remoted ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/remoted'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-remoted\" -DOSSECHIDS *.c ../config/lib_config.a ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_net/os_net.a ../os_xml/os_xml.a ../os_regex/os_regex.a -lpthread -o ossec-remoted
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/remoted'
*** Making client-agent ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/client-agent'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-agentd\" -DOSSECHIDS *.c ../config/lib_config.a ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a -DCLIENT -o ossec-agentd
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/client-agent'
*** Making addagent ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/addagent'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"manage_agents\" -DOSSECHIDS *.c ../shared/lib_shared.a ../os_regex/os_regex.a ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../os_net/os_net.a -o manage_agents
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/addagent'
*** Making util ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/util'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS ../addagent/manage_agents.c ../addagent/manage_keys.c ../addagent/validate.c ../addagent/read_from_user.c ../addagent/b64.c syscheck_update.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o syscheck_update
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS clear_stats.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o clear_stats
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS list_agents.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o list_agents
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS verify-agent-conf.c ../config/lib_config.a ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a ../os_xml/os_xml.a -o verify-agent-conf
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS ../addagent/manage_agents.c ../addagent/manage_keys.c ../addagent/validate.c ../addagent/read_from_user.c ../addagent/b64.c agent_control.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o agent_control
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS ../addagent/manage_agents.c ../addagent/manage_keys.c ../addagent/validate.c ../addagent/read_from_user.c ../addagent/b64.c syscheck_control.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o syscheck_control
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS ../addagent/manage_agents.c ../addagent/manage_keys.c ../addagent/validate.c ../addagent/read_from_user.c ../addagent/b64.c rootcheck_control.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o rootcheck_control
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS ossec-regex.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o ossec-regex
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/util'
*** Making rootcheck ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/rootcheck'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-rootcheck\" -DOSSECHIDS -c check_open_ports.c check_rc_pids.c check_rc_trojans.c run_rk_check.c check_rc_dev.c check_rc_ports.c check_rc_policy.c common.c common_rcl.c win-common.c unix-process.c check_rc_files.c check_rc_readproc.c os_string.c check_rc_if.c check_rc_sys.c rootcheck.c config.c -D_GNU_SOURCE
ar cru rootcheck_lib.a *.o
ranlib rootcheck_lib.a
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/rootcheck'
*** Making syscheckd ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/syscheckd'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-syscheckd\" -DOSSECHIDS syscheck.c config.c seechanges.c run_realtime.c create_db.c run_check.c ../config/lib_config.a ../rootcheck/rootcheck_lib.a ../shared/lib_shared.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a ../os_crypto/os_crypto.a -o ossec-syscheckd
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/syscheckd'
*** Making monitord ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/monitord'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-monitord\" -DOSSECHIDS compress_log.c main.c manage_files.c monitor_agents.c monitord.c sign_log.c generate_reports.c ../os_maild/sendcustomemail.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-monitord
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-monitord\" -DOSSECHIDS -UARGV0 -DARGV0=\"ossec-reportd\" report.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-reportd
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/monitord'
*** Making os_auth ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_auth'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-authd\" -DOSSECHIDS main-server.c ssl.c ../addagent/validate.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -lssl -lcrypto -o ossec-authd
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-authd\" -DOSSECHIDS main-client.c ssl.c ../addagent/validate.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -lssl -lcrypto -o agent-auth
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_auth'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_maild'
cp -pr ossec-maild ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_maild'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_dbd'
cp -pr ossec-dbd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_dbd'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_csyslogd'
cp -pr ossec-csyslogd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_csyslogd'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/agentlessd'
cp -pr ossec-agentlessd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/agentlessd'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_execd'
cp -pr ossec-execd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_execd'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd'
cp -pr ossec-analysisd ../../bin
cp -pr ossec-logtest ../../bin
cp -pr ossec-makelists ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/logcollector'
cp -pr ossec-logcollector ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/logcollector'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/remoted'
cp -pr ossec-remoted ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/remoted'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/client-agent'
cp -pr ossec-agentd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/client-agent'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/addagent'
cp -pr manage_agents ../../bin
cp -pr manage_agents ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/addagent'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/util'
cp -pr syscheck_update clear_stats list_agents syscheck_control rootcheck_control agent_control verify-agent-conf ossec-regex ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/util'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/rootcheck'
make[1]: Nothing to be done for `build'.
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/rootcheck'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/syscheckd'
cp -pr ossec-syscheckd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/syscheckd'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/monitord'
cp -pr ossec-monitord ../../bin
cp -pr ossec-reportd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/monitord'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_auth'
cp -pr ossec-authd ../../bin
cp -pr agent-auth ossec-authd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_auth'
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
- 系統類型是 Redhat Linux.
- 修改啟動腳本使 OSSEC HIDS 在系統啟動時自動運行
- 已正確完成系統配置.
- 要啟動 OSSEC HIDS:
/opt/ossec/bin/ossec-control start
- 要停止 OSSEC HIDS:
/opt/ossec/bin/ossec-control stop
- 要查看或修改系統配置,請編輯 /opt/ossec/etc/ossec.conf
感謝使用 OSSEC HIDS.
如果您有任何疑問,建議或您找到任何bug,
請通過 contact@ossec.net 或郵件列表 ossec-list@ossec.net 聯系我們.
( http://www.ossec.net/en/mailing_lists.html ).
您可以在 http://www.ossec.net 獲得更多信息
--- 請按 ENTER 結束安裝 (下面可能有更多信息). ---