注意:以下操作需在OSSEC服務端進行設置
一、下載analogi,存放於/var/www/html/下並賦予權限
[root@localhost ~]# wget https://github.com/ECSC/analogi/archive/master.zip
[root@localhost ~]# unzip master.zip
[root@localhost ~]# mv analogi-master/ /var/www/html/analogi
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# chown -R apache.apache analogi/
[root@localhost html]# cd analogi/
[root@localhost analogi]# cp db_ossec.php.new db_ossec.php
二、編輯db_ossec.php文件,修改MySQL的配置信息
define ('DB_USER_O', 'ossec'); define ('DB_PASSWORD_O', 'ossec'); define ('DB_HOST_O', '127.0.0.1'); define ('DB_NAME_O', 'ossec');
三、修改 apache 配置,增加虛擬目錄
[root@localhost analogi]# vim /etc/httpd/conf.d/analogi.conf
添加如下內容:
Alias /analogi /var/www/html/analogi <Directory /var/www/html/analogi> Order deny,allow Deny from all Allow from 192.168.0.0/16 </Directory>
然后重新啟動Apache
[root@localhost analogi]# systemctl restart httpd
此時訪問http://192.168.218.136/analogi/可以查看到檢測狀態
注意事項:如果訪問http://192.168.218.136/analogi/時總是拋錯403請嘗試以下兩種方法調試:
[root@localhost conf.d]# systemctl stop firewalld.service [root@localhost httpd]# setenforce 0
至此,OSSEC的安裝與調試已全部結束。