Posts Tagged "ossim"

Setup OSSIM With Linux and Windows OSSEC Agents

This is a very basic tutorial on how to install a both Linux based and Windows based OSSEC agents and to have those agents communicate with OSSIM. This DOES NOT include active response.  I will discuss active response and walk you through the OSSEC configuration with active response in a later video. Please be gentle… this is my first video tutorial.  If you have any suggestions on how I can improve my tutorials, please send them my way.  Any help would be much appreciated.  [Looking for a good tool for screen recording.] The following information is to be supplemented with the video: 1. Connect to your OSSIM box and “Jailbreak this Appliance” to get a shell. 2. Add agents (/var/ossec/bin/manage_agents) 3. Connect to your Linux (CentOS) box and add the necessary repositories (epel, remi, atomic) wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm wget -q -O – http://www.atomicorp.com/installers/atomic | sh 4. Install the OSSEC Agent yum install ossec-hids-client 5. Configure OSSEC agent (/var/ossec/bin/ossec-configure) 6. Add the server IP to the conf file (/var/ossec/etc/ossec.conf) 7. Import the agent key. [Extract the key from OSSIM] [Import the key into the agent] 8. Start OSSEC (/var/ossec/bin) ./ossec-control start 9. On your windows box,…

continue reading