ossec client on CentOS7
1,286 views
Skip to first unread message
Robert Mckennon
Nov 3, 2014, 4:11:14 PM11/3/14
to ossec...@googlegroups.com
Hello,
I'm having a little problem getting the client/agent running on CentOS7. It installed and is running fine on another CentOS7 box as ossec-server.
I got it installed using these 3 files:
Installed it with:
./ossec-configure
cd /var/ossec/bin/
./manage_client
import the key (it worked)
I restarted ossec on the server, then tried to start the client...
[root@log bin]# ./ossec-client.sh start
Starting OSSEC HIDS v2.8 (by Trend Micro Inc.)...
ossec-execd already running...
2014/11/03 15:24:28 ossec-agentd(4105): ERROR: No valid server IP found.
2014/11/03 15:24:28 ossec-agentd(1215): ERROR: No client configured. Exiting.
ossec-agentd did not start
Rob McKennon,
MainStreet Softworks
I'm having a little problem getting the client/agent running on CentOS7. It installed and is running fine on another CentOS7 box as ossec-server.
I got it installed using these 3 files:
inotify-tools-3.14-8.el7.x86_64.rpm
ossec-hids-2.8.1-47.el7.art.x86_64.rpm
ossec-hids-client-2.8.1-47.el7.art.x86_64.rpm
ossec-hids-2.8.1-47.el7.art.x86_64.rpm
ossec-hids-client-2.8.1-47.el7.art.x86_64.rpm
Installed it with:
rpm -ivh inotify-tools-3.14-8.el7.x86_64.rpm
rpm -ivh ossec-hids-*
rpm -ivh ossec-hids-*
./ossec-configure
[root@log bin]# ./ossec-configure
OSSEC Configuration utility v0.1
1- What kind of installation do you want? (server, agent, local) [Default: server]: agent
2- Setting up the configuration environment.
3- Configuring the OSSEC HIDS.
3.1- Do you want e-mail notification? (y/n) [Default: y]:
- What's your e-mail address? rmck...@monetra.com
- What's your SMTP server ip/host? mail.monetra.com
3.2- Do you want to run the integrity check daemon? (y/n) [y]:
3.3- Do you want to run the rootkit detection engine? (y/n) [y]: n
3.4- Active response allows you to execute a specific
command based on the events received. For example,
you can block an IP address or disable access for
a specific user.
More information at:
http://www.ossec.net/en/manual.html#active-response
- Do you want to enable active response? (y/n) [y]: n
3.5- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:
-- /var/log/messages (syslog)
-- /var/log/secure (syslog)
-- /var/log/maillog (syslog)
Configuration complete.
OSSEC Configuration utility v0.1
1- What kind of installation do you want? (server, agent, local) [Default: server]: agent
2- Setting up the configuration environment.
3- Configuring the OSSEC HIDS.
3.1- Do you want e-mail notification? (y/n) [Default: y]:
- What's your e-mail address? rmck...@monetra.com
- What's your SMTP server ip/host? mail.monetra.com
3.2- Do you want to run the integrity check daemon? (y/n) [y]:
3.3- Do you want to run the rootkit detection engine? (y/n) [y]: n
3.4- Active response allows you to execute a specific
command based on the events received. For example,
you can block an IP address or disable access for
a specific user.
More information at:
http://www.ossec.net/en/manual.html#active-response
- Do you want to enable active response? (y/n) [y]: n
3.5- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:
-- /var/log/messages (syslog)
-- /var/log/secure (syslog)
-- /var/log/maillog (syslog)
Configuration complete.
./manage_client
[root@log bin]# ./ossec-client.sh start
Starting OSSEC HIDS v2.8 (by Trend Micro Inc.)...
ossec-execd already running...
2014/11/03 15:24:28 ossec-agentd(4105): ERROR: No valid server IP found.
2014/11/03 15:24:28 ossec-agentd(1215): ERROR: No client configured. Exiting.
ossec-agentd did not start
and the log file indicates the same:
tail /var/ossec/logs/ossec.log
...
2014/11/03 15:24:28 ossec-agentd(4105): ERROR: No valid server IP found.
2014/11/03 15:24:28 ossec-agentd(1215): ERROR: No client configured. Exiting.
Did I miss or screw something up in the configuration? The docs seem a little vague to me...(http://ossec-docs.readthedocs.org/en/latest/manual/agent/index.html)tail /var/ossec/logs/ossec.log
...
2014/11/03 15:24:28 ossec-agentd(4105): ERROR: No valid server IP found.
2014/11/03 15:24:28 ossec-agentd(1215): ERROR: No client configured. Exiting.
Rob McKennon,
MainStreet Softworks
Robert Mckennon
Nov 3, 2014, 5:32:30 PM11/3/14
to ossec...@googlegroups.com
Ok, got it working... Had to install it on CentOS 6.5 and look at the difference in the ossec.conf files.
In CentOS7 it doesn't update the ossec.conf file with:
<client>
<server-ip>xxx.xx.xx.xx</server-ip>
</client>
Once I added that to the ossec.conf file in CentOS7, the service started up.
Rob McKennon
In CentOS7 it doesn't update the ossec.conf file with:
<client>
<server-ip>xxx.xx.xx.xx</server-ip>
</client>
Once I added that to the ossec.conf file in CentOS7, the service started up.
Rob McKennon
dan (ddp)
Nov 4, 2014, 7:56:48 AM11/4/14
to ossec...@googlegroups.com
On Mon, Nov 3, 2014 at 4:11 PM, Robert Mckennon <robmc...@gmail.com> wrote:
> Hello,
>
> I'm having a little problem getting the client/agent running on CentOS7. It
> installed and is running fine on another CentOS7 box as ossec-server.
>
> I got it installed using these 3 files:
> inotify-tools-3.14-8.el7.x86_64.rpm
> ossec-hids-2.8.1-47.el7.art.x86_64.rpm
> ossec-hids-client-2.8.1-47.el7.art.x86_64.rpm
>
> Installed it with:
> rpm -ivh inotify-tools-3.14-8.el7.x86_64.rpm
> rpm -ivh ossec-hids-*
>
> ./ossec-configure
> [root@log bin]# ./ossec-configure
>
> OSSEC Configuration utility v0.1
>
> 1- What kind of installation do you want? (server, agent, local) [Default:
> server]: agent
>
> 2- Setting up the configuration environment.
>
> 3- Configuring the OSSEC HIDS.
>
> 3.1- Do you want e-mail notification? (y/n) [Default: y]:
> - What's your e-mail address? rmck...@monetra.com
> - What's your SMTP server ip/host? mail.monetra.com
>
I don't know anything about this script, but these questions are for a
> Hello,
>
> I'm having a little problem getting the client/agent running on CentOS7. It
> installed and is running fine on another CentOS7 box as ossec-server.
>
> I got it installed using these 3 files:
> inotify-tools-3.14-8.el7.x86_64.rpm
> ossec-hids-2.8.1-47.el7.art.x86_64.rpm
> ossec-hids-client-2.8.1-47.el7.art.x86_64.rpm
>
> Installed it with:
> rpm -ivh inotify-tools-3.14-8.el7.x86_64.rpm
> rpm -ivh ossec-hids-*
>
> ./ossec-configure
> [root@log bin]# ./ossec-configure
>
> OSSEC Configuration utility v0.1
>
> 1- What kind of installation do you want? (server, agent, local) [Default:
> server]: agent
>
> 2- Setting up the configuration environment.
>
> 3- Configuring the OSSEC HIDS.
>
> 3.1- Do you want e-mail notification? (y/n) [Default: y]:
> - What's your e-mail address? rmck...@monetra.com
> - What's your SMTP server ip/host? mail.monetra.com
>
server or local installation. This information serves no purpose on an
agent.
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages