# ftp http://www.ossec.net/files/ossec-hids-2.2.tar.gz Trying 75.126.165.213... Requesting http://www.ossec.net/files/ossec-hids-2.2.tar.gz 100% |********************************************************************************| 692 KB 00:02 Successfully retrieved file. # tar xfz ossec-hids-2.2.tar.gz # cd ossec-hids-2.2 # ./install.sh ** Para instalação em português, escolha [br]. ** 要使用中文进行安装, 请选择 [cn]. ** Fur eine deutsche Installation wohlen Sie [de]. ** Για εγκατάσταση στα Ελληνικά, επιλέξτε [el]. ** For installation in English, choose [en]. ** Para instalar en Español , eliga [es]. ** Pour une installation en français, choisissez [fr] ** Per l'installazione in Italiano, scegli [it]. ** 日本語でインストールします.選択して下さい.[jp]. ** Voor installatie in het Nederlands, kies [nl]. ** Aby instalować w języku Polskim, wybierz [pl]. ** Для инструкций по установке на русском ,введите [ru]. ** Za instalaciju na srpskom, izaberi [sr]. ** Türkçe kurulum için seçin [tr]. (en/br/cn/de/el/es/fr/it/jp/nl/pl/ru/sr/tr) [en]: en OSSEC HIDS v2.2 Installation Script - http://www.ossec.net You are about to start the installation process of the OSSEC HIDS. You must have a C compiler pre-installed in your system. If you have any questions or comments, please send an e-mail to dcid@ossec.net (or daniel.cid@gmail.com). - System: OpenBSD obsd45.ptnsecurity.com 4.5 - User: root - Host: obsd45.ptnsecurity.com -- Press ENTER to continue or Ctrl-C to abort. -- 1- What kind of installation do you want (server, agent, local or help)? server - Server installation chosen. 2- Setting up the installation environment. - Choose where to install the OSSEC HIDS [/var/ossec]: - Installation will be made at /var/ossec . 3- Configuring the OSSEC HIDS. 3.1- Do you want e-mail notification? (y/n) [y]: - What's your e-mail address? blog@ptnsecurity.com - We found your SMTP server as: aspmx3.googlemail.com. - Do you want to use it? (y/n) [y]: --- Using SMTP server: aspmx3.googlemail.com. 3.2- Do you want to run the integrity check daemon? (y/n) [y]: - Running syscheck (integrity check daemon). 3.3- Do you want to run the rootkit detection engine? (y/n) [y]: - Running rootcheck (rootkit detection). 3.4- Active response allows you to execute a specific command based on the events received. For example, you can block an IP address or disable access for a specific user. More information at: http://www.ossec.net/en/manual.html#active-response - Do you want to enable active response? (y/n) [y]: n - Active response disabled. 3.5- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]: n --- Remote syslog disabled. 3.6- Setting the configuration to analyze the following logs: -- /var/log/messages -- /var/log/authlog -- /var/log/secure -- /var/log/xferlog -- /var/log/maillog - If you want to monitor any other file, just change the ossec.conf and add a new localfile entry. Any questions about the configuration can be answered by visiting us online at http://www.ossec.net . --- Press ENTER to continue --- 5- Installing the system - Running the Makefile [.......SNIP lots of Compiling here........] - System is OpenBSD. - Init script modified to start OSSEC HIDS during boot. - Configuration finished properly. - To start OSSEC HIDS: /var/ossec/bin/ossec-control start - To stop OSSEC HIDS: /var/ossec/bin/ossec-control stop - The configuration can be viewed or modified at /var/ossec/etc/ossec.conf Thanks for using the OSSEC HIDS. If you have any question, suggestion or if you find any bug, contact us at contact@ossec.net or using our public maillist at ossec-list@ossec.net ( http://www.ossec.net/main/support/ ). More information can be found at http://www.ossec.net --- Press ENTER to finish (maybe more information below). --- - In order to connect agent and server, you need to add each agent to the server. Run the 'manage_agents' to add or remove them: /var/ossec/bin/manage_agents More information at: http://www.ossec.net/en/manual.html#ma