I send my request to the group again to [email protected]
because [email protected] doesn't seem to be active.
-------- Original-Nachricht --------
Betreff: Not getting the combination of agent/server on a VPS
Datum: Tue, 08 Nov 2011 11:44:31 +0100
Von: Callcomet G-Mail <[email protected]>
Antwort an: [email protected]
An: [email protected]
Hi all,
I suppose this is a very nice tool so far. I want to do a lot of
improvement on my VPS security.
It is sad, that I seem not to understand how to install it. I had a
similar situation when I installed monit and munin on my last servers,
everybody on the net is going like: Hey, this easy to install and setup.
Make step 1 and step 2 and... finished.
Unfortunately, there were lots of things in between that I simply didnt
know or understood.
I live through the same, here in this case.
So, maybe one of You might be so kind to help me out, with really steps,
so I can mange it to get it running on my vps.
Requirements:
VPS running on a hoster, with a debian squeeze and froxlor as admin
panel. PHP under fcgi.
The webserver is apache. I have a linux ubuntu 10.04 installed on my
desktop. My local LAN is not behind a static IP. Simple DSL subscription.
I would like to run ossec and watch my server. How do I do it?
I started first to install server during the installation process. I
saw, that this could be wrong, because I wasnt prompted to add any agent.
and /manage_agents didnt prompt me either.
So, I have run through setup again after uninstalling it with the bash
script http://www.ossec.net/wiki/Tweaking_OSSEC
Then I have chosen local installation this time. Added www-data to the
ossec user group.
My groups with user look like this:
ossecm:ossecm : ossec
ossec:ossec : ossec
ossecr:ossecr : ossec
www-data:www-data : www-data ossec
Achieved by this command line:
for u in `cut -f1 -d: /etc/passwd`; do echo -n $u:; groups $u; done | sort
Started ossec and now with /var/ossec/bin/ossec-control status it says:
ossec-monitord is running...
ossec-logcollector is running...
ossec-syscheckd is running...
ossec-analysisd is running...
ossec-maild is running...
ossec-execd is running...
I added an agent now.
Here I am totally puzzled.
I would add the agent name and the IP for the agent would be the IP the
VPS server is running with, correct?
ID for agent and good.
My webUI doesnt show any agent. So does the shell:
/var/ossec/bin/list_agents -a
** No agent available.
But when I go to the agent manager, it DOES show the agent I added.
****************************************
* OSSEC HIDS v2.6 Agent manager. *
* The following options are available: *
****************************************
(A)dd an agent (A).
(E)xtract key for an agent (E).
(L)ist already added agents (L).
(R)emove an agent (R).
(Q)uit.
Choose your action: A,E,L,R or Q: L
Available agents:
ID: 001, Name: Myagent, IP: My.Se.Rver.IP
What the heck is going on?
I can't use that agent so far.
What am I doing wrong?
I would like to have ossec also watch my user logs, that are
individually located under /var/customers/logs/WEBUSER
Is that possible too?
Thanks so much in advance for any hint understandable.
Cheers.
Andre
