下载好ossec安装文件后解压得到如下目录
[root@localhost ~]# cd ossec-hids-2.8./
[root@localhost ossec-hids-2.8.]# ll
total
drwxrwxr-x. root root Oct active-response
drwxr-xr-x. root root Jul : bin
-rw-rw-r--. root root Oct BUGS
-rw-rw-r--. root root Oct CONFIG
drwxrwxr-x. root root Oct contrib
-rw-rw-r--. root root Oct CONTRIBUTORS
drwxrwxr-x. root root Oct doc
drwxrwxr-x. root root Jul : etc
-rw-rw-r--. root root Oct INSTALL
-rwxrwxr-x. root root Oct install.sh
-rw-rw-r--. root root Oct LICENSE
-rw-rw-r--. root root Oct README.md
drwxrwxr-x. root root Jul : src
进入到该目录后执行./install.sh后将开始安装,具体的安装过程如下:
[root@localhost ossec-hids-2.8.3]# ./install.sh
** Para instala??o em português, escolha [br].
** 要使用中文进行安装, 请选择 [cn].
** Fur eine deutsche Installation wohlen Sie [de].
** Για εγκατ?σταση στα Ελληνικ?, επιλ?ξτε [el].
** For installation in English, choose [en].
** Para instalar en Espa?ol , eliga [es].
** Pour une installation en fran?ais, choisissez [fr]
** A Magyar nyelv? telepítéshez válassza [hu].
** Per l'installazione in Italiano, scegli [it].
** 日本語でインストールします.選択して下さい.[jp].
** Voor installatie in het Nederlands, kies [nl].
** Aby instalowa? w j?zyku Polskim, wybierz [pl].
** Для инструкций по установке на русском ,введите [ru].
** Za instalaciju na srpskom, izaberi [sr].
** Türk?e kurulum i?in se?in [tr].
(en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]: cn
OSSEC HIDS v2.8.3 安装脚本 - http://www.ossec.net
您将开始 OSSEC HIDS 的安装.
请确认在您的机器上已经正确安装了 C 编译器.
如果您有任何疑问或建议,请给 dcid@ossec.net (或 daniel.cid@gmail.com) 发邮件.
- 系统类型: Linux localhost.localdomain 3.10.0-123.el7.x86_64
- 用户: root
- 主机: localhost.localdomain
-- 按 ENTER 继续或 Ctrl-C 退出. --
1- 您希望哪一种安装 (server, agent, local or help)? server
- 选择了 Server 类型的安装.
2- 正在初始化安装环境.
- 请选择 OSSEC HIDS 的安装路径 [/var/ossec]: /opt/ossec
- OSSEC HIDS 将安装在 /opt/ossec .
3- 正在配置 OSSEC HIDS.
3.1- 您希望收到e-mail告警吗? (y/n) [y]:
- 请输入您的 e-mail 地址? pentest^H^H
- 请输入您的 e-mail 地址? [rmyrd^H^H
- 请输入您的 e-mail 地址? pentest.txt^H
- 请输入您的 e-mail 地址? pentest.test@163.com
- 我们找到您的 SMTP 服务器为: 163mx00.mxmail.netease.com.
- 您希望使用它吗? (y/n) [y]: n
- 请输入您的 SMTP 服务器IP或主机名 ? 127.0.0.1
3.2- 您希望运行系统完整性检测模块吗? (y/n) [y]:
- 系统完整性检测模块将被部署.
3.3- 您希望运行 rootkit检测吗? (y/n) [y]:
- rootkit检测将被部署.
3.4- 关联响应允许您在分析已接收事件的基础上执行一个
已定义的命令.
例如,你可以阻止某个IP地址的访问或禁止某个用户的访问权限.
更多的信息,您可以访问:
http://www.ossec.net/en/manual.html#active-response
- 您希望开启联动(active response)功能吗? (y/n) [y]:
- 关联响应已开启
- 默认情况下, 我们开启了主机拒绝和防火墙拒绝两种响应.
第一种情况将添加一个主机到 /etc/hosts.deny.
第二种情况将在iptables(linux)或ipfilter(Solaris,
FreeBSD 或 NetBSD)中拒绝该主机的访问.
- 该功能可以用以阻止 SSHD 暴力攻击, 端口扫描和其他
一些形式的攻击. 同样你也可以将他们添加到其他地方,
例如将他们添加为 snort 的事件.
- 您希望开启防火墙联动(firewall-drop)功能吗? (y/n) [y]:
- 防火墙联动(firewall-drop)当事件级别 >= 6 时被启动
- 联动功能默认的白名单是:
- 192.168.218.2
- 您希望添加更多的IP到白名单吗? (y/n)? [n]: y
- 请输入IP (用空格进行分隔): 192.168.218.136
3.5- 您希望接收远程机器syslog吗 (port 514 udp)? (y/n) [y]:
- 远程机器syslog将被接收.
3.6- 设置配置文件以分析一下日志:
-- /var/log/messages
-- /var/log/secure
-- /var/log/maillog
-- /var/log/httpd/error_log (apache log)
-- /var/log/httpd/access_log (apache log)
-如果你希望监控其他文件, 只需要在配置文件ossec.conf中
添加新的一项.
任何关于配置的疑问您都可以在 http://www.ossec.net 找到答案.
--- 按 ENTER 以继续 ---
5- 正在安装系统
- 正在运行Makefile
INFO: Little endian set.
*** Making zlib (by Jean-loup Gailly and Mark Adler) ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/external'
cd zlib-1.2.8/; ./configure; make libz.a;
Checking for gcc...
Checking for shared library support...
Building shared library libz.so.1.2.8 with gcc.
Checking for off64_t... Yes.
Checking for fseeko... Yes.
Checking for strerror... Yes.
Checking for unistd.h... Yes.
Checking for stdarg.h... Yes.
Checking whether to use vs[n]printf() or s[n]printf()... using vs[n]printf().
Checking for vsnprintf() in stdio.h... Yes.
Checking for return value of vsnprintf()... Yes.
Checking for attribute(visibility) support... Yes.
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/external/zlib-1.2.8'
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o adler32.o adler32.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o crc32.o crc32.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o deflate.o deflate.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o infback.o infback.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o inffast.o inffast.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o inflate.o inflate.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o inftrees.o inftrees.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o trees.o trees.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o zutil.o zutil.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o compress.o compress.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o uncompr.o uncompr.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzclose.o gzclose.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzlib.o gzlib.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzread.o gzread.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzwrite.o gzwrite.c
ar rc libz.a adler32.o crc32.o deflate.o infback.o inffast.o inflate.o inftrees.o trees.o zutil.o compress.o uncompr.o gzclose.o gzlib.o gzread.o gzwrite.o
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/external/zlib-1.2.8'
cp -pr zlib-1.2.8/libz.a .
cp -pr zlib-1.2.8/zlib.h zlib-1.2.8/zconf.h ../headers/
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/external'
*** Making cJSON (by Dave Gamble) ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/external/cJSON'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"cJSON\" -DOSSECHIDS -c cJSON.c
ar -crus libcJSON.a *.o
cp -pr cJSON.h ../../headers/
cp -pr libcJSON.a ../
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/external/cJSON'
*** Making Lua 5.2 (by team at PUC-Rio in Brazi) ***
Copyright ? 1994–2014 Lua.org, PUC-Rio.
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/external/lua-5.2.3'
cd src && make posix
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/external/lua-5.2.3/src'
make all SYSCFLAGS="-DLUA_USE_POSIX"
make[3]: Entering directory `/root/ossec-hids-2.8.3/src/external/lua-5.2.3/src'
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lapi.o lapi.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lcode.o lcode.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lctype.o lctype.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ldebug.o ldebug.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ldo.o ldo.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ldump.o ldump.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lfunc.o lfunc.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lgc.o lgc.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o llex.o llex.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lmem.o lmem.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lobject.o lobject.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lopcodes.o lopcodes.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lparser.o lparser.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lstate.o lstate.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lstring.o lstring.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ltable.o ltable.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ltm.o ltm.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lundump.o lundump.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lvm.o lvm.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lzio.o lzio.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lauxlib.o lauxlib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lbaselib.o lbaselib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lbitlib.o lbitlib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lcorolib.o lcorolib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ldblib.o ldblib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o liolib.o liolib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lmathlib.o lmathlib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o loslib.o loslib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lstrlib.o lstrlib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o ltablib.o ltablib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o loadlib.o loadlib.c
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o linit.o linit.c
ar rcu liblua.a lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o lstate.o lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o lauxlib.o lbaselib.o lbitlib.o lcorolib.o ldblib.o liolib.o lmathlib.o loslib.o lstrlib.o ltablib.o loadlib.o linit.o
ranlib liblua.a
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o lua.o lua.c
cc -o ossec-lua lua.o liblua.a -lm
cc -O2 -Wall -DLUA_COMPAT_ALL -DLUA_USE_POSIX -c -o luac.o luac.c
cc -o ossec-luac luac.o liblua.a -lm
make[3]: Leaving directory `/root/ossec-hids-2.8.3/src/external/lua-5.2.3/src'
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/external/lua-5.2.3/src'
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/external/lua-5.2.3'
*** Making os_xml ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_xml'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"os_xml\" -DOSSECHIDS -c *.c
ar -crus os_xml.a *.o
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_xml'
*** Making os_regex ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_regex'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"os_regex\" -DOSSECHIDS -c *.c
ar -crus os_regex.a *.o
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_regex'
*** Making os_net ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_net'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"os_net\" -DOSSECHIDS -c os_net.c
ar -crus os_net.a os_net.o
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_net'
*** Making os_crypto ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_crypto'
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/os_crypto/blowfish'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"blowfish_op\" -DOSSECHIDS -c bf_op.c bf_skey.c bf_enc.c
ar cru bf_op.a bf_op.o bf_skey.o bf_enc.o
ranlib bf_op.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/os_crypto/blowfish'
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/os_crypto/md5'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"md5_op\" -DOSSECHIDS -c md5.c md5_op.c
ar cru md5_op.a md5_op.o md5.o
ranlib md5_op.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/os_crypto/md5'
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/os_crypto/sha1'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"sha1_op\" -DOSSECHIDS -c sha1_op.c
ar cru sha1_op.a sha1_op.o
ranlib sha1_op.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/os_crypto/sha1'
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/os_crypto/md5_sha1'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"md5_sha1_op\" -DOSSECHIDS -c ../md5/md5.c md5_sha1_op.c
ar cru md5_op.a md5_sha1_op.o ../md5/md5.o
ranlib md5_op.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/os_crypto/md5_sha1'
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/os_crypto/shared'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"shared\" -DOSSECHIDS -c *.c
ar cru shared.a *.o
ranlib shared.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/os_crypto/shared'
ar cru os_crypto.a blowfish/bf_op.o blowfish/bf_skey.o blowfish/bf_enc.o md5/md5_op.o md5/md5.o sha1/sha1_op.o md5_sha1/md5_sha1_op.o shared/*.o
ranlib os_crypto.a
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_crypto'
*** Making shared ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/shared'
cc -c -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"shared-libs\" -DOSSECHIDS *.c
file_op.c: In function ‘rename_ex’:
file_op.c:660:9: warning: too many arguments for format [-Wformat-extra-args]
);
^
ar cru lib_shared.a *.o
ranlib lib_shared.a
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/shared'
*** Making config ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/config'
cc -c -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-config\" -DOSSECHIDS *.c
ar cru lib_config.a *.o
ranlib lib_config.a
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/config'
*** Making os_maild ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_maild'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-maild\" -DOSSECHIDS maild.c config.c os_maild_client.c sendmail.c mail_list.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a -o ossec-maild
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_maild'
*** Making os_dbd ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_dbd'
Compiling DB support with:
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-dbd\" -DOSSECHIDS *.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a -o ossec-dbd -I/usr/include/mysql -L/usr/lib64/mysql -lmysqlclient -lpthread -lz -lm -lssl -lcrypto -ldl -DDBD -DUMYSQL
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_dbd'
*** Making os_csyslogd ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_csyslogd'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-csyslogd\" -DOSSECHIDS *.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../external/libcJSON.a -lm -o ossec-csyslogd
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_csyslogd'
*** Making agentlessd ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/agentlessd'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-agentlessd\" -DOSSECHIDS *.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../os_crypto/os_crypto.a -o ossec-agentlessd
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/agentlessd'
*** Making os_execd ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_execd'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-execd\" -DOSSECHIDS execd.c exec.c config.c ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a -o ossec-execd
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-execd\" -DOSSECHIDS -c execd.c exec.c config.c
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_execd'
*** Making analysisd ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd'
cd ./cdb; make
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/cdb'
cc -I../ -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"cdb\" -DOSSECHIDS -c cdb.c cdb_hash.c cdb_make.c uint32_pack.c uint32_unpack.c
ar cru cdb.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o
ar cru cdb_make.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o
ranlib cdb.a
ranlib cdb_make.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/cdb'
cd ./alerts; make
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/alerts'
cc -I../ -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"alerts\" -DOSSECHIDS -c mail.c log.c exec.c getloglocation.c
ar cru alerts.a mail.o log.o exec.o getloglocation.o
ranlib alerts.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/alerts'
cd ./decoders; make
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/decoders'
cd plugins; make;
make[3]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/decoders/plugins'
cc -g -Wall -I../../../ -I../../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -I../../ -c *.c
make[3]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/decoders/plugins'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -I../ -c *.c
ar cru decoders.a *.o plugins/*.o
ranlib decoders.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/decoders'
cd ./compiled_rules; make;
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/compiled_rules'
./register_rule.sh build
*Build completed.
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -I../ -c *.c
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/compiled_rules'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -I./ analysisd.c stats.c lists.c lists_list.c rules.c rules_list.c config.c fts.c dodiff.c eventinfo.c eventinfo_list.c cleanevent.c active-response.c picviz.c prelude.c zeromq_output.c compiled_rules/*.o ../config/lib_config.a decoders/decoders.a cdb/cdb.a cdb/cdb_make.a alerts/alerts.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a ../shared/lib_shared.a ../os_zlib/os_zlib.c ../external/libz.a ../external/libcJSON.a -lm -o ossec-analysisd
cd ./cdb; make
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/cdb'
cc -I../ -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"cdb\" -DOSSECHIDS -c cdb.c cdb_hash.c cdb_make.c uint32_pack.c uint32_unpack.c
ar cru cdb.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o
ar cru cdb_make.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o
ranlib cdb.a
ranlib cdb_make.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/cdb'
cd ./decoders; make logtest
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/decoders'
cd plugins; make;
make[3]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/decoders/plugins'
cc -g -Wall -I../../../ -I../../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -I../../ -c *.c
make[3]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/decoders/plugins'
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -DTESTRULE -I../ -c *.c
ar cru decoders.a *.o plugins/*.o
ranlib decoders.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/decoders'
cd ./compiled_rules; make;
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/compiled_rules'
./register_rule.sh build
*Build completed.
cc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -I../ -c *.c
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/compiled_rules'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -DTESTRULE -I./ testrule.c analysisd.c stats.c lists.c lists_list.c rules.c rules_list.c config.c fts.c dodiff.c eventinfo.c eventinfo_list.c cleanevent.c active-response.c picviz.c prelude.c zeromq_output.c compiled_rules/*.o ../config/lib_config.a decoders/decoders.a cdb/cdb.a cdb/cdb_make.a alerts/alerts.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a ../shared/lib_shared.a ../os_zlib/os_zlib.c ../external/libz.a ../external/libcJSON.a -lm -o ossec-logtest
cd ./cdb; make
make[2]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd/cdb'
cc -I../ -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"cdb\" -DOSSECHIDS -c cdb.c cdb_hash.c cdb_make.c uint32_pack.c uint32_unpack.c
ar cru cdb.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o
ar cru cdb_make.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o
ranlib cdb.a
ranlib cdb_make.a
make[2]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd/cdb'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-analysisd\" -DOSSECHIDS -DTESTRULE -I./ makelists.c lists_make.c stats.c lists.c lists_list.c rules.c rules_list.c config.c fts.c dodiff.c eventinfo.c eventinfo_list.c cleanevent.c active-response.c picviz.c prelude.c zeromq_output.c compiled_rules/*.o ../config/lib_config.a decoders/decoders.a cdb/cdb.a cdb/cdb_make.a alerts/alerts.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a ../shared/lib_shared.a ../os_zlib/os_zlib.c ../external/libz.a ../external/libcJSON.a -lm -o ossec-makelists
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd'
*** Making logcollector ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/logcollector'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-logcollector\" -DOSSECHIDS -DARGV0=\"ossec-logcollector\" *.c ../config/lib_config.a ../shared/lib_shared.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a ../os_crypto/os_crypto.a -o ossec-logcollector
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/logcollector'
*** Making remoted ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/remoted'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-remoted\" -DOSSECHIDS *.c ../config/lib_config.a ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_net/os_net.a ../os_xml/os_xml.a ../os_regex/os_regex.a -lpthread -o ossec-remoted
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/remoted'
*** Making client-agent ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/client-agent'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-agentd\" -DOSSECHIDS *.c ../config/lib_config.a ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a -DCLIENT -o ossec-agentd
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/client-agent'
*** Making addagent ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/addagent'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"manage_agents\" -DOSSECHIDS *.c ../shared/lib_shared.a ../os_regex/os_regex.a ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../os_net/os_net.a -o manage_agents
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/addagent'
*** Making util ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/util'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS ../addagent/manage_agents.c ../addagent/manage_keys.c ../addagent/validate.c ../addagent/read_from_user.c ../addagent/b64.c syscheck_update.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o syscheck_update
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS clear_stats.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o clear_stats
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS list_agents.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o list_agents
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS verify-agent-conf.c ../config/lib_config.a ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a ../os_xml/os_xml.a -o verify-agent-conf
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS ../addagent/manage_agents.c ../addagent/manage_keys.c ../addagent/validate.c ../addagent/read_from_user.c ../addagent/b64.c agent_control.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o agent_control
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS ../addagent/manage_agents.c ../addagent/manage_keys.c ../addagent/validate.c ../addagent/read_from_user.c ../addagent/b64.c syscheck_control.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o syscheck_control
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS ../addagent/manage_agents.c ../addagent/manage_keys.c ../addagent/validate.c ../addagent/read_from_user.c ../addagent/b64.c rootcheck_control.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o rootcheck_control
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"util\" -DOSSECHIDS ossec-regex.c ../os_zlib/os_zlib.c ../external/libz.a ../os_crypto/os_crypto.a ../shared/lib_shared.a ../os_regex/os_regex.a ../os_net/os_net.a -o ossec-regex
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/util'
*** Making rootcheck ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/rootcheck'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-rootcheck\" -DOSSECHIDS -c check_open_ports.c check_rc_pids.c check_rc_*s.c run_rk_check.c check_rc_dev.c check_rc_ports.c check_rc_policy.c common.c common_rcl.c win-common.c unix-process.c check_rc_files.c check_rc_readproc.c os_string.c check_rc_if.c check_rc_sys.c rootcheck.c config.c -D_GNU_SOURCE
ar cru rootcheck_lib.a *.o
ranlib rootcheck_lib.a
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/rootcheck'
*** Making syscheckd ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/syscheckd'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-syscheckd\" -DOSSECHIDS syscheck.c config.c seechanges.c run_realtime.c create_db.c run_check.c ../config/lib_config.a ../rootcheck/rootcheck_lib.a ../shared/lib_shared.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a ../os_crypto/os_crypto.a -o ossec-syscheckd
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/syscheckd'
*** Making monitord ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/monitord'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-monitord\" -DOSSECHIDS compress_log.c main.c manage_files.c monitor_agents.c monitord.c sign_log.c generate_reports.c ../os_maild/sendcustomemail.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-monitord
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-monitord\" -DOSSECHIDS -UARGV0 -DARGV0=\"ossec-reportd\" report.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_xml/os_xml.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-reportd
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/monitord'
*** Making os_auth ***
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_auth'
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-authd\" -DOSSECHIDS main-server.c ssl.c ../addagent/validate.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -lssl -lcrypto -o ossec-authd
cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/opt/ossec\" -DUSE_OPENSSL -DUSEINOTIFY -DARGV0=\"ossec-authd\" -DOSSECHIDS main-client.c ssl.c ../addagent/validate.c ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a ../os_regex/os_regex.a ../os_crypto/os_crypto.a ../os_zlib/os_zlib.c ../external/libz.a -lssl -lcrypto -o agent-auth
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_auth'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_maild'
cp -pr ossec-maild ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_maild'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_dbd'
cp -pr ossec-dbd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_dbd'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_csyslogd'
cp -pr ossec-csyslogd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_csyslogd'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/agentlessd'
cp -pr ossec-agentlessd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/agentlessd'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_execd'
cp -pr ossec-execd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_execd'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/analysisd'
cp -pr ossec-analysisd ../../bin
cp -pr ossec-logtest ../../bin
cp -pr ossec-makelists ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/analysisd'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/logcollector'
cp -pr ossec-logcollector ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/logcollector'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/remoted'
cp -pr ossec-remoted ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/remoted'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/client-agent'
cp -pr ossec-agentd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/client-agent'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/addagent'
cp -pr manage_agents ../../bin
cp -pr manage_agents ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/addagent'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/util'
cp -pr syscheck_update clear_stats list_agents syscheck_control rootcheck_control agent_control verify-agent-conf ossec-regex ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/util'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/rootcheck'
make[1]: Nothing to be done for `build'.
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/rootcheck'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/syscheckd'
cp -pr ossec-syscheckd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/syscheckd'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/monitord'
cp -pr ossec-monitord ../../bin
cp -pr ossec-reportd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/monitord'
make[1]: Entering directory `/root/ossec-hids-2.8.3/src/os_auth'
cp -pr ossec-authd ../../bin
cp -pr agent-auth ossec-authd ../../bin
make[1]: Leaving directory `/root/ossec-hids-2.8.3/src/os_auth'
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
- 系统类型是 Redhat Linux.
- 修改启动脚本使 OSSEC HIDS 在系统启动时自动运行
- 已正确完成系统配置.
- 要启动 OSSEC HIDS:
/opt/ossec/bin/ossec-control start
- 要停止 OSSEC HIDS:
/opt/ossec/bin/ossec-control stop
- 要查看或修改系统配置,请编辑 /opt/ossec/etc/ossec.conf
感谢使用 OSSEC HIDS.
如果您有任何疑问,建议或您找到任何bug,
请通过 contact@ossec.net 或邮件列表 ossec-list@ossec.net 联系我们.
( http://www.ossec.net/en/mailing_lists.html ).
您可以在 http://www.ossec.net 获得更多信息
--- 请按 ENTER 结束安装 (下面可能有更多信息). ---