[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: [ossec-list] Re: Help with Stand alone implementation on Red Hat Enterprise 6
From: Kat <uncommonkat () gmail ! com>
Date: 2016-08-23 12:14:03
Message-ID: 0317c767-27b6-49b5-a31a-126496d7d1e8 () googlegroups ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Shawn,
ossec-hids is he base package containing, what you might call, the
"building blocks" -- things like the username configs, folders, scripts to
setup permissions, etc. However, you have not set the "fiction" of the
box, so yes, you do need the "server" package. You don't need to add the
client as well, since the server will do just fine on its own. So install
ossec-hids and ossec-hids-server.
That should get you going just fine.
Cheers
Kat
On Monday, August 22, 2016 at 12:59:28 PM UTC-5, Shawn Wiley wrote:
>
> I have a pair of Red Hat 6 servers which will be deployed "high risk"
> internet facing. I'd like to install the OSSEC software to monitor for
> changes to the server, root kits, and compliance checking. I have
> successfully deployed OSSEC before as an agent talking back to an OSSEC
> server but I would like to do this install as a stand alone device so I do
> not have to open up communications into my internal LAN. I see on Red Hat's
> yum server there is a "ossec-hids.x86_64 2.8.3-53.el6.art" but when I
> install this file many of the required binaries seem to be missing. Can I
> install only this package and configure it to run OSSEC or do I need to
> also install the ossec-hids-server.x86_64 or ossec-hids-client.x86_64 to
> make ossec run as a stand alone? The server file has a few additional
> dependencies which I'd rather not install unless I have to. Has anyone
> written up exactly which files are required to build a stand alone OSSEC
> instance. I know I can build and install OSSEC on my server and that works
> but I need to be able to deploy via an RPM. Otherwise it will be to much
> manual work to build OSSEC on all of my servers. Any advice on how to
> install OSSEC as as stand alone device via YUM or RPM packages would be
> greatly appreciated. Even advice as to which RPMs need to be installed
> would be helpful is it only hids or is it hids client or hids server.
>
> Thanks,
>
> Shawn
>
>
>
>
>
>
> ossec-hids.x86_64 2.8.3-53.el6.art
> ossec-hids-server.x86_64 2.8.3-53.el6.art
> ossec-hids-client.x86_64 2.8.3-53.el6.art
> ossec-hids-debuginfo.x86_64 2.8.3-53.el6.art
> ossec-hids-mysql.x86_64 2.8.3-53.el6.art
> ossec-hids-server.x86_64 2.8.3-53.el6.art
> ossec-wui.noarch 0.8-4.el6.art
>
>
--
---
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.
[Attachment #5 (text/html)]
<div dir="ltr">Shawn,<div><br></div><div>ossec-hids is he base package containing, \
what you might call, the "building blocks" -- things like the username \
configs, folders, scripts to setup permissions, etc. However, you have not set \
the "fiction" of the box, so yes, you do need the "server" \
package. You don't need to add the client as well, since the server will do \
just fine on its own. So install ossec-hids and ossec-hids-server. \
</div><div><br></div><div>That should get you going just \
fine.</div><div>Cheers</div><div>Kat<br><br>On Monday, August 22, 2016 at 12:59:28 PM \
UTC-5, Shawn Wiley wrote:<blockquote class="gmail_quote" style="margin: \
0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;"><div dir="ltr">I \
have a pair of Red Hat 6 servers which will be deployed "high risk" \
internet facing. I'd like to install the OSSEC software to monitor for changes to \
the server, root kits, and compliance checking. I have successfully deployed OSSEC \
before as an agent talking back to an OSSEC server but I would like to do this \
install as a stand alone device so I do not have to open up communications into my \
internal LAN. I see on Red Hat's yum server there is a "ossec-hids.x86_64 \
2.8.3-53.el6.art" but when I install this file many of the required binaries \
seem to be missing. Can I install only this package and configure it to run OSSEC or \
do I need to also install the ossec-hids-server.x86_64 or ossec-hids-client.x86_64 \
to make ossec run as a stand alone? The server file has a few additional dependencies \
which I'd rather not install unless I have to. Has anyone written up exactly \
which files are required to build a stand alone OSSEC instance. I know I can build \
and install OSSEC on my server and that works but I need to be able to deploy via an \
RPM. Otherwise it will be to much manual work to build OSSEC on all of my servers. \
Any advice on how to install OSSEC as as stand alone device via YUM or RPM packages \
would be greatly appreciated. Even advice as to which RPMs need to be installed \
would be helpful is it only hids or is it hids client or hids \
server.<div><br></div><div>Thanks,</div><div><br></div><div>Shawn \
<br><div><br><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><div>ossec-hids.x86_64 \
2.8.3-53.el6.art </div><div>ossec-hids-server.x86_64 \
2.8.3-53.el6.art </div><div>ossec-hids-client.x86_64 \
2.8.3-53.el6.art <br></div><div>ossec-hids-debuginfo.x86_64 \
2.8.3-53.el6.art </div><div>ossec-hids-mysql.x86_64 \
2.8.3-53.el6.art </div><div>ossec-hids-server.x86_64 \
2.8.3-53.el6.art </div><div>ossec-wui.noarch \
0.8-4.el6.art \
</div></div><div><br></div></div></div></div></blockquote></div></div>
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups \
"ossec-list" group.<br /> To unsubscribe from this group and stop receiving \
emails from it, send an email to <a \
href="mailto:ossec-list+unsubscribe@googlegroups.com">ossec-list+unsubscribe@googlegroups.com</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/d/optout">https://groups.google.com/d/optout</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic