Last active
January 27, 2016 18:43
-
-
Save 13Cubed/afcd452f38e63ed0d9f0 to your computer and use it in GitHub Desktop.
OSSEC HIDS agent installation script for RHEL/CentOS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This script simplifies the installation of the OSSEC HIDS Agent for RHEL/CentOS boxes. | |
# Are we running is root? | |
if [ $(id -u) -ne 0 ]; then | |
echo | |
echo "This script must be run as root!" | |
echo | |
exit; | |
fi | |
# Pull down the repo installer script from AtomiCorp. | |
echo | |
echo "Installing Atomic Repo ..." | |
echo | |
cd /root | |
curl -o atomic.sh https://www.atomicorp.com/installers/atomic | |
chmod 755 atomic.sh | |
./atomic.sh | |
rm -f atomic.sh | |
rm -f atomic-release* | |
# Now that the repo has been added, use yum to install the package. | |
echo "Installing OSSEC HIDS Agent ..." | |
echo | |
yum install ossec-hids-client -y | |
echo | |
echo | |
# Rename an unnecessary configuration file. | |
echo "Renaming unnecessary agent.conf file in /var/ossec/etc/shared/ to agent.conf.bak ..." | |
mv /var/ossec/etc/shared/agent.conf /var/ossec/etc/shared/agent.conf.bak | |
echo | |
echo | |
# Launch the OSSEC configuration utility. | |
echo "Starting OSSEC Configuration" | |
echo | |
/var/ossec/bin/ossec-configure | |
echo | |
echo | |
# Launch the OSSEC agent manager. | |
echo "Starting OSSEC Agent Manager (choose 'I' to import key from AlienVault)" | |
/var/ossec/bin/manage_client | |
echo | |
echo | |
echo "Adding server configuration to /var/ossec/etc/ossec.conf ..." | |
# If you'd rather use an IP address instead, use server-ip instead of server-hostname. | |
echo "Please enter server hostname (server.example.com): " | |
read server | |
sed -i "s/<\/global>/<\/global>\n <client>\n <server-hostname>$server<\/server-hostname>\n <\/client>/" /var/ossec/etc/ossec.conf | |
echo | |
echo | |
# Start the client. | |
echo "Attempting to start OSSEC ..." | |
echo | |
/var/ossec/bin/ossec-client.sh start |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment