注意:以下操作需在OSSEC服务端进行设置
一、下载analogi,存放于/var/www/html/下并赋予权限
[root@localhost ~]# wget https://github.com/ECSC/analogi/archive/master.zip
[root@localhost ~]# unzip master.zip
[root@localhost ~]# mv analogi-master/ /var/www/html/analogi
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# chown -R apache.apache analogi/
[root@localhost html]# cd analogi/
[root@localhost analogi]# cp db_ossec.php.new db_ossec.php
二、编辑db_ossec.php文件,修改MySQL的配置信息
define ('DB_USER_O', 'ossec');
define ('DB_PASSWORD_O', 'ossec');
define ('DB_HOST_O', '127.0.0.1');
define ('DB_NAME_O', 'ossec');
三、修改 apache 配置,增加虚拟目录
[root@localhost analogi]# vim /etc/httpd/conf.d/analogi.conf
添加如下内容:
Alias /analogi /var/www/html/analogi
<Directory /var/www/html/analogi>
Order deny,allow
Deny from all
Allow from 192.168.0.0/
</Directory>
然后重新启动Apache
[root@localhost analogi]# systemctl restart httpd
此时访问http://192.168.218.136/analogi/可以查看到检测状态
注意事项:如果访问http://192.168.218.136/analogi/时总是抛错403请尝试以下两种方法调试:
[root@localhost conf.d]# systemctl stop firewalld.service [root@localhost httpd]# setenforce
至此,OSSEC的安装与调试已全部结束。