CentOS 7中ossec如何批量安装部署客户端

这篇文章主要为大家展示了"CentOS 7中ossec如何批量安装部署客户端"，内容简而易懂，条理清晰，希望能够帮助大家解决疑惑，下面让小编带领大家一起研究并学习一下"CentOS 7中ossec如何批量安装部署客户端"这篇文章吧。

1. 环境准备

server：192.168.244.3

client: 192.168.244.4

2.搭建ftp来下载配置文件

[root@ossec-server ~]# yum -y install httpd[root@ossec-server ~]# service httpd start[root@ossec-server ~]# mkdir /var/www/html/ossec[root@ossec-server ~]# cd /var/www/html/ossec[root@ossec-server ossec]# systemctl stop firewalld

3.访问http://192.168.244.3/ossec

4.创建存放ip地址信息的文件ip.txt

[root@ossec-server ~]# cat ip.txt agent01:192.168.244.4

5. 创建用来生成key的脚本

#!python# -*- coding: utf-8 -*-import os    if __name__ == '__main__':    save_keys_path = "keys.logs"    f = open("ip.txt")    lines = f.read().splitlines()f.close()#perl文件在安装包里面shell_path ="/root/ossec-hids-2.8.3/contrib/ossec-batch-manager.pl"for line in lines:        arr = line.split(":")        host_name = arr[0]        ip = arr[1]        #服务端根据name和ip添加客户端        cmd = "%s -a --ip %s --name %s" % (shell_path,ip,host_name)        os.system(cmd)        cmd = "%s -e %s >> %s" % (shell_path,ip,save_keys_path)        os.system(cmd)

6.安装必要的包

yum -y install perl-Digest-MD5yum -y  install perl-Time-HiRes

7.生成key文件/var/ossec/etc/client.keys

8.执行脚本

[root@ossec-server ~]# python key_gen.py [root@ossec-server ~]# cat /var/ossec/etc/client.keys 001 agent01 192.168.244.4 316260854925970ce8953064b1ff2fafe1245f38dd06ed1203a60f9a465a9f44

9，将客户端所需文件和包放在ftp里

[root@ossec-server ~]# cd /var/www/html/ossec[root@ossec-server ossec]# tar xf ossec_client_conf.tar.gz [root@ossec-server ossec]# lltotal 2416-rw-r--r-- 1 root root      93 Dec 15 21:49 client.keys-rw-r--r-- 1 root root  820077 Dec 16 02:22 ossec_client_conf.tar.gz-rw-r--r-- 1 root root    2781 Dec 28 23:55 ossec.conf-rw-r--r-- 1 root root 1634812 Apr 17  2015 ossec-hids-2.8.3.tar.gz-rwxr-xr-x 1 root root    3275 Dec 16 02:16 preloaded-vars.conf修改配置文件变成无交互自动安装[root@ossec-server ossec]# grep -Ev '^#|^$' preloaded-vars.conf USER_LANGUAGE="en"     # For englishUSER_NO_STOP="y"USER_INSTALL_TYPE="agent"USER_DIR="/var/ossec"USER_ENABLE_ACTIVE_RESPONSE="y"USER_ENABLE_SYSCHECK="y"USER_ENABLE_ROOTCHECK="y"USER_AGENT_SERVER_IP="192.168.244.3"

10.客户端批量agent批量安装

[root@ossec-client01 ~]# yum -y install gcc[root@ossec-client01 ~]# systemctl stop firewalld

11.执行脚本自动安装agent客户端

[root@ossec-client01 ~]# sh ossec-agent-batch-install.sh[root@ossec-client01 ~]# cat ossec-agent-batch-install.sh #!/bin/bashyum -y install gcccd /usr/localwget http://192.168.244.3/ossec/ossec-hids-2.8.3.tar.gztar xf ossec-hids-2.8.3.tar.gzcd ossec-hids-2.8.3/etc/mv preloaded-vars.conf preloaded-vars.conf.bakwget http://192.168.244.3/ossec/preloaded-vars.confcd .../install.shcd /opt/ossec/etcwget http://192.168.244.3/ossec/client.keysHOST_IP=`/sbin/ifconfig eth0 |grep 'Bcast' |cut -d: -f2 |cut -d' ' -f1`sed -i '/'$HOST_IP'/!'d /opt/ossec/etc/client.keysrm -rf ossec.confwget http://192.168.244.3/ossec/ossec.confcd .../bin/ossec-control start

12. 查看端口

[root@ossec-client01 ~]# netstat -lanpu |grep ossecudp        0      0 192.168.244.4:60090       192.168.244.3:1514        ESTABLISHED 4827/ossec-agentd[root@ossec-server ~]# /var/ossec/bin/agent_control -lcOSSEC HIDS agent_control. List of available agents:   ID: 000, Name: ossec-server (server), IP: 127.0.0.1, Active/Local   ID: 001, Name: agent01, IP: 192.168.244.4, Active

以上是"CentOS 7中ossec如何批量安装部署客户端"这篇文章的所有内容，感谢各位的阅读！相信大家都有了一定的了解，希望分享的内容对大家有所帮助，如果还想学习更多知识，欢迎关注行业资讯频道！