AlienVault OSSIM Agent install how-to
travisdh1 last edited by travisdh1
I've added some Debian machines that needed the OSSIM agent tools installed. The process is just a little different than the documents state, so I thought I should add it here.
In your OOSIM interface, go to ENVIRONMENT -> DETECTION -> AGENTS and click ADD AGENT
After the agent is added, click on the key icon for the agent you just added, and copy the line of random junk that it gives you.
Now on the client machine. Install the prerequisites.
sudo apt-get install inotify-tools build-essential
Download, unzip, and install the OSSIM source.
wget https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz tar xf ossec-hids-2.8.3.tar.gz cd ossec-hids-2.8.3 sudo ./install.sh
The installer will ask you for some things none of the guides I use were up to date with. For this, we just want the client, and it will ask for the server IP or FQDN. Besides that, accept the defaults and let it run.
The client now needs the agent key entered, and the service restarted.
sudo /var/ossec/bin/manage_agents I
Paste the key we copied from the server.
y Enter Q /etc/init.d/ossec restart
Finally, we need to restart the HIDS service on the server. This should be in HIDS CONTROL in the same screen we were in before.
travisdh1 last edited by
Just confirmed this works on Ubuntu as well. I imagine that means Mint would also work, but have not confirmed Mint yet, and probably will not as the only installs of that I have are workstations that don't require quite the same level of monitoring.