Asterisk & Ossec Part.I

In previous post I was talking about Ossim and Netflow integration. In the next posts I am going to explain how to configure OSSEC module with different services.

The first “integration” that I am going to describe is how to protect Asterisk with this applications.

Add Asterisk to Ossec Server

cd /var/ossec/bin
./manage_agents
choose the option “add an agent” and enter the client IP and ID and quit (Q).
./ossec-control stop
./ossec-control start

Install ossec agent in Asterisk Server

– Download and extract ossec agent
/usr/src/wget http://www.ossec.net/files/ossec-hids-2.4.1.tar.gz
tar -zxvf ossec-hids-2.4.1.tar.gz

– Install it.
cd ossec-hids-1.6
./install.sh
Choose agent option and type ossec server IP.
Other questions by default.

– Configure the agent
cd /var/ossec/bin/
./manage_agent
Select option “I” to import agent key of the Ossec Server. To obtain this key you need to execute in Ossec Server the command “./manage_agent” and select option “E”. When you have the key you only have to copy this key in the agent client.

After this you have to restart Ossec Server and Ossec agent service:
/var/ossec/bin/ossec-control stop
/var/ossec/bin/ossec-control start

To verify that agent is working correctly execute this command in Ossec Server:
/var/ossec/bin/agent_control -l

In Part.2 I’will explain how to configure the ossec asterisk module.


One response to “Asterisk & Ossec Part.I

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: