In previous post I was talking about Ossim and Netflow integration. In the next posts I am going to explain how to configure OSSEC module with different services.
The first “integration” that I am going to describe is how to protect Asterisk with this applications.
Add Asterisk to Ossec Server
choose the option “add an agent” and enter the client IP and ID and quit (Q).
Install ossec agent in Asterisk Server
– Download and extract ossec agent
tar -zxvf ossec-hids-2.4.1.tar.gz
– Install it.
Choose agent option and type ossec server IP.
Other questions by default.
– Configure the agent
Select option “I” to import agent key of the Ossec Server. To obtain this key you need to execute in Ossec Server the command “./manage_agent” and select option “E”. When you have the key you only have to copy this key in the agent client.
After this you have to restart Ossec Server and Ossec agent service:
To verify that agent is working correctly execute this command in Ossec Server:
In Part.2 I’will explain how to configure the ossec asterisk module.