驭龙HIDS安装及测试

Created at 2019-06-21 Updated at 2019-08-14 Category 搭建服务 Tag 驭龙HIDS安装及测试

驭龙HIDS安装及测试

https://github.com/ysrc/yulong-hids/blob/master/docs/install.md
1.安装mongodb并启动
mkdir /var/lib/mongodb/ && mkdir /var/log/mongodb && wget https://sec.ly.com/mirror/mongodb-linux-x86_64-3.6.3.tgz && tar -xvzf mongodb-linux-x86_64-3.6.3.tgz && mongodb-linux-x86_64-3.6.3/bin/mongod –dbpath /var/lib/mongodb/ –logpath /var/log/mongodb.log –fork –bind_ip 192.168.110.180
yum install -y mongodb-org(安装不成功)
vim /etc/yum.repos.d/mongodb-org-4.0.repo
添加下面内容,再执行yum
[mongodb-org-4.0]
name = MongoDB Repository
baseurl = https://repo.mongodb.org/yum/redhat/7/mongodb-org/4.0/x86_64/
gpgcheck = 1
enabled = 1
gpgkey = https://www.mongodb.org/static/pgp/server-4.0.asc

mk6I4P.png
可以看到启动成功了!
2.安装Elasticsearch
下载jre依赖
wget https://sec.ly.com/mirror/jre-8u161-linux-x64.rpm && yum -y localinstall jre-8u161-linux-x64.rpm
下载解压Elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.8.tar.gz && tar -zxvf elasticsearch-5.6.8.tar.gz -C /data/server
lasticsearch 不建议以 root 权限运行,新建一个非 root 权限用户,-p 后跟自行设定的密码
groupadd elasticsearch && useradd elasticsearch -g elasticsearch -p 123
修改文件夹及内部文件的所属用户及组为 elasticsearch:elasticsearch
chown -R elasticsearch:elasticsearch /data/server/elasticsearch
编辑 config/elasticsearch.yml 添加以下内容
bootstrap.system_call_filter: false
下面的#号去掉,添加自己IP
mk6bjg.png

mkcCgU.png

mkcFu4.png
启动
su - elasticsearch -c ‘/data/server/elasticsearch/bin/elasticsearch -d’
curl请求下确认ES启动成功
curl -XGET -s “http://192.168.110.190:9200/_cluster/health?pretty"
3.安装golang
https://github.com/ysrc/yulong-hids/blob/master/docs/build.md
下载并解压
wget https://dl.google.com/go/go1.10.linux-amd64.tar.gz && tar -zxvf go1.10.linux-amd64.tar.gz -C /usr/local/
sudo vi /etc/profile
并添加下面的内容
export GOROOT=/usr/local/go
export GOBIN=$GOROOT/bin
export PATH=$PATH:$GOBIN
export GOPATH=$HOME/gopath
重新加载 profile 文件,source /etc/profile
cd /usr/local/go/src
git clone https://github.com/ysrc/yulong-hids/
编译agent
go build -o yulong-hids/bin/linux-64/agent –ldflags=”-w -s” yulong-hids/agent/agent.go

编译daemon
go build -o yulong-hids/bin/linux-64/daemon –ldflags=”-w -s” yulong-hids/daemon/daemon.go
4.web配置
修改 web 的配置,改名为 app.conf
mv yulong-hids/web/conf/app-config-sample.conf yulong-hids/web/conf/app.conf
vi yulong-hids/web/conf/app.conf
管理密码 passwordhex 是密码的32位MD5值,生成一个自己的密码替换掉,然后修改以下内容。
mkcnC6.png

mkc65q.png

mkc4r4.png
启动web
cd yulong-hids/web/
./web
mkcjMD.png
启动成功后,访问80、443端口,登录


1.初始化数据库
mkgiJP.png
2.https://github.com/ysrc/yulong-hids/blob/master/docs/guide.md
复制内容
mkgnds.png

3.https://github.com/ysrc/yulong-hids/releases/tag/v0.4.3
下载yulong-hids-release-2018-04-02.zip包,导入进去
mkgNw9.png

4.直接生成
mkg2TA.png

进入如下页面
mkROzV.png

mkRvsU.png

Table of Content

  1. 驭龙HIDS安装及测试
Site by csy using Hexo & Random

Hide