Deploy AlienVault HIDS Agents to Linux Hosts
Important: For Linux hosts, depending on which distribution of Linux you use, AT&T Cybersecurity recommends that you download the corresponding ossec-hids-agent installer file from the OSSEC's Downloads page directly, and then follow their instructions to complete the installation.
After you have successfully installed the HIDS agent on the Linux host, perform the steps below to connect it to USM Appliance.
To add the HIDS agent to USM Appliance
- Go to Environment > Detection.
- Go to HIDS > Agents > Agent Control > Add Agent.
On New HIDS Agent, select the host from the asset tree.
USM Appliance populates Agent Name with the host name, and IP/CIDR with the host IP address automatically.
Click Save.
USM Appliance adds the new agent to the list.
To extract the key for the agent, click the
button in the Actions column, and then copy the key that displays.
Login to the Linux host, run /var/ossec/bin/manage_agents, and then enter I to import the key you copied in the previous step.
Note: On some installations, Centos, for example, the command may be manage_client instead of manage_agents.
- Edit /var/ossec/etc/ossec-agent.conf to change the server IP address to the USM Appliance.
Start the HIDS agent if it is not already running:
service ossec startchkconfig ossec-hids on
- On the USM Appliance, go to Environment > Detection, click HIDS Control, and then Restart.
Related Articles
AlienVault Agent Installation on Windows Hosts
To install the AlienVault Agent on Microsoft Windows, you must run a script that you access from your USM Anywhere environment. When you run the installation script on the Windows host system, the script downloads an .msi file directly from USM ...Preventing unauthorized uninstallation or modification of agents
You can protect Agent for Windows against unauthorized uninstallation or modification, by enabling the Password protection setting in a protection plan. This setting is available only when the Self-protection setting is enabled. To enable Password ...Install Elastic Agent in Linux Server
Step 1: login to the ELK Dashboard Step 2: Go to the Fleet Option which is under Management option Step 3: After that click to Add Agent Steps 4: Select Type of Host in Example : "Linux Server" Step 5: Enroll in Fleet?(Leave as it is ) Step 6: ...MalwareBytes - Installing EDR Agent on Linux
Account Token is required Debian 8 (most frequently used) Install: sudo touch /etc/apt/sources.list.d/mblinux.list; echo 'deb [arch=amd64] https://repositories.mwbsys.com/dpkg jessie non-free' | sudo tee -a /etc/apt/sources.list.d/mblinux.list; wget ...Acronis - Linux agent snapapi issue trobuleshooting
Once the agent installed or if an error comes up on the dashboard related to Snapapi run the following commands to check if everything is in place: cat /proc/version make -v gcc -v dpkg --get-selections | grep linux-headers dpkg --get-selections | ...