HIDS Agent
Posted FikL-09-19
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了HIDS Agent相关的知识,希望对你有一定的参考价值。
HIDS Agent
1、jirax需求
# ip
172.22.1.177
172.22.1.178
172.22.1.179
172.22.1.180
172.22.1.181
172.22.1.182
172.24.7.254
172.24.48.1
172.24.51.254
172.31.5.16
172.22.97.157
172.22.97.191
2、check_ip
检查ip是否可以ping通,ssh是否连接上
# 1、执行 jenkins job
http://172.25.139.127:8080/job/check_alive/1628/console
# 2、查看输出结果
unreachable可以忽略,只看alive成功的ip
3、安装titan
# 1、查看机器是否可以连接
[root@172.25.139.127 KSSHHVI00127 /mm/titan] # ip
$cat a.ip
172.22.1.178
172.22.1.179
172.22.1.180
172.22.1.182
172.31.58.41
172.31.58.29
ansible all -i /mm/titan/a.ip -m ping
172.31.58.29 | SUCCESS =>
"changed": false,
"ping": "pong"
172.22.1.178 | UNREACHABLE! =>
"changed": false,
"msg": "Data could not be sent to remote host \\"172.22.1.178\\". Make sure this host can be reached over ssh: ssh: connect to host 172.22.1.178 port 22: Connection timed out\\r\\n",
"unreachable": true
# 2、过滤成功的ip
$ansible all -i /mm/titan/a.ip -m ping |grep SUCCESS
172.31.58.29 | SUCCESS =>
# 3、查看是否安装titan
# 方式一
$ansible all -i 172.31.58.29,172.31.58.41 -m shell -a 'ps -ef |grep [t]itan' #多台可以执行ansible剧本
172.31.58.29 | CHANGED | rc=0 >>
root 23801 1 2 Dec29 ? 00:26:19 ./titanagent -d
172.31.58.41 | CHANGED | rc=0 >>
root 346006 1 2 Dec29 ? 00:27:06 ./titanagent -d
# 方式二
[root@172.25.139.127 KSSHHVI00127 /mm/titan]
$ssh 172.31.58.29 # ssh连接成功,查看进程
Warning: Permanently added '172.31.58.29' (ECDSA) to the list of known hosts.
Last login: Wed Dec 29 16:27:20 2021 from 172.25.139.127
[root@sgh1pmpp22 ~]# ps -ef |grep titan
root 23801 1 2 Dec29 ? 00:26:18 ./titanagent -d
root 23817 23801 0 Dec29 ? 00:02:02 titan_monitor -p 23801 -l 50 -c 150 -g 0
root 257549 257292 0 11:40 pts/6 00:00:00 grep --color=auto titan
# 4、安装titan
ansible all -i /mm/titan/a.ip -m script -a '/mm/titan/linux_titan.sh' # 执行ansible剧本一键安装
# 5、check titan是否安装
$ansible all -i 172.31.58.29,172.31.58.41 -m shell -a 'ps -ef |grep [t]itan'
172.31.58.29 | CHANGED | rc=0 >>
root 23801 1 2 Dec29 ? 00:26:19 ./titanagent -d
root 23817 23801 0 Dec29 ? 00:02:02 titan_monitor -p 23801 -l 50 -c 150 -g 0
172.31.58.41 | CHANGED | rc=0 >>
root 346006 1 2 Dec29 ? 00:27:06 ./titanagent -d
root 346008 346006 0 Dec29 ? 00:02:09 titan_monitor -p 346006 -l 50 -c 150 -g 0
4、配置文件详解
# 脚本详情 check_ip
#!/bin/bash
#source /etc/profile
#Dwu -s ks
#Dwu -s qc
#Dwu -s dr
#Dwu -s old
echo "$ip_list" > /tmp/jenkins_ping.txt
ip_list=$(fping -f /tmp/jenkins_ping.txt)
echo "$ip_list" | while read ip
do
echo $ip | grep alive > /dev/null
if [ 0 -eq $? ] ; then
echo -e "\\033[32m $ip\\033[0m"
else
echo -e "\\033[31m $ip\\033[0m"
fi
done
5、titan安装配置文件
# linux安装titan
[root@172.25.139.127 KSSHHVI00127 /mm/titan] linux_titan.sh
#!/bin/bash
mkdir -p /titan/agent/
rm -rf /titan/agent/custom.conf
echo ""hardid=`cat /proc/sys/kernel/random/uuid`"" > /titan/agent/custom.conf
curl -k -s -L 'https://172.20.207.12/agent/download?k=378bbf9a234d0414a5fd521d32294710af5e90c8&group=1&protocol=0' | bash
sleep 10s
flag_success=`grep 'basic_data_worker' /var/log/titanagent/sys.log |wc -l`
if [[ $flag_success -gt 0 ]];then
flag=1
fi
# window 安装titan
[root@172.25.139.127 KSSHHVI00127 /mm/titan] window_titan.sh
$URL='http://172.20.207.12:8002/plugins/v3.400.10-win64/TitanAgent_for_All_x86_64.exe'; $FILE=$env:temp + '\\TitanAgent_for_All.exe'; ((New-Object System.Net.WebClient).DownloadFile($URL, $FILE)); $PARAM = " --silent=yes --cover-conf=yes --cover-app=yes --install-path='C:\\Program Files\\TitanAgent' --url='https://172.20.207.12/agent/winDownloader?k=378bbf9a234d0414a5fd521d32294710af5e90c8&group=2&protocol=0'"; $ps_obj= New-Object System.Diagnostics.Process; $ps_obj.StartInfo.Arguments = $PARAM; $ps_obj.StartInfo.FileName = $FILE; $ps_obj.Start(); $ps_obj.WaitForExit();
以上是关于HIDS Agent的主要内容,如果未能解决你的问题,请参考以下文章
Centos 6.4 ossec部署超过1000台agent遇到的坑