The Atomic OSSEC agent software for Solaris supports Solaris 10 and 11.
Additional Features from the awp-agent package include clamav management, and the ability to manage the agent from the AO Hub server. - Support for updating Solaris AV signatures from the Atomic OSSEC hub (/var/ossec/modules/clamav/freshclam) - Supports CSWclamav 0.100 - Integrates with the Atomic OSSEC scheduler
- *NOTE* This repo is not enabled by default. Please follow these steps to enable:
1. vim into /var/awp/etc/awp-mirror.conf and add a '1' beside the Solaris entry:
DISABLED=no
AIX=0
AMZN=1
DEBIAN=1
EL5=0
EL6=0
EL7=1
EL8=1
EL9=1
SUSE=0
OSX=0
SOLARIS=1
UBUNTU=1
WINDOWS=1
DEBUG=0
BETA=0
2. Save the file and then run the following command
etc/cron.daily/awp-mirror-update
Requirements for installation
-
root or sudo access
-
bash
-
wget
-
(Optional) Clamav support requires the clamav package to be installed on the system from the openCSW repository
Step 1: Log into the Solaris system and download the OSSEC agent package from your Atomic OSSEC HUB
*note* The agent name listed is a sample. Please use the most recent update from your HUB
wget https://<IP.ADDRESS.HUB>/channels/awp-hub-repo/solaris/11/sparc/ossec-hids-agent-4.6.0-8.sol11.art.sparc
Step 2: Install the agent software
pkgadd -d ossec-hids-agent-4.6.0-1.sol11.art.sparc
Step 3: Configure the agent
vim into /var/ossec/etc/ossec.conf and modify the server section to reflect the IP or the FQDN of your HUB server as exampled below
<server>
<address>192.178.0.10</address>
<port>1514</port>
<protocol>udp</protocol>
</server>
Step 4: Authorize the agent
Run the following command substituting your HUB for <server_address>
/var/ossec/bin/authd -m <server_address>
Step 5: Start the agent process
/var/ossec/bin/ossec-control start
Your agent should now be communicating with your HUB. You can test the connection status by either logging into your Atomic OSSEC UI or running the following on the HUB cli
/var/ossec/bin/agent_control -l
If you would like to configure your Solaris agent with ClamAV and the Atomic scheduler, please see the link HERE