Need to hardcode an IP address

I just used the network config GUI

Install vmware tools

Do the stuffs here http://www.shellhacks.com/en/HowTo-Install-VMware-Tools-on-CentOS-RHEL

Installed this for grins so I can right click and check the checksums

http://code.kliu.org/hashcheck/

Ok, install the windows HIDS agent

Use putty to connect to the OSSEC vm, log in, and then execute /var/ossec/bin/manage_agents

Enter E to extract the agent key

–except it only let me in once… and now I think its denying me access 🙂

To fix (from http://www.ossec.net/?p=685)

OK I figured out what is going on. We ship the OSSEC virtual appliance with no default SSH keys in /etc/sshd/. When you attempt to login via SSH for the first time after booting the appliance, OSSEC rule 40101 will kick in which causes iptables to address the IP address from you are logging in, which is what you observed. The quick cure for this to do the following:

1. sudo iptables –flush
2. service iptables stop

After doing this you’ll be able to login again, because by this time default SSH keys have been created and iptables will remain disabled.

Ok, so back to running /var/ossec/bin/manage_agents

Press A to add agent, put in computer name and IP

Press E to extract a megga key

copy that into the windows agent

Q to quit, don’t forget to RESTART OSSEC

/var/ossec/bin/ossec-control restart

Save (windows agent)

Start agent.

Check logs, you are looking for Connected to the server

I’m reading more here about what to do next

Click to access SFL-ED01-OSSec-the-quick-and-dirty-way-140326-01.pdf

hmm I also was getting a bunch of logon logoff events so I followed this here

https://www.alienvault.com/forums/discussion/1058/ossec-collecting-too-many-windows-logon-events