Thursday, April 10, 2008

setup osiris for Windows

  • purpose: for recording down system user/group changes and Windows directory and any other directories changes.
  • how it works: osiris on Windows is agent, the management tool and daemon are residing on Linux server. You need to configure it on Linux sever after installing software on Windows. Then it will generate a base database for comparing every 24 hours by default, then send out email alert for any changes
  • install it on Windows
if you are installing it through terminal service, it will install to wrong place.
1. after installing , copy c:\document and settings\sysmgr\windows\osiris directory to c:\win2k03
2. copy c:\documents and setting\sysmgr\windows\osiris to c:\win2k03\system32
3. startup osiris service again

note: if you encounter error saying "error writing to file osimessage.dll", u can rename c:\windows\system32\osimessage.dll first
  • osiris on Linux
1. ./configure;make;make install
2. enable tcp port 2265 and 2266 for iptables host firewall
3. enable in-between firewall ports too for above 2 ports
4. on server, configure management console
# osiris
# login as username and password
# add-host
all the way to default, except for email alert part choose (y,y,n,y)

copy configuration file to the windows server name to be monitored
start-scan servername
list-db servername

No comments: