Shall wiTango? RSSフィード

2005-04-30osiris-4.1.8をTigerへインストール

[]最新版osiris-4.1.8をTigerインストールする

 Tigerインストールしたので最新版osirisで某噂の検証をしてみる。osirisのHPhttp://osiris.shmoo.com/)から最新版の4.1.8をダウンロードする。なんか、S/MIMEモジュールとかいろいろ機能拡張されているなぁ。とりあえず今回は本体のみダウンロードTigerにはあらかじめXcodeインストールしておく必要がある。

最新版ではWindows2003Serverなどの対応が追加されている他filterの編集方法などが変更されている(後述)ので注意が必要である。

注)4月30日現在下記設定をしてもいくつか不具合がみられるので注意。

  • Filterの設定が適切に反映されていないようにみえる
  • osirisを再起動すると管理対象ホストの設定の一部が無効になる

しかたないで3.0.4をインストールしてみたのだが、こちらはちゃんと動作しているようだ。なんだかなぁ。とりえあず検証用途には3.0.4をオススメ。(誰に?)

[]configure

ダウンロードしたファイルを展開する。

$ tar zxvf ./osiris-4.1.8.tar.gz 
$ ls ./osiris-4.1.8
AUTHORS         INSTALL         Makefile.in     TODO            bootstrap       config.sub      depcomp         mkinstalldirs
COPYING         LICENSE         NEWS            acinclude.m4    config.guess    configure       install-sh      src
ChangeLog       Makefile.am     README          aclocal.m4      config.h.in     configure.ac    missing

まずはconfigureオプションの調査だが、最新版ももちろんOSX標準対応なのでオプションは特に不要。

$ ./configure
(中略)
Osiris (c) 2000-2005 The Shmoo Group (TSG)
 -----------------------------------------------------

 ==> Configuration Complete. 
 ==> Osiris has been configured with the following options:

                  Host: powerpc-apple-darwin8.0.0
              Compiler: gcc
        Compiler flags: -Wall -g -O2
    Preprocessor flags: 
          Linker flags: 
             Libraries: -lpthread  -lssl -lcrypto -lresolv
   Privlege Separation: yes
          SSL Location: (system)
 Osiris Root Directory: /usr/local/osiris
           Osiris user: osiris
   Osiris MD Directory: /usr/local/osiris
        Osiris MD user: osiris
  Osiris MD config dir: /usr/local/osiris

======================================
 Found Scan Agent Modules:

    ==> mod_groups
    ==> mod_kmods
    ==> mod_ports
    ==> mod_users
======================================

 ==> use one of the following targets:

           all:   make everything, agent, CLI and management console.
         agent:   create scan agent installer package.
       console:   create management console installer package.
       install:   run installation script.
         clean:   remove object files.

これでconfigure完了。

[]osirisクライアント/コンソールを個別にmake

 osirisではマネージメントコンソールとスキャンクライントが連携して動作する仕様で、管理用のマシンにはマネージメントコンソール、管理対象にはスキャンクライアントと別々にインストールして設置することが可能である。多数の管理対象がある場合にはコンソール/クライアントを個別にmakeしてインストールパッケージを作っておくことができる。

$ make console
(中略)
 -------------------------------------------------------------------------
building release tarball: src/install/osiris-console-4.1.8-release-powerpc-Darwin-8.0.0.tar
installer package contents:
total 3744
 -rw-r--r--    1 username  username    5130 Apr 30 12:11 LICENSE
drwxr-xr-x   17 username  username     578 Apr 30 12:11 configs
drwxr-xr-x    5 username  username     170 Apr 30 12:11 darwin
 -rwxr-xr--    1 username  username   31187 Apr 30 12:11 install.sh
 -rwxr-xr-x    1 username  username  863568 Apr 30 12:11 osiris
 -rwxr-xr-x    1 username  username  125152 Apr 30 12:11 osirisd
 -rwxr-xr-x    1 username  username  877192 Apr 30 12:11 osirismd
 -rw-r--r--    1 username  username      80 Apr 30 12:11 version.h
 -------------------------------------------------------------------------
installer package created.

これでsrc/install/以下にコンソール用パッケージosiris-console-4.1.8-release-powerpc-Darwin-8.0.0.tar.gzが作成される。make cleanしてから続いてクライアントパッケージを作成する。

$ make agent
(中略)
 -------------------------------------------------------------------------
building release tarball: src/install/osiris-agent-4.1.8-release-powerpc-Darwin-8.0.0.tar
installer package contents:
total 336
 -rw-r--r--   1 username  username    5130 Apr 30 12:13 LICENSE
drwxr-xr-x   5 username  username     170 Apr 30 12:13 darwin
 -rwxr-xr--   1 username  username   31187 Apr 30 12:13 install.sh
 -rwxr-xr-x   1 username  username  125152 Apr 30 12:13 osirisd
 -rw-r--r--   1 username  username      80 Apr 30 12:13 version.h
 -------------------------------------------------------------------------
installer package created.

これでsrc/install/以下にコンソール用パッケージosiris-agent-4.1.8-release-powerpc-Darwin-8.0.0.tar.gzが作成される。それぞれのパッケージは以下のコマンドでインストールできる。

$ tar zxvf ./osiris*
$ cd osiris*
$ sudo ./install.sh

[]osirisクライアント/コンソールを一緒にmake

 ほとんどの場合最初のインストールはこちらでいいと思う。クライアントとコンソールを一気にmakeしてインストールできる。

$ make all
(中略)
Build Successful!

To create management console install package: 'make console'
To create scan agent install package: 'make agent'

Documentation is also online at: http://osiris.shmoo.com

このメッセージが出たらインストール準備が完了。次のコマンドでインストールを行う。

$ sudo make install

[]osirisのインストール

 ここからは出力にコメントしていく。

$ sudo make install

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:  ←管理者パスワード
(中略)
Continue with installation? (y/n) [y]   ←インストール継続の確認
Osiris Scanning Daemon Version 
4.1.8-release

"4.1.8-release" for Darwin 8.0.0
Copyright (c) 2005 Brian Wotring. All Rights Reserved.


This installation was configured and built to run as osiris
     agent user name: osiris
management user name: osiris

This installation was configured and built to use osiris
     agent root directory: /usr/local/osiris
management root directory: /usr/local/osiris

The username and directory will be created during the
installation process if they do not already exist.

By installing this product you agree that you have read the
LICENSE file and will comply with its terms. 

 ---------------------------------------------------------------------

==> creating user and group (osiris, osiris).
==> creating Osiris user and group with uid/gid 502.
==> group 'osiris' added.
==> user 'osiris' added.
==> using existing Osiris management console user.
Install osiris agent? (y/n) [y]   ←クライアントインストール確認
Install management console? (y/n) [y]   ←コンソールのインストール確認
Install CLI? (y/n) [y]    ←コマンドラインインストール確認
Installation directory for binaries: [/usr/local/sbin]  ←インストール先確認
Installation directory doesn't exist, creating.
==> installed osiris CLI: /usr/local/sbin/osiris
Osiris scan agent root directory doesn't exist, creating.
==> installed scan agent: /usr/local/sbin/osirisd
==> installed management console /usr/local/sbin/osirismd
==> installed default scan configs.
==> updated: /etc/hostconfig --> OSIRISSERVER=-YES-
==> installing StartupItem for the Osiris Scan Agent.
==> installed /System/Library/StartupItems/Osiris/Osiris
==> change owner and  permissions on /usr/local/sbin/osiris
 -rwxr-xr-x   1 root  wheel  1412536 Apr 30 12:26 /usr/local/sbin/osiris
==> change owner and permissions on /usr/local/sbin/osirisd
 -rwxr-xr-x   1 root  wheel  483060 Apr 30 12:26 /usr/local/sbin/osirisd
==> change owner permissions on /usr/local/sbin/osirismd
 -rwsr-xr-x   1 osiris  osiris  1721788 Apr 30 12:26 /usr/local/sbin/osirismd

==================================================================
Osiris has been installed, but is not currently running.  Startup 
scripts have been installed so that the necessary services will 
be started on boot.

Start management console now? (y/n) [y]   ←コンソール起動確認
osirismd: missing configuration file,
  ==> created default in: /usr/local/osiris/osirismd.conf.
unable to load server certificate (/usr/local/osiris/certs/osirismd.crt)
  ==> creating one.
Generating RSA key, 2048 bit long modulus.
..................................................+++
..............................................................................+++
Start scan agent now? (y/n) [y]   ←クライアントの起動確認

Documentation is included with this source and available online at:
    http://osiris.shmoo.com/docs


(c) 2005 - Brian Wotring

これでインストールと起動が完了。続いて設定を行う。

[]CLIでの設定

 まずはCLIで管理者としてログインし設定を行う。

$ /usr/local/sbin/osiris
Osiris Shell Interface - version 4.1.8-release
unable to load root certificate for management host:
(/Users/username/.osiris/osiris_root.pem)
 >>> fetching root certificate from management host (127.0.0.1).

The authenticity of host '127.0.0.1' can't be established.

  [ server certificate ]

 subject = /C=US/CN=Osiris Management Console/OU=Osiris Host Integrity System
 issuer  = /C=US/CN=Osiris Management Console/OU=Osiris Host Integrity System

            key size: 2048 bit
      MD5 fingerprint: 30:87:07:74:08:7B:5D:83:52:FD:63:6F:6B:32:5F:7D

Verify the fingerprint specified above.
Are you sure you want to continue connecting (yes/no)? yes ←設定を続けるか確認
 >>> authenticating to (127.0.0.1)

User: admin ←管理者は「admin」でログインする
Password:  ←最初は設定されていないのでリターンキー

connected to management console, code version (4.1.8-release).
hello.

WARNING: your password is empty, use the 'passwd' command
to set your password.

osiris-4.1.8-release: passwd ←まずはadminのパスワードを設定
User: admin
Password:  ←管理用パスワードを入力 確認がないので注意
 >>> user: (admin) updated.

これで管理者でのログインは完了。以下のコマンドでヘルプが表示される。

osiris-4.1.8-release: ?    

[ Management Commands ]
    mhost              host             new-user         edit-filters 
    edit-mhost         edit-host        edit-user        print-filters
    print-mhost-config list-hosts       list-users                    
    test-notify        new-host         delete-user      test-filter

[ Host commands ]
    status              list-configs      start-scan    list-db        
    watch-host          new-config        stop-scan     baseline       
    disable-host        push-config       print-log     set-baseline   
    host-details        edit-config       list-logs     print-db       
    print-host-config   print-config                    print-db-errors
    rm-host             rm-config                       print-db-header
    init                drop-config                     rm-db          
    config              verify-config                   unset-baseline 

[ Misc commands ]
    help                version           quit              ssl

  For help with a specific command, try: help <command>

[]管理用ホストを設定する

osiris-4.1.8-release: edit-mhost

[ edit management host (127.0.0.1) ]

  > syslog facility [DAEMON]: 
  > control port [2266]: 
  > http control port [0]: 10080
  > notify email (default for hosts) []: username@yourdomain.com
  > notification smtp host [127.0.0.1]: smtp.yourdomain.com
  > notification smtp port [25]: 

  > authorized hosts:

   127.0.0.1

  Modify authorization list (y/n)? [n] 

[ management config (127.0.0.1) ]

syslog_facility = DAEMON
control_port = 2266
http_port = 10080
http_host = 
notify_email = username@yourdomain.com
notify_app = 
notify_smtp_host = smtp.yourdomain.com
notify_smtp_port = 25
hosts_directory = 
allow = 127.0.0.1


Is this correct (y/n)? y
 >>> management host configuration has been saved.

[]管理対象ホストの追加

 まずは自ホストを管理対象に加えておく。

osiris-4.1.8-release: new-host

[ new host ]

  > name this host []:  myhost
  > hostname/IP address []: 127.0.0.1
  > description []: iMacG4
  > agent port [2265]: 
  > enable log files for this host? (yes/no) [no]:    

Scan Databases:

    => keep archives of scan databases?  Enabling this option means that the
       database generated with each scan is saved, even if there are no changes
       detected.  Because of disk space, this option is not recommended
       unless your security policy requires it. (yes/no) [no]: 
 ↑スキャンDBアーカイブしておくオプション

    => auto-accept changes?  Enabling this option means that detected
       changes are reported only once, and the baseline database is
       automatically set when changes are detected. (yes/no) [yes]: 
 ↑変更を自動承認する設定 これをnoにすると承認するまで変更通知メールが何度も来る

    => purge database store?  Enabling this option means that none
       of the scan databases are saved.  That is, whenever the baseline 
       database is set, the previous one is deleted. (yes/no): [yes]: 
 ↑常に最新のスキャンDBだけで運用する設定

Notifications:

    => enable email notification for this host? (yes/no) [no]: yes
    => send notification on scheduled scans failures? (yes/no) [no]: yes
    => send scan notification, even when no changes detected  (yes/no) [no]: 
    => send notification when agent has lost session key  (yes/no) [no]: yes
    => notification email (default uses mhost address) []: 

Scheduling:

  > configure scan scheduling information? (yes/no) [no]: yes

    [ scheduling information for myhost ]

    Scheduling information consists of a start time and a frequency value.
    The frequency is a specified number of minutes between each scan, starting
    from the start time.  The default is the current time.  Specify the start
    time in the following format: mm/dd/yyyy HH:MM

    enter the start date and time 
    using 'mm/dd/yyyy HH:MM' format: [Sat Apr 30 13:07:15 2005] 
    enter scan frequency in minutes: [1440] 720

  > enable this host? (yes/no) [yes]: 

host                  => myhost
hostname/IP address   => 127.0.0.1
description           => iMacG4
agent port            => 2265
host type             => generic
log enabled           => no
archive scans         => no
auto accept           => yes
purge databases       => yes
notifications enabled => yes
notifications always  => no
notify on rekey       => yes
notify on scan fail   => yes
notify email          => (management config)
scans starting on     => Sat Apr 30 13:07:15 2005
scan frequency        => every 720 minutes
enabled               => yes

Is this correct (y/n)? y
 >>> new host (myhost) has been created.
Initialize this host? (yes/no): yes

Initializing a host will push over a configuration, start
a scan, and set the created database to be the
trusted database.

Are you sure you want to initialize this host (yes/no): yes

OS Name: Darwin
OS Version: 8.0.0

use the default configuration for this OS? (yes/no): yes
 >>> configuration (default.darwin) has been pushed.
 >>> scanning process was started on host: myhost

[]管理対象ホストの設定変更

osiris-4.1.8-release: host myhost
myhost is alive.
osiris-4.1.8-release[myhost]: edit-config ←ここでviでの設定変更モードになる
 >>> configuration file has changed, updating...
 >>> configuration: (default.darwin) has been updated.
osiris-4.1.8-release[myhost]: push-config  ←ここで設定変更をホストに反映する
 >>> the configuration: (default.darwin) has been pushed to host:  myhost
osiris-4.1.8-release[myhost]: print-config ←設定内容を表示

 config name:  default.darwin
          ID:  946090b8
      status:  valid
      errors:  0
    warnings:  0
       lines:  57

 -------- begin config file --------

# Default Configuration for Mac OS X.
Recursive   no
FollowLinks no
IncludeAll
Hash md5
<System>
Include mod_users
Include mod_groups
Include mod_kmods
</System>
<Directory />
Recursive no
Include file( "mach_kernel" )
</Directory>
<Directory /private/var/root>
Recursive yes
Include executable
</Directory>
<Directory /bin>
IncludeAll
</Directory>
<Directory /usr/bin>
IncludeAll
</Directory>
<Directory /usr/local/bin>
IncludeAll
</Directory>
<Directory /usr/local/sbin>
IncludeAll
</Directory>
<Directory /sbin>
IncludeAll
</Directory>
<Directory /usr/sbin>
IncludeAll
</Directory>
<Directory /etc>  ←ここから追加分
Recursive yes
IncludeAll
</Directory>
<Directory /Applications>
Recursive yes
IncludeAll
</Directory>
<Directory /Users/username>
Recursive yes
IncludeAll
</Directory>  ←ここまで
# EOF

 --------  end config file  --------

[]Filter設定の追加

osiris-4.1.8-release: edit-filters  ←ここからviで設定を編集(ウィザードは廃止された)
 >>> comparison filters have been saved.
osiris-4.1.8-release: print-filters  ←設定を表示
Exclude anything matching the following regular expressions:

host=*;path=*;exclude: device ctime ;  ←Filterの書式は3.xから変更なし
host=*;path=/etc;include only: perm uid gid new missing ;
host=*;path=/Applications;include only: perm uid gid new missing ;
host=*;path=/Users/username;include only: perm uid gid new missing ;

4 comparison filters.

JamAddibiaJamAddibia2017/05/07 09:45Propecia Pildora Order Doxycycline Online Will Amoxicillin Treat Bv <a href=http://byuvaigranonile.com>viagra</a> Isotretinoin On Line Acquistare Viagra Yahoo Propecia Without A Prescription

KennbadopsKennbadops2017/06/18 05:30Amoxil By Vbulletin <a href=http://mail-order-viagra.via100mg.com>Mail Order Viagra</a> Cialis Au Maroc

トラックバック - http://pcmgxxx.g.hatena.ne.jp/ishizu/20050430