osiris-4.1.8をTigerへインストール■ [osiris]最新版osiris-4.1.8をTigerへインストールする
 Tigerをインストールしたので最新版osirisで某噂の検証をしてみる。osirisのHP(http://osiris.shmoo.com/)から最新版の4.1.8をダウンロードする。なんか、S/MIMEモジュールとかいろいろ機能拡張されているなぁ。とりあえず今回は本体のみダウンロード。TigerにはあらかじめXcodeをインストールしておく必要がある。

最新版ではWindows2003Serverなどの対応が追加されている他filterの編集方法などが変更されている(後述)ので注意が必要である。

注)4月30日現在下記設定をしてもいくつか不具合がみられるので注意。

Filterの設定が適切に反映されていないようにみえる
osirisを再起動すると管理対象ホストの設定の一部が無効になる
しかたないで3.0.4をインストールしてみたのだが、こちらはちゃんと動作しているようだ。なんだかなぁ。とりえあず検証用途には3.0.4をオススメ。(誰に?)

■ [osiris]configure
ダウンロードしたファイルを展開する。

  1. $ tar zxvf ./osiris-4.1.8.tar.gz
  2. $ ls ./osiris-4.1.8
  3. AUTHORS         INSTALL         Makefile.in     TODO            bootstrap       config.sub      depcomp         mkinstalldirs
  4. COPYING         LICENSE         NEWS            acinclude.m4    config.guess    configure       install-sh      src
  5. ChangeLog       Makefile.am     README          aclocal.m4      config.h.in     configure.ac    missing

まずはconfigureオプションの調査だが、最新版ももちろんOSX標準対応なのでオプションは特に不要。

  1. $ ./configure
  2. (中略)
  3. Osiris (c) 2000-2005 The Shmoo Group (TSG)
  4.  -----------------------------------------------------
  5.  
  6.  ==> Configuration Complete.
  7.  ==> Osiris has been configured with the following options:
  8.  
  9.                   Host: powerpc-apple-darwin8.0.0
  10.               Compiler: gcc
  11.         Compiler flags: -Wall -g -O2
  12.     Preprocessor flags:
  13.           Linker flags:
  14.              Libraries: -lpthread  -lssl -lcrypto -lresolv
  15.    Privlege Separation: yes
  16.           SSL Location: (system)
  17.  Osiris Root Directory: /usr/local/osiris
  18.            Osiris user: osiris
  19.    Osiris MD Directory: /usr/local/osiris
  20.         Osiris MD user: osiris
  21.   Osiris MD config dir: /usr/local/osiris
  22.  
  23. ======================================
  24.  Found Scan Agent Modules:
  25.  
  26.     ==> mod_groups
  27.     ==> mod_kmods
  28.     ==> mod_ports
  29.     ==> mod_users
  30. ======================================
  31.  
  32.  ==> use one of the following targets:
  33.  
  34.            all:   make everything, agent, CLI and management console.
  35.          agent:   create scan agent installer package.
  36.        console:   create management console installer package.
  37.        install:   run installation script.
  38.          clean:   remove object files.

これでconfigure完了。

■ [osiris]osirisクライアント/コンソールを個別にmake
 osirisではマネージメントコンソールとスキャンクライントが連携して動作する仕様で、管理用のマシンにはマネージメントコンソール、管理対象にはスキャンクライアントと別々にインストールして設置することが可能である。多数の管理対象がある場合にはコンソール/クライアントを個別にmakeしてインストールパッケージを作っておくことができる。

  1. $ make console
  2. (中略)
  3.  -------------------------------------------------------------------------
  4. building release tarball: src/install/osiris-console-4.1.8-release-powerpc-Darwin-8.0.0.tar
  5. installer package contents:
  6. total 3744
  7.  -rw-r--r--    1 username  username    5130 Apr 30 12:11 LICENSE
  8. drwxr-xr-x   17 username  username     578 Apr 30 12:11 configs
  9. drwxr-xr-x    5 username  username     170 Apr 30 12:11 darwin
  10.  -rwxr-xr--    1 username  username   31187 Apr 30 12:11 install.sh
  11.  -rwxr-xr-x    1 username  username  863568 Apr 30 12:11 osiris
  12.  -rwxr-xr-x    1 username  username  125152 Apr 30 12:11 osirisd
  13.  -rwxr-xr-x    1 username  username  877192 Apr 30 12:11 osirismd
  14.  -rw-r--r--    1 username  username      80 Apr 30 12:11 version.h
  15.  -------------------------------------------------------------------------
  16. installer package created.

これでsrc/install/以下にコンソール用パッケージosiris-console-4.1.8-release-powerpc-Darwin-8.0.0.tar.gzが作成される。make cleanしてから続いてクライアント用パッケージを作成する。

  1. $ make agent
  2. (中略)
  3.  -------------------------------------------------------------------------
  4. building release tarball: src/install/osiris-agent-4.1.8-release-powerpc-Darwin-8.0.0.tar
  5. installer package contents:
  6. total 336
  7.  -rw-r--r--   1 username  username    5130 Apr 30 12:13 LICENSE
  8. drwxr-xr-x   5 username  username     170 Apr 30 12:13 darwin
  9.  -rwxr-xr--   1 username  username   31187 Apr 30 12:13 install.sh
  10.  -rwxr-xr-x   1 username  username  125152 Apr 30 12:13 osirisd
  11.  -rw-r--r--   1 username  username      80 Apr 30 12:13 version.h
  12.  -------------------------------------------------------------------------
  13. installer package created.

これでsrc/install/以下にコンソール用パッケージosiris-agent-4.1.8-release-powerpc-Darwin-8.0.0.tar.gzが作成される。それぞれのパッケージは以下のコマンドでインストールできる。

  1. $ tar zxvf ./osiris*
  2. $ cd osiris*
  3. $ sudo ./install.sh

■ [osiris]osirisクライアント/コンソールを一緒にmake
 ほとんどの場合最初のインストールはこちらでいいと思う。クライアントとコンソールを一気にmakeしてインストールできる。

  1. $ make all
  2. (中略)
  3. Build Successful!
  4.  
  5. To create management console install package: 'make console'
  6. To create scan agent install package: 'make agent'
  7.  
  8. Documentation is also online at: http://osiris.shmoo.com

このメッセージが出たらインストール準備が完了。次のコマンドでインストールを行う。

  1. $ sudo make install

■ [osiris]osirisのインストール
 ここからは出力にコメントしていく。

  1. $ sudo make install
  2.  
  3. We trust you have received the usual lecture from the local System
  4. Administrator. It usually boils down to these three things:
  5.  
  6.     #1) Respect the privacy of others.
  7.     #2) Think before you type.
  8.     #3) With great power comes great responsibility.
  9.  
  10. Password:  ←管理者パスワード
  11. (中略)
  12. Continue with installation? (y/n) [y]   ←インストール継続の確認
  13. Osiris Scanning Daemon Version
  14. 4.1.8-release
  15.  
  16. "4.1.8-release" for Darwin 8.0.0
  17. Copyright (c) 2005 Brian Wotring. All Rights Reserved.
  18.  
  19.  
  20. This installation was configured and built to run as osiris
  21.      agent user name: osiris
  22. management user name: osiris
  23.  
  24. This installation was configured and built to use osiris
  25.      agent root directory: /usr/local/osiris
  26. management root directory: /usr/local/osiris
  27.  
  28. The username and directory will be created during the
  29. installation process if they do not already exist.
  30.  
  31. By installing this product you agree that you have read the
  32. LICENSE file and will comply with its terms.
  33.  
  34.  ---------------------------------------------------------------------
  35.  
  36. ==> creating user and group (osiris, osiris).
  37. ==> creating Osiris user and group with uid/gid 502.
  38. ==> group 'osiris' added.
  39. ==> user 'osiris' added.
  40. ==> using existing Osiris management console user.
  41. Install osiris agent? (y/n) [y]   ←クライアントのインストール確認
  42. Install management console? (y/n) [y]   ←コンソールのインストール確認
  43. Install CLI? (y/n) [y]    ←コマンドラインのインストール確認
  44. Installation directory for binaries: [/usr/local/sbin]  ←インストール先確認
  45. Installation directory doesn't exist, creating.
  46. ==> installed osiris CLI: /usr/local/sbin/osiris
  47. Osiris scan agent root directory doesn't exist, creating.
  48. ==> installed scan agent: /usr/local/sbin/osirisd
  49. ==> installed management console /usr/local/sbin/osirismd
  50. ==> installed default scan configs.
  51. ==> updated: /etc/hostconfig --> OSIRISSERVER=-YES-
  52. ==> installing StartupItem for the Osiris Scan Agent.
  53. ==> installed /System/Library/StartupItems/Osiris/Osiris
  54. ==> change owner and  permissions on /usr/local/sbin/osiris
  55.  -rwxr-xr-x   1 root  wheel  1412536 Apr 30 12:26 /usr/local/sbin/osiris
  56. ==> change owner and permissions on /usr/local/sbin/osirisd
  57.  -rwxr-xr-x   1 root  wheel  483060 Apr 30 12:26 /usr/local/sbin/osirisd
  58. ==> change owner permissions on /usr/local/sbin/osirismd
  59.  -rwsr-xr-x   1 osiris  osiris  1721788 Apr 30 12:26 /usr/local/sbin/osirismd
  60.  
  61. ==================================================================
  62. Osiris has been installed, but is not currently running.  Startup
  63. scripts have been installed so that the necessary services will
  64. be started on boot.
  65.  
  66. Start management console now? (y/n) [y]   ←コンソール起動確認
  67. osirismd: missing configuration file,
  68.   ==> created default in: /usr/local/osiris/osirismd.conf.
  69. unable to load server certificate (/usr/local/osiris/certs/osirismd.crt)
  70.   ==> creating one.
  71. Generating RSA key, 2048 bit long modulus.
  72. ..................................................+++
  73. ..............................................................................+++
  74. Start scan agent now? (y/n) [y]   ←クライアントの起動確認
  75.  
  76. Documentation is included with this source and available online at:
  77.     http://osiris.shmoo.com/docs
  78.  
  79. (c) 2005 - Brian Wotring

これでインストールと起動が完了。続いて設定を行う。

■ [osiris]CLIでの設定
 まずはCLIで管理者としてログインし設定を行う。

  1. $ /usr/local/sbin/osiris
  2. Osiris Shell Interface - version 4.1.8-release
  3. unable to load root certificate for management host:
  4. (/Users/username/.osiris/osiris_root.pem)
  5.  >>> fetching root certificate from management host (127.0.0.1).
  6.  
  7. The authenticity of host '127.0.0.1' can't be established.
  8.  
  9.   [ server certificate ]
  10.  
  11.  subject = /C=US/CN=Osiris Management Console/OU=Osiris Host Integrity System
  12.  issuer  = /C=US/CN=Osiris Management Console/OU=Osiris Host Integrity System
  13.  
  14.             key size: 2048 bit
  15.       MD5 fingerprint: 30:87:07:74:08:7B:5D:83:52:FD:63:6F:6B:32:5F:7D
  16.  
  17. Verify the fingerprint specified above.
  18. Are you sure you want to continue connecting (yes/no)? yes ←設定を続けるか確認
  19.  >>> authenticating to (127.0.0.1)
  20.  
  21. User: admin ←管理者は「admin」でログインする
  22. Password:  ←最初は設定されていないのでリターンキー
  23.  
  24. connected to management console, code version (4.1.8-release).
  25. hello.
  26.  
  27. WARNING: your password is empty, use the 'passwd' command
  28. to set your password.
  29.  
  30. osiris-4.1.8-release: passwd ←まずはadminのパスワードを設定
  31. User: admin
  32. Password:  ←管理用パスワードを入力 確認がないので注意
  33.  >>> user: (admin) updated.

これで管理者でのログインは完了。以下のコマンドでヘルプが表示される。

  1. osiris-4.1.8-release: ?    
  2.  
  3. [ Management Commands ]
  4.     mhost              host             new-user         edit-filters
  5.     edit-mhost         edit-host        edit-user        print-filters
  6.     print-mhost-config list-hosts       list-users                    
  7.     test-notify        new-host         delete-user      test-filter
  8.  
  9. [ Host commands ]
  10.     status              list-configs      start-scan    list-db        
  11.     watch-host          new-config        stop-scan     baseline      
  12.     disable-host        push-config       print-log     set-baseline  
  13.     host-details        edit-config       list-logs     print-db      
  14.     print-host-config   print-config                    print-db-errors
  15.     rm-host             rm-config                       print-db-header
  16.     init                drop-config                     rm-db          
  17.     config              verify-config                   unset-baseline
  18.  
  19. [ Misc commands ]
  20.     help                version           quit              ssl
  21.  
  22.   For help with a specific command, try: help <command>

■ [osiris]管理用ホストを設定する

  1. osiris-4.1.8-release: edit-mhost
  2.  
  3. [ edit management host (127.0.0.1) ]
  4.  
  5.   > syslog facility [DAEMON]:
  6.   > control port [2266]:
  7.   > http control port [0]: 10080
  8.   > notify email (default for hosts) []: username@yourdomain.com
  9.   > notification smtp host [127.0.0.1]: smtp.yourdomain.com
  10.   > notification smtp port [25]:
  11.  
  12.   > authorized hosts:
  13.  
  14.    127.0.0.1
  15.  
  16.   Modify authorization list (y/n)? [n]
  17.  
  18. [ management config (127.0.0.1) ]
  19.  
  20. syslog_facility = DAEMON
  21. control_port = 2266
  22. http_port = 10080
  23. http_host =
  24. notify_email = username@yourdomain.com
  25. notify_app =
  26. notify_smtp_host = smtp.yourdomain.com
  27. notify_smtp_port = 25
  28. hosts_directory =
  29. allow = 127.0.0.1
  30.  
  31.  
  32. Is this correct (y/n)? y
  33.  >>> management host configuration has been saved.

■ [osiris]管理対象ホストの追加
 まずは自ホストを管理対象に加えておく。

  1. osiris-4.1.8-release: new-host
  2.  
  3. [ new host ]
  4.  
  5.   > name this host []:  myhost
  6.   > hostname/IP address []: 127.0.0.1
  7.   > description []: iMacG4
  8.   > agent port [2265]:
  9.   > enable log files for this host? (yes/no) [no]:    
  10.  
  11. Scan Databases:
  12.  
  13.     => keep archives of scan databases?  Enabling this option means that the
  14.        database generated with each scan is saved, even if there are no changes
  15.        detected.  Because of disk space, this option is not recommended
  16.        unless your security policy requires it. (yes/no) [no]:
  17.  ↑スキャンDBをアーカイブしておくオプション
  18.  
  19.     => auto-accept changes?  Enabling this option means that detected
  20.        changes are reported only once, and the baseline database is
  21.        automatically set when changes are detected. (yes/no) [yes]:
  22.  ↑変更を自動承認する設定 これをnoにすると承認するまで変更通知メールが何度も来る
  23.  
  24.     => purge database store?  Enabling this option means that none
  25.        of the scan databases are saved.  That is, whenever the baseline
  26.        database is set, the previous one is deleted. (yes/no): [yes]:
  27.  ↑常に最新のスキャンDBだけで運用する設定
  28.  
  29. Notifications:
  30.  
  31.     => enable email notification for this host? (yes/no) [no]: yes
  32.     => send notification on scheduled scans failures? (yes/no) [no]: yes
  33.     => send scan notification, even when no changes detected  (yes/no) [no]:
  34.     => send notification when agent has lost session key  (yes/no) [no]: yes
  35.     => notification email (default uses mhost address) []:
  36.  
  37. Scheduling:
  38.  
  39.   > configure scan scheduling information? (yes/no) [no]: yes
  40.  
  41.     [ scheduling information for myhost ]
  42.  
  43.     Scheduling information consists of a start time and a frequency value.
  44.     The frequency is a specified number of minutes between each scan, starting
  45.     from the start time.  The default is the current time.  Specify the start
  46.     time in the following format: mm/dd/yyyy HH:MM
  47.  
  48.     enter the start date and time
  49.     using 'mm/dd/yyyy HH:MM' format: [Sat Apr 30 13:07:15 2005]
  50.     enter scan frequency in minutes: [1440] 720
  51.  
  52.   > enable this host? (yes/no) [yes]:
  53.  
  54. host                  => myhost
  55. hostname/IP address   => 127.0.0.1
  56. description           => iMacG4
  57. agent port            => 2265
  58. host type             => generic
  59. log enabled           => no
  60. archive scans         => no
  61. auto accept           => yes
  62. purge databases       => yes
  63. notifications enabled => yes
  64. notifications always  => no
  65. notify on rekey       => yes
  66. notify on scan fail   => yes
  67. notify email          => (management config)
  68. scans starting on     => Sat Apr 30 13:07:15 2005
  69. scan frequency        => every 720 minutes
  70. enabled               => yes
  71.  
  72. Is this correct (y/n)? y
  73.  >>> new host (myhost) has been created.
  74. Initialize this host? (yes/no): yes
  75.  
  76. Initializing a host will push over a configuration, start
  77. a scan, and set the created database to be the
  78. trusted database.
  79.  
  80. Are you sure you want to initialize this host (yes/no): yes
  81.  
  82. OS Name: Darwin
  83. OS Version: 8.0.0
  84.  
  85. use the default configuration for this OS? (yes/no): yes
  86.  >>> configuration (default.darwin) has been pushed.
  87.  >>> scanning process was started on host: myhost

■ [osiris]管理対象ホストの設定変更

  1. osiris-4.1.8-release: host myhost
  2. myhost is alive.
  3. osiris-4.1.8-release[myhost]: edit-config ←ここでviでの設定変更モードになる
  4.  >>> configuration file has changed, updating...
  5.  >>> configuration: (default.darwin) has been updated.
  6. osiris-4.1.8-release[myhost]: push-config  ←ここで設定変更をホストに反映する
  7.  >>> the configuration: (default.darwin) has been pushed to host:  myhost
  8. osiris-4.1.8-release[myhost]: print-config ←設定内容を表示
  9.  
  10.  config name:  default.darwin
  11.           ID:  946090b8
  12.       status:  valid
  13.       errors:  0
  14.     warnings:  0
  15.        lines:  57
  16.  
  17.  -------- begin config file --------
  18.  
  19. # Default Configuration for Mac OS X.
  20. Recursive   no
  21. FollowLinks no
  22. IncludeAll
  23. Hash md5
  24. <System>
  25. Include mod_users
  26. Include mod_groups
  27. Include mod_kmods
  28. </System>
  29. <Directory />
  30. Recursive no
  31. Include file( "mach_kernel" )
  32. </Directory>
  33. <Directory /private/var/root>
  34. Recursive yes
  35. Include executable
  36. </Directory>
  37. <Directory /bin>
  38. IncludeAll
  39. </Directory>
  40. <Directory /usr/bin>
  41. IncludeAll
  42. </Directory>
  43. <Directory /usr/local/bin>
  44. IncludeAll
  45. </Directory>
  46. <Directory /usr/local/sbin>
  47. IncludeAll
  48. </Directory>
  49. <Directory /sbin>
  50. IncludeAll
  51. </Directory>
  52. <Directory /usr/sbin>
  53. IncludeAll
  54. </Directory>
  55. <Directory /etc>  ←ここから追加分
  56. Recursive yes
  57. IncludeAll
  58. </Directory>
  59. <Directory /Applications>
  60. Recursive yes
  61. IncludeAll
  62. </Directory>
  63. <Directory /Users/username>
  64. Recursive yes
  65. IncludeAll
  66. </Directory>  ←ここまで
  67. # EOF
  68.  
  69.  --------  end config file  --------

■ [osiris]Filter設定の追加

  1. osiris-4.1.8-release: edit-filters  ←ここからviで設定を編集(ウィザードは廃止された)
  2.  >>> comparison filters have been saved.
  3. osiris-4.1.8-release: print-filters  ←設定を表示
  4. Exclude anything matching the following regular expressions:
  5.  
  6. host=*;path=*;exclude: device ctime ;  ←Filterの書式は3.xから変更なし
  7. host=*;path=/etc;include only: perm uid gid new missing ;
  8. host=*;path=/Applications;include only: perm uid gid new missing ;
  9. host=*;path=/Users/username;include only: perm uid gid new missing ;
  10.  
  11. 4 comparison filters.

, ,
とりあえず付けておく無駄ではなかったなまぁまぁ読めたちょっと役に立ったかなかなり良かったかも (まだ評価されていません)
Loading...
Trackback

no comment untill now

Sorry, comments closed.