Receiving Email Notification from Samhain, Aide, OSSEC
Posted 01-02-2012 at 07:19 AM by metalaarif
###------This How I solved and Hope it helps everyone else who want Email Notification from Samhain, OSSEC and AIDE--------###
###------This one is for Samhain others i'll post it again soon------###
###------I'm doing this on Ubunutu------------------####
First of all,
you can find this in here https://help.ubuntu.com/community/Postfix
Now once you have configured Postfix, We need to reconfigure it so that we can receive our Email Notification in our Gmail or Yahoomail or Hotmail etc.
This is one of the best link that guided me so that I could redirect my local mail to gmail
https://help.ubuntu.com/community/GmailPostfixFetchmail
after you finish that process don't forget to try this but before that you need to install
If this is working then that means now you need to configure AIDE, Samhain and Ossec
For now I'll talk about Samhain
First just configure what you want your samhain to scan and comments few files and directories which you don't have
then initialise the database
Now check for any warning message in foreground or else it will run as daemon
it will give few warning and alerts, now your ready to configure email part.
The reason we get Email notification that is because we have already created a database baseline
and now we are going to configure /etc/samhainrc, this is going change ctime, mtime, checksum etc
and this is very serious because main conf file is itself being changed. But we want to see Notification that is why we will do it now,
Remeber that your IP must be 127.0.0.1 and now Make these changes
Now again run,
I'm 100% sure your going to get Email Notification Right away.
Good Luck I'll be posting for Aide and Ossec too
###------This one is for Samhain others i'll post it again soon------###
###------I'm doing this on Ubunutu------------------####
First of all,
Quote:
Install postfix with "No Configuration"
Then # dpkg-reconfigure postfix
General type of mail configuration: Internet Site
System mail name: localhost
Root and postmaster mail recipient: anyname (e.g.John)
Other destinations for mail: (your hostname), localhost.localdomain, localhost
Force synchronous updates on mail queue?: No
Local networks: 127.0.0.0/8
Yes doesn't appear to be requested in current config
Mailbox size limit (bytes): 0
Local address extension character: +
Internet protocols to use: all
Then # dpkg-reconfigure postfix
General type of mail configuration: Internet Site
System mail name: localhost
Root and postmaster mail recipient: anyname (e.g.John)
Other destinations for mail: (your hostname), localhost.localdomain, localhost
Force synchronous updates on mail queue?: No
Local networks: 127.0.0.0/8
Yes doesn't appear to be requested in current config
Mailbox size limit (bytes): 0
Local address extension character: +
Internet protocols to use: all
Now once you have configured Postfix, We need to reconfigure it so that we can receive our Email Notification in our Gmail or Yahoomail or Hotmail etc.
This is one of the best link that guided me so that I could redirect my local mail to gmail
https://help.ubuntu.com/community/GmailPostfixFetchmail
after you finish that process don't forget to try this but before that you need to install
Quote:
sudo apt-get install mailutils && sudo apt-get install heirloom-mailx
Then use the following to see if you receive mail in gmail or yahoomail etc.
echo 'Testing Testing | mail -s 'This is Test mail' your@mailaddress.com
Then use the following to see if you receive mail in gmail or yahoomail etc.
echo 'Testing Testing | mail -s 'This is Test mail' your@mailaddress.com
For now I'll talk about Samhain
Quote:
Install Samhain
vim /etc/samhainrc
vim /etc/samhainrc
then initialise the database
Quote:
samhain -t init
Quote:
samhain -t check -p warn --foreground
The reason we get Email notification that is because we have already created a database baseline
and now we are going to configure /etc/samhainrc, this is going change ctime, mtime, checksum etc
and this is very serious because main conf file is itself being changed. But we want to see Notification that is why we will do it now,
Remeber that your IP must be 127.0.0.1 and now Make these changes
Quote:
MailSeverity=warn
SetMailAddress=xxxxxxx@gmail.com
SetMailRelay = 127.0.0.1
SetMailAddress=xxxxxxx@gmail.com
SetMailRelay = 127.0.0.1
Quote:
samhain -t check -p warn --foreground
Good Luck I'll be posting for Aide and Ossec too
Total Comments 0
