diff --git a/docs/openscap-usage-guide/img/1641043278037-a65e1e2b-e59e-45f4-85eb-d859e357af50.png b/docs/openscap-usage-guide/img/1641043278037-a65e1e2b-e59e-45f4-85eb-d859e357af50.png new file mode 100644 index 0000000000000000000000000000000000000000..1e1c5642f1cf056b860afb97b8430173595308ca Binary files /dev/null and b/docs/openscap-usage-guide/img/1641043278037-a65e1e2b-e59e-45f4-85eb-d859e357af50.png differ diff --git a/docs/openscap-usage-guide/img/1641043293469-0c92ceb2-e831-4424-a757-64c35b385adb.png b/docs/openscap-usage-guide/img/1641043293469-0c92ceb2-e831-4424-a757-64c35b385adb.png new file mode 100644 index 0000000000000000000000000000000000000000..1c887cf1f87729835268aa154a5da831564f46f6 Binary files /dev/null and b/docs/openscap-usage-guide/img/1641043293469-0c92ceb2-e831-4424-a757-64c35b385adb.png differ diff --git a/docs/openscap-usage-guide/img/1641043310755-e9c5205e-c1f8-44ee-a932-68e6e61a4806.png b/docs/openscap-usage-guide/img/1641043310755-e9c5205e-c1f8-44ee-a932-68e6e61a4806.png new file mode 100644 index 0000000000000000000000000000000000000000..224f5a772faf4cd086509ccbb2e3449d904f8a13 Binary files /dev/null and b/docs/openscap-usage-guide/img/1641043310755-e9c5205e-c1f8-44ee-a932-68e6e61a4806.png differ diff --git a/docs/openscap-usage-guide/img/1641043325593-ada157f4-a39f-4650-9e2f-b09ab640133f.png b/docs/openscap-usage-guide/img/1641043325593-ada157f4-a39f-4650-9e2f-b09ab640133f.png new file mode 100644 index 0000000000000000000000000000000000000000..c394ca9e8c6122dc40a3493a9cc372596109d793 Binary files /dev/null and b/docs/openscap-usage-guide/img/1641043325593-ada157f4-a39f-4650-9e2f-b09ab640133f.png differ diff --git a/docs/openscap-usage-guide/img/1668592764187-7a5ba1f7-6d29-4c54-a7e7-75dea40441c8.png b/docs/openscap-usage-guide/img/1668592764187-7a5ba1f7-6d29-4c54-a7e7-75dea40441c8.png new file mode 100644 index 0000000000000000000000000000000000000000..677efc1f13e8fbcfef92e22339910877c18172e8 Binary files /dev/null and b/docs/openscap-usage-guide/img/1668592764187-7a5ba1f7-6d29-4c54-a7e7-75dea40441c8.png differ diff --git a/docs/openscap-usage-guide/img/1668593075617-ee1bdd1c-61cf-4bbb-a5c8-5f0f345d995c.png b/docs/openscap-usage-guide/img/1668593075617-ee1bdd1c-61cf-4bbb-a5c8-5f0f345d995c.png new file mode 100644 index 0000000000000000000000000000000000000000..5232313e6d4f292b6dd8301e6cdc288a55845405 Binary files /dev/null and b/docs/openscap-usage-guide/img/1668593075617-ee1bdd1c-61cf-4bbb-a5c8-5f0f345d995c.png differ diff --git a/docs/openscap-usage-guide/img/1668593244822-eb45b2bc-0ded-446a-9151-468c0b6d29da.png b/docs/openscap-usage-guide/img/1668593244822-eb45b2bc-0ded-446a-9151-468c0b6d29da.png new file mode 100644 index 0000000000000000000000000000000000000000..253637529b4533c83a2971b6f259881ea003bb4d Binary files /dev/null and b/docs/openscap-usage-guide/img/1668593244822-eb45b2bc-0ded-446a-9151-468c0b6d29da.png differ diff --git a/docs/openscap-usage-guide/img/1668593280811-91fbb199-15d7-403d-999d-1a537a580fbd.png b/docs/openscap-usage-guide/img/1668593280811-91fbb199-15d7-403d-999d-1a537a580fbd.png new file mode 100644 index 0000000000000000000000000000000000000000..3a9520acd155e8583355e8b5bfd603ad947fcd71 Binary files /dev/null and b/docs/openscap-usage-guide/img/1668593280811-91fbb199-15d7-403d-999d-1a537a580fbd.png differ diff --git a/docs/openscap-usage-guide/img/1668649530629-2f5ded47-f3bd-4528-a964-c1bcee791863.png b/docs/openscap-usage-guide/img/1668649530629-2f5ded47-f3bd-4528-a964-c1bcee791863.png new file mode 100644 index 0000000000000000000000000000000000000000..37a2e02dbedbdaf3fbc9a4806075b7f2a8e730b6 Binary files /dev/null and b/docs/openscap-usage-guide/img/1668649530629-2f5ded47-f3bd-4528-a964-c1bcee791863.png differ diff --git a/docs/openscap-usage-guide/openscap-usage-guide.md b/docs/openscap-usage-guide/openscap-usage-guide.md index ae0281ed8656613fafa6214cfd47edf6cd811f34..9f790b3f565b65a4a45ed5e4d3a2b354152274f5 100644 --- a/docs/openscap-usage-guide/openscap-usage-guide.md +++ b/docs/openscap-usage-guide/openscap-usage-guide.md @@ -157,3 +157,87 @@ oscap-podman [CONTAINER ID] oval eval --report vulnerability.html ssg-anolis8-ov > 左上角展示了本次扫描的结果汇总 > > 下方展示了具体扫描项目以及扫描结果 + +4. Anolis 8 上 Wazuh v4.1.5 openscap 监控功能 + +- 编译与启动服务 + +```bash +yum install -y git make gcc gcc-c++ vim +yum install -y cmake +yum install -y libstdc++-static +yum install make cmake gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool +yum install jq -y +ln -s /usr/bin/python3.6 /usr/bin/python +wget https://github.com/wazuh/wazuh/archive/v4.1.5.tar.gz +tar -zxvf v4.1.5.tar.gz +cd wazuh-4.1.5/ +./install.sh +# 启动wazuh服务 +/var/ossec/bin/ossec-control start +``` + +编译过程: + +![img](./img/1641043278037-a65e1e2b-e59e-45f4-85eb-d859e357af50.png) + +![img](./img/1641043293469-0c92ceb2-e831-4424-a757-64c35b385adb.png) + +![img](./img/1641043310755-e9c5205e-c1f8-44ee-a932-68e6e61a4806.png) + +![img](./img/1641043325593-ada157f4-a39f-4650-9e2f-b09ab640133f.png) + +![image.png](./img/1668592764187-7a5ba1f7-6d29-4c54-a7e7-75dea40441c8.png) + +- 配置/var/ossec/etc/ossec.conf + - timeout:超时时间 + - interval:检测间隔时间 + - scan-on-start:是否开机扫描 + + +```bash +# vim /var/ossec/etc/ossec.conf +59 + + + no + 1800 + 5min + yes + + xccdf_org.ssgproject.content_profile_standard + + +``` + +![image.png](./img/1668593075617-ee1bdd1c-61cf-4bbb-a5c8-5f0f345d995c.png) + +- 复制open-scap组件及ds.xml文件到指定位置并重启wazuh服务 + +```bash +cd wazuh-4.1.5/wodles +cp -r oscap /var/ossec/wodles/ +cp ssg-anolis8-ds.xml /var/ossec/wodles/oscap/content/ +/var/ossec/bin/ossec-control restart +``` + +- 查看检测日志 + +```bash +# 查看扫描日志 +cat /var/ossec/logs/ossec.log | grep oscap | tail -n 10 + +# 查看总分以及每一项的具体的得分情况 +cat /var/ossec/logs/alerts/alerts.log | grep oscap | tail -n 10 +``` + +![image.png](./img/1668593244822-eb45b2bc-0ded-446a-9151-468c0b6d29da.png) + +![image.png](./img/1668593280811-91fbb199-15d7-403d-999d-1a537a580fbd.png) + +图中`score`为当前扫描的得分情况 + +- 持续监控 + +![image.png](./img/1668649530629-2f5ded47-f3bd-4528-a964-c1bcee791863.png) + +可以看到,按配置文件填写的时间,每5分钟对主机进行一次合规检测