OSSEC is a Host-based Intrusion Detection System available for Linux, Solaris, FreeBSD, OpenBSD, Mac OS X etc. It has the feature to perform as log analysis, rootkit detection, real-time alerting system. In this guide, we are going to see how to install OSSEC in Red Hat Linux and Variants. By following we are going to see how to install in Solaris 11.
To perform the installation using yum as follows.
# yum install ossec-hids ossec-hids-client
Edit the OSSEC configuration to change the OSSEC Instruction server IP or use sed to replace as shown below.
# vim /var/ossec/etc/ossec.conf
# sed -i "s/192.168.1.1/192.168.1.100/g" /var/ossec/etc/ossec.conf
# egrep -w --color "192.168.1.100" /var/ossec/etc/ossec.conf
Restart the OSSEC client service
/etc/init.d/ossec-hids restart
Perform Solaris OSSEC client.
Download OSSEC binary package in tar format.
# wget http://192.168.1.10/repo/utils/ossec-hids-2.8.3.tar.gz
Extract the downloaded tar package using below command.
# /usr/sfw/bin/gtar zxf ossec-hids-2.8.3.tar.gz
Navigate to extracted directory, Make and install using ./install.sh.
# cd ossec-hids-2.8.3
# perl -pi -e “s/\/bin\/sh/\/bin\/bash/” src/Makeall src/Makefile
# export CC=/usr/sfw/bin/gcc
# ./install.sh
Once done with installation config file will be under below location.
Config : /var/ossec/etc/ossec.conf
To start, stop the service use below commands.
# /var/ossec/bin/ossec-control start
# /var/ossec/bin/ossec-control stop
We have done with OSSEC client installation for Linux and Solaris servers.