Install OSSEC WUI on Ubuntu

October 27, 2011

This is a quick tutorial on how to install the OSSEC web interface on Ubuntu (covers 8.04 and 8.10):

Installing Apache

root@home:/# cd /tmp
root@home:/tmp# apt-get install apache2 libapache2-mod-php5 # said yes to all required packages
root@home:/tmp# /etc/init.d/apache2 restart

Downloading

root@home:/tmp# cd /var/www
root@home:/var/www# wget http://www.ossec.net/files/ui/ossec-wui-0.3.tar.gz
root@home:/var/www# wget http://www.ossec.net/files/ui/ossec-wui-0.3-checksum.txt
root@home:/var/www# md5sum -c ossec-wui-0.3-checksum.txt
root@home:/var/www# sha1sum -c ossec-wui-0.3-checksum.txt

Installing the wui

root@home:/var/www# tar -zxvf ossec-wui-0.3.tar.gz
root@home:/var/www# mv ossec-wui-0.3 ossec
root@home:/var/www# cd ossec
root@home:/var/www/ossec# ./setup.sh

To get the username that Apache is running

root@home:/var/www/ossec# ps auwx |grep apache | cut -d ” ” -f 1 | grep -v root | uniq
www-data

Adding www-data to ossec group and checking after

root@home:/var/www/ossec# usermod -a -G ossec www-data
root@home:/var/www/ossec# cat /etc/group |grep ossec
ossec:x:1001:www-data

Fixing ./tmp permissions

root@home:/var/www/ossec# chmod 770 tmp/
root@home:/var/www/ossec# chgrp www-data tmp/
root@home:/var/www/ossec# apache2ctl restart

That’s it! Just go to http://youripaddress/ossec to access it

 

source http://www.ossec.net/main/manual/wui-ubuntu