Install OSSEC local on Ubuntu

 

Download files

wget http://www.ossec.net/files/ossec-hids-latest.tar.gz
wget http://www.ossec.net/files/ossec-hids-latest_sum.txt

Check the MD5 or SAH1 to make sure they are legit (Don’t skip!!)

md5sum ossec-hids-latest.tar.gz
cat ossec-hids-latest_sum.txt

Extract the files from the tar

tar zxvf ossec-hids-latest.tar.gz

Cd into the directory and run the installer **

cd ossec-hids-latest/
./install.sh

If you are not running a local install make sure to adjust the firewall

-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p udp –dport 1514 -j ACCEPT

Start the service

/var/ossec/bin/ossec-control start

 

When the install finishes you should see this:

 - System is Debian (Ubuntu or derivative).
 - Init script modified to start OSSEC HIDS during boot.

 - Configuration finished properly.

 - To start OSSEC HIDS:
		/var/ossec/bin/ossec-control start

 - To stop OSSEC HIDS:
		/var/ossec/bin/ossec-control stop

 - The configuration can be viewed or modified at /var/ossec/etc/ossec.conf

 

Leave a Reply

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>