Install OSSEC local on Ubuntu

October 27, 2011

 

Download files

wget http://www.ossec.net/files/ossec-hids-latest.tar.gz
wget http://www.ossec.net/files/ossec-hids-latest_sum.txt

Check the MD5 or SAH1 to make sure they are legit (Don’t skip!!)

md5sum ossec-hids-latest.tar.gz
cat ossec-hids-latest_sum.txt

Extract the files from the tar

tar zxvf ossec-hids-latest.tar.gz

Cd into the directory and run the installer **

cd ossec-hids-latest/
./install.sh

If you are not running a local install make sure to adjust the firewall

-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p udp –dport 1514 -j ACCEPT

Start the service

/var/ossec/bin/ossec-control start

 

When the install finishes you should see this:

 - System is Debian (Ubuntu or derivative).
 - Init script modified to start OSSEC HIDS during boot.

 - Configuration finished properly.

 - To start OSSEC HIDS:
		/var/ossec/bin/ossec-control start

 - To stop OSSEC HIDS:
		/var/ossec/bin/ossec-control stop

 - The configuration can be viewed or modified at /var/ossec/etc/ossec.conf