OSSEC is a Host-based Intrusion Detection System available for Linux, Solaris, FreeBSD, OpenBSD, Mac OS X etc. It has the feature to perform as log analysis, rootkit detection, real-time alerting system. In this guide, we are going to see how to install OSSEC in Red Hat Linux and Variants. By following we are going to see how to install in Solaris 11.

To perform the installation using yum as follows.

# yum install ossec-hids ossec-hids-client

Edit the OSSEC configuration to change the OSSEC Instruction server IP or use sed to replace as shown below.

# vim /var/ossec/etc/ossec.conf

# sed -i "s/192.168.1.1/192.168.1.100/g" /var/ossec/etc/ossec.conf
# egrep -w --color "192.168.1.100" /var/ossec/etc/ossec.conf

Restart the OSSEC client service

/etc/init.d/ossec-hids restart

Perform Solaris OSSEC client.

Download OSSEC binary package in tar format.

# wget http://192.168.1.10/repo/utils/ossec-hids-2.8.3.tar.gz

Extract the downloaded tar package using below command.

# /usr/sfw/bin/gtar zxf ossec-hids-2.8.3.tar.gz

Navigate to extracted directory, Make and install using ./install.sh.

# cd ossec-hids-2.8.3

# perl -pi -e “s/\/bin\/sh/\/bin\/bash/” src/Makeall src/Makefile

# export CC=/usr/sfw/bin/gcc

# ./install.sh

Once done with installation config file will be under below location.

Config : /var/ossec/etc/ossec.conf

To start, stop the service use below commands.

# /var/ossec/bin/ossec-control start

# /var/ossec/bin/ossec-control stop

We have done with OSSEC client installation for Linux and Solaris servers.

Babin Lonston
Overall 13+ Years of experience in IT field, 7+ years of experience in Linux administration with Virtualization & Cloud technologies. Love documentation and being Numismatics for a long time.

Journalctl command to verify logs in RedHat Enterprise Linux 7

Previous article

Solution for tar: ././@LongLink: typeflag ‘L’ not recognized, converting to regular file x ././@LongLink, 103 bytes, 1 tape blocks

Next article

You may also like

Comments

Leave a reply

Your email address will not be published.