How to Install OSSEC Host Intrusion Detection client in Linux and Solaris

OSSEC is a Host-based Intrusion Detection System available for Linux, Solaris, FreeBSD, OpenBSD, Mac OS X etc. It has the feature to perform as log analysis, rootkit detection, real-time alerting system. In this guide, we are going to see how to install OSSEC in Red Hat Linux and Variants. By following we are going to see how to install in Solaris 11.

To perform the installation using yum as follows.

# yum install ossec-hids ossec-hids-client

Edit the OSSEC configuration to change the OSSEC Instruction server IP or use sed to replace as shown below.

# vim /var/ossec/etc/ossec.conf

# sed -i "s/192.168.1.1/192.168.1.100/g" /var/ossec/etc/ossec.conf
# egrep -w --color "192.168.1.100" /var/ossec/etc/ossec.conf

Restart the OSSEC client service

/etc/init.d/ossec-hids restart

Perform Solaris OSSEC client.

Download OSSEC binary package in tar format.

# wget http://192.168.1.10/repo/utils/ossec-hids-2.8.3.tar.gz

Extract the downloaded tar package using below command.

# /usr/sfw/bin/gtar zxf ossec-hids-2.8.3.tar.gz

Navigate to extracted directory, Make and install using ./install.sh.

# cd ossec-hids-2.8.3

# perl -pi -e “s/\/bin\/sh/\/bin\/bash/” src/Makeall src/Makefile

# export CC=/usr/sfw/bin/gcc

# ./install.sh

Once done with installation config file will be under below location.

Config : /var/ossec/etc/ossec.conf

To start, stop the service use below commands.

# /var/ossec/bin/ossec-control start

# /var/ossec/bin/ossec-control stop

We have done with OSSEC client installation for Linux and Solaris servers.