OSSEC Open Source HIDS

— Refer to our UPDATED guide for OSSEC! —

OSSEC Open Source HIDS – Server, Web Interface & Windows Client Install.

This walk through will show you how to install OSSEC HIDS Server with Web User Interface. Configure the WUI and instal the client on a Windows machine.

Steps: PdfOSSEC OPEN SOURCE HIDS or follow below.


–START–

Url’s used: http://www.ossec.net/ / http://www.ossec.net/downloads/ / https://github.com/ossec/ossec-hids / https://github.com/ossec/ossec-wui


Steps:

Assuming you have an existing Ubuntu 18.04 Server setup.

  1. Update & Install some base applications

$ sudo apt update

$ sudo apt upgrade

$ sudo apt install -y php php-cli php-common libapache2-mod-php apache2- _utils sendmail inotify-tools apache2 build-essential gcc make wget tar _

  1. Enable rewrite, Apache & Start Apache $ sudo systemctl enable apache2

$ sudo systemctl start apache2

$ sudo a2enmod rewrite

  1. Lets get the OSSEC Software and install it

$ wget https://github.com/ossec/ossec-hids

$ tar -xvzf 3.1.0.tar.gz

$ cd ossec-hids-3.1.0/

$ sudo sh ./install.sh

  1. Service options & start

Usage: ./ossec-control {start|stop|reload|restart|status|enable|disable} $ sudo / var/ossec/bin/ossec-control start

  1. Installing the OSSEC web User Interface.

$cd /tmp/

$ sudo git clone https://github.com/ossec/ossec-wui.git $ sudo mv /tmp/ossecwui /var/www/html

$ cd /var/www/html/ossec-wui

$ sudo ./setup.sh

5.1 Permissions

$ sudo chown -R www-data:www-data /var/www/html/ossec-wui/ $ sudo

chmod -R 755 /var/www/html/ossec-wui/

$ cd /

$ sudo systemctl restart apache2

5.2 Open browser and navigate to http://your-servers-ip/ossec-wui

  1. Lets add our first agent (Windows)

From your-ossec-server

$sudo /var/ossec/bin/manage_agents

Download the agent for you Windows client Open your browser and navigate to http://www.ossec.net/downloads.html