— Refer to our UPDATED guide for OSSEC! —
OSSEC Open Source HIDS – Server, Web Interface & Windows Client Install.
This walk through will show you how to install OSSEC HIDS Server with Web User Interface. Configure the WUI and instal the client on a Windows machine.
—Start Here—
Assuming you have an existing Ubuntu server setup.
- Update the system.
sudo apt update && sudo apt upgrade
2. Install some base applications
sudo apt install -y php php-cli php-common libapache2-mod-php apache2-utils sendmail inotify-tools apache2 build-essential gcc make wget tar libssl1.0-dev libz-dev libssl-dev libpcre2-dev libevent-dev
3. Enable rewrite, Apache & Start Apache.
sudo systemctl enable apache2
sudo systemctl start apache2
sudo a2enmod rewrite
4. Let’s get the OSSEC source package, extract and install. (Check for the latest version -> https://www.ossec.net/download-ossec/ at the time of creating this document version = 3.1.0
wget https://github.com/ossec/ossec-hids/archive/3.1.0.tar.gz
tar -xvzf 3.1.0.tar.gz
cd ossec-hids-3.1.0/
sudo sh ./install.sh
5. The OSSEC Service options & starting
Usage: ./ossec-control {start|stop|reload|restart|status|enable|disable}
sudo / var/ossec/bin/ossec-control start
6. Install the OSSEC web User Interface.
cd /tmp/
sudo git clone https://github.com/ossec/ossec-wui.git
sudo mv /tmp/ossecwui /var/www/html
cd /var/www/html/ossec-wui
sudo ./setup.sh
6.1 Set some file permissions
sudo chown -R www-data:www-data /var/www/html/ossec-wui/
sudo chmod -R 755 /var/www/html/ossec-wui/
Restart Apache2
sudo systemctl restart apache2
7. Open browser and navigate to http://your-servers-ip/ossec-wui
To see how to install the agent /client on a windows desktop for the Youtube recording of this install to 14:38
—End—