OSSEC Open Source HIDS

— Refer to our UPDATED guide for OSSEC! —

OSSEC Open Source HIDS – Server, Web Interface & Windows Client Install.

This walk through will show you how to install OSSEC HIDS Server with Web User Interface. Configure the WUI and instal the client on a Windows machine.

—Start Here—

Assuming you have an existing Ubuntu server setup. 

  1. Update the system.

sudo apt update && sudo apt upgrade

2. Install some base applications

sudo apt install -y php php-cli php-common libapache2-mod-php apache2-utils sendmail inotify-tools apache2 build-essential gcc make wget tar libssl1.0-dev libz-dev libssl-dev libpcre2-dev libevent-dev

3. Enable rewrite, Apache & Start Apache.

sudo systemctl enable apache2

sudo systemctl start apache2

sudo a2enmod rewrite 

4. Let’s get the OSSEC source package, extract and install. (Check for the latest version -> https://www.ossec.net/download-ossec/ at the time of creating this document version = 3.1.0

wget https://github.com/ossec/ossec-hids/archive/3.1.0.tar.gz

tar -xvzf 3.1.0.tar.gz

cd ossec-hids-3.1.0/

sudo sh ./install.sh 

5. The OSSEC Service options & starting

Usage: ./ossec-control {start|stop|reload|restart|status|enable|disable}

sudo / var/ossec/bin/ossec-control start

6. Install the OSSEC web User Interface.

cd /tmp/

sudo git clone https://github.com/ossec/ossec-wui.git

sudo mv /tmp/ossecwui /var/www/html

cd /var/www/html/ossec-wui

sudo ./setup.sh 

6.1 Set some file permissions 

sudo chown -R www-data:www-data /var/www/html/ossec-wui/

sudo chmod -R 755 /var/www/html/ossec-wui/

Restart Apache2

sudo systemctl restart apache2

7. Open browser and navigate to http://your-servers-ip/ossec-wui

To see how to install the agent /client on a windows desktop for the Youtube recording of this install to 14:38