December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Categories

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

OSSEC Server Installation on CentOS

OS: CentOS 5.6 i386, CentOS 6.2 i386
Ossec Version: 2.6
Hardware: Virtual Machine (VirtualBox 4.1.14)

About

OSSEC is an opensource Host Intrustion Detection System (HIDS). OSSEC let you monitor log files, integrity of files and detects root kits in a client-server environment.

OSSEC Server Installation

  • Install wget and update your system
yum install wget -y
yum update -y
reboot
  • If you are using CentOS 6 install EPEL repository
rpm -Uvh http://ftp.heanet.ie/pub/fedora/epel/6/i386/epel-release-6-7.noarch.rpm
  • Install atomic repository on your system
wget -q -O - https://www.atomicorp.com/installers/atomic | sh
Press Enter to accept the terms
  • Install OSSEC packages and apache for the WUI
yum install ossec-hids ossec-hids-server httpd php -y
  • Download and extract ossec-wui
cd /var/www/html
wget http://www.ossec.net/files/ui/ossec-wui-0.3.tar.gz
tar zxvf ossec-wui-*.tar.gz
rm -f ossec-wui-*.tar.gz
mv ossec-wui-* ossec-wui 
chown -R apache:apache /var/www/html/ossec-wui
  • Download and install ossec-wui patches
mkdir /usr/local/src/ossec
cd /usr/local/src/ossec
wget http://www.dopefish.de/files/ossec/ossec-wui-0.3_ossec_2.6.patch.tgz
cd /var/www/html/ossec-wui
tar zxvf /usr/local/src/ossec/ossec-wui-0.3_ossec_2.6.patch.tgz
mkdir /var/www/html/ossec-wui/tmp
chown apache:apache /var/www/html/ossec-wui/tmp
  • Edit ossec configuration file and configure emails parameters in the global section and change the location of apache log files in the end of ossec.conf file
vi /var/ossec/etc/ossec.conf
...
  <global>
    <email_notification>yes</email_notification>
    <email_to>daniel.cid@xxx.com</email_to>
    <smtp_server>smtp.xxx.com.</smtp_server>
    <email_from>ossecm@ossec.xxx.com.</email_from>
  </global>
...
  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/httpd/access_log</location>
  </localfile>

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/httpd/error_log</location>
  </localfile>
  • Add apache user to ossec group
usermod -G ossec apache
  • Configure OSSEC to run at startup and start it
chkconfig ossec-hids on
service ossec-hids start
  • Configure apache to run at startup and start it
chkconfig httpd on
service httpd start

That’s it. Ossec server installation completed. You can browse to http://ossec_srv_IP/ossec-wui. The default user and password are: ossec/ossec.

After completing the server installation you can install new clients using these guides:

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>