{"id":1078,"date":"2012-08-22T16:27:52","date_gmt":"2012-08-22T08:27:52","guid":{"rendered":"http:\/\/rmohan.com\/?p=1078"},"modified":"2012-08-22T16:29:26","modified_gmt":"2012-08-22T08:29:26","slug":"ossec-server-installation-on-centos","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=1078","title":{"rendered":"OSSEC Server Installation on CentOS"},"content":{"rendered":"<div>\n<pre>OS: CentOS 5.6 i386, CentOS 6.2 i386\r\nOssec Version: 2.6\r\nHardware: Virtual Machine (VirtualBox 4.1.14)<\/pre>\n<h1>About<\/h1>\n<p>OSSEC is an opensource Host Intrustion Detection System (HIDS). OSSEC let you monitor log files, integrity of files and detects root kits in a client-server environment.<\/p>\n<h1>OSSEC Server Installation<\/h1>\n<ul>\n<li>Install wget and update your system<\/li>\n<\/ul>\n<pre>yum install wget -y\r\nyum update -y\r\nreboot<\/pre>\n<ul>\n<li>If you are using CentOS 6 install EPEL repository<\/li>\n<\/ul>\n<pre>rpm -Uvh http:\/\/ftp.heanet.ie\/pub\/fedora\/epel\/6\/i386\/epel-release-6-7.noarch.rpm<\/pre>\n<ul>\n<li>Install atomic repository on your system<\/li>\n<\/ul>\n<pre>wget -q -O - https:\/\/www.atomicorp.com\/installers\/atomic | sh\r\nPress Enter to accept the terms<\/pre>\n<ul>\n<li>Install OSSEC packages and apache for the WUI<\/li>\n<\/ul>\n<pre>yum install ossec-hids ossec-hids-server httpd php -y<\/pre>\n<ul>\n<li>Download and extract\u00a0ossec-wui<\/li>\n<\/ul>\n<pre>cd \/var\/www\/html\r\nwget http:\/\/www.ossec.net\/files\/ui\/ossec-wui-0.3.tar.gz\r\ntar zxvf ossec-wui-*.tar.gz\r\nrm -f ossec-wui-*.tar.gz\r\nmv ossec-wui-* ossec-wui\u00a0\r\nchown -R apache:apache \/var\/www\/html\/ossec-wui<\/pre>\n<ul>\n<li>Download and install ossec-wui patches<\/li>\n<\/ul>\n<pre>mkdir \/usr\/local\/src\/ossec\r\ncd \/usr\/local\/src\/ossec\r\nwget http:\/\/www.dopefish.de\/files\/ossec\/ossec-wui-0.3_ossec_2.6.patch.tgz\r\ncd \/var\/www\/html\/ossec-wui\r\ntar zxvf \/usr\/local\/src\/ossec\/ossec-wui-0.3_ossec_2.6.patch.tgz\r\nmkdir \/var\/www\/html\/ossec-wui\/tmp\r\nchown apache:apache \/var\/www\/html\/ossec-wui\/tmp<\/pre>\n<ul>\n<li>Edit ossec configuration file and configure emails parameters in the global section and change the location of apache log files in the end of ossec.conf file<\/li>\n<\/ul>\n<pre>vi \/var\/ossec\/etc\/ossec.conf\r\n...\r\n  &lt;global&gt;\r\n    &lt;email_notification&gt;yes&lt;\/email_notification&gt;\r\n    &lt;email_to&gt;daniel.cid@xxx.com&lt;\/email_to&gt;\r\n    &lt;smtp_server&gt;smtp.xxx.com.&lt;\/smtp_server&gt;\r\n    &lt;email_from&gt;ossecm@ossec.xxx.com.&lt;\/email_from&gt;\r\n  &lt;\/global&gt;\r\n...\r\n  &lt;localfile&gt;\r\n    &lt;log_format&gt;apache&lt;\/log_format&gt;\r\n    &lt;location&gt;\/var\/log\/httpd\/access_log&lt;\/location&gt;\r\n  &lt;\/localfile&gt;\r\n\r\n  &lt;localfile&gt;\r\n    &lt;log_format&gt;apache&lt;\/log_format&gt;\r\n    &lt;location&gt;\/var\/log\/httpd\/error_log&lt;\/location&gt;\r\n  &lt;\/localfile&gt;<\/pre>\n<ul>\n<li>Add apache user to ossec group<\/li>\n<\/ul>\n<pre>usermod -G ossec apache<\/pre>\n<ul>\n<li>Configure OSSEC to run at startup and start it<\/li>\n<\/ul>\n<pre>chkconfig ossec-hids on\r\nservice ossec-hids start<\/pre>\n<ul>\n<li>Configure apache to run at startup and start it<\/li>\n<\/ul>\n<pre>chkconfig httpd on\r\nservice httpd start<\/pre>\n<p>That\u2019s it. Ossec server installation completed. You can browse to http:\/\/<em>ossec_srv_IP\/ossec-wui. <\/em>The default user and password are: ossec\/ossec.<\/p>\n<p>After completing the server installation you can install new clients using these guides:<\/p>\n<ul>\n<li><a title=\"003. OSSEC Client Installation on Windows\" href=\"http:\/\/nachum234.no-ip.org\/security\/ossec\/003-ossec-client-installation-on-windows-xp\/\">OSSEC Client Installation on windows<\/a><\/li>\n<li><a title=\"2. OSSEC Client Installation on CentOS\" href=\"http:\/\/nachum234.no-ip.org\/wordpress\/?p=186\">OSSEC Client Installation on Linux<\/a><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p> OS: CentOS 5.6 i386, CentOS 6.2 i386 Ossec Version: 2.6 Hardware: Virtual Machine (VirtualBox 4.1.14) About <\/p>\n<p>OSSEC is an opensource Host Intrustion Detection System (HIDS). OSSEC let you monitor log files, integrity of files and detects root kits in a client-server environment.<\/p>\n<p> OSSEC Server Installation Install wget and update your system yum install wget [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1078"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1078"}],"version-history":[{"count":4,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1078\/revisions"}],"predecessor-version":[{"id":1081,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/1078\/revisions\/1081"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1078"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}