Professional Documents
Culture Documents
Installing OSSEC
Assumptions
OSSEC
Installation
ubuntu@userv1:~$ cd ossec
Now to download OSSEC we use the wget command (read the man page
before using it) and find the latest OSSEC version available
(check on the OSSEC website). From ubuntu@userv1:~/ossec$:
This will download the ossec installation files version 2.8 to our
working directory. Download the latest version wherever possible
and adjust the command accordingly.
ubuntu@userv1:~/ossec$ cd ossec-hids-*
You are about to start the installation process of the OSSEC HIDS.
You must have a C compiler pre-installed in your system.
If you have any questions or comments, please send an e-mail
to dcid@ossec.net (or daniel.cid@gmail.com).
[Enter] to continue.
1- What kind of installation do you want (server, agent, local, hybrid or help)?
We are doing a local install so type 'local' (no quotes) and press
[Enter].
2- Setting up the installation environment.
Yes we do!
- What's your e-mail address?
y
3.3- Do you want to run the rootkit detection engine? (y/n) [y]:
y
3.4- Active response allows you to execute a specific
command based on the events received. For example,
you can block an IP address or disable access for
a specific user.
More information at:
http://www.ossec.net/en/manual.html#active-response
y - note that this has the ability to block our PuTTY connection.
y
- Default white list for the active response:
- 192.168.1.1
- Do you want to add more IPs to the white list? (y/n)? [n]:
[Enter] to continue.
[Enter] to finish.
Cleaning up
Starting OSSEC
You should now check your email for messages from Ossec!