OSSEC Install on Ubuntu with WUI


What is OSSEC?

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

The installation instructions are a bit spread out on the OSSEC website and it took me awhile to figure everything out. So here you go, the work is done for you.  The following instructions are how to install the OSSEC, along with the OSSEC WUI (Web User Interface). OSSEC HIDS must be installed before OSSEC WUI.

Install build essentials

sudo apt-get install build-essential (try “build-essentials” if that doesn’t work)

Download
wget http://www.ossec.net/files/ossec-hids-latest.tar.gz
wget http://www.ossec.net/files/ossec-hids-latest_sum.txt
md5sum ossec-hids-latest.tar.gz
sha1sum ossec-hids-latest.tar.gz

Extract and Install
tar -zxvf ossec-hids-*.tar.gz
cd ossec-hids-*
./install.sh

Start service
/var/ossec/bin/ossec-control start

Setup will prompt for setup preferences, just follow the on screen instructions and accept defaults if you aren't sure.
OSSEC will now be installed. Next you will install the OSSEC WUI which requires apache and php.

Install Apache
apt-get install apache2 libapache2-mod-php5
/etc/init.d/apache2 restart

Download
cd /var/www
wget http://www.ossec.net/files/ui/ossec-wui-0.3.tar.gz
wget http://www.ossec.net/files/ui/ossec-wui-0.3-checksum.txt
md5sum -c ossec-wui-0.3-checksum.txt
sha1sum -c ossec-wui-0.3-checksum.txt

Install
tar -zxvf ossec-wui-0.3.tar.gz
mv ossec-wui-0.3 ossec
cd ossec
./setup.sh

Add www-data to ossec group
usermod -a -G ossec www-data
cat /etc/group |grep ossec
It should look like this 'ossec:x:1001:www-data'

Fix /tmp permissions
chmod 770 tmp/
chgrp www-data tmp/
apache2ctl restart

Now go to http://127.0.0.1/ossec/
If everything worked you should be presented with a web page.

 
About these ads

One thought on “OSSEC Install on Ubuntu with WUI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s