What is OSSEC?
OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.
The installation instructions are a bit spread out on the OSSEC website and it took me awhile to figure everything out. So here you go, the work is done for you. The following instructions are how to install the OSSEC, along with the OSSEC WUI (Web User Interface). OSSEC HIDS must be installed before OSSEC WUI.
Install build essentials
sudo apt-get install build-essential (try “build-essentials” if that doesn’t work)
Download wget http://www.ossec.net/files/ossec-hids-latest.tar.gz wget http://www.ossec.net/files/ossec-hids-latest_sum.txt md5sum ossec-hids-latest.tar.gz sha1sum ossec-hids-latest.tar.gz Extract and Install tar -zxvf ossec-hids-*.tar.gz cd ossec-hids-* ./install.sh Start service /var/ossec/bin/ossec-control start Setup will prompt for setup preferences, just follow the on screen instructions and accept defaults if you aren't sure. OSSEC will now be installed. Next you will install the OSSEC WUI which requires apache and php. Install Apache apt-get install apache2 libapache2-mod-php5 /etc/init.d/apache2 restart Download cd /var/www wget http://www.ossec.net/files/ui/ossec-wui-0.3.tar.gz wget http://www.ossec.net/files/ui/ossec-wui-0.3-checksum.txt md5sum -c ossec-wui-0.3-checksum.txt sha1sum -c ossec-wui-0.3-checksum.txt Install tar -zxvf ossec-wui-0.3.tar.gz mv ossec-wui-0.3 ossec cd ossec ./setup.sh Add www-data to ossec group usermod -a -G ossec www-data cat /etc/group |grep ossec It should look like this 'ossec:x:1001:www-data' Fix /tmp permissions chmod 770 tmp/ chgrp www-data tmp/ apache2ctl restart Now go to http://127.0.0.1/ossec/ If everything worked you should be presented with a web page.