Install OSSEC HIDS Security on Ubuntu 14.04 (HP Cloud)

Abhishek Ghosh

By Abhishek Ghosh June 12, 2015 3:07 am Updated on June 12, 2015

Install OSSEC HIDS Security on Ubuntu 14.04 (HP Cloud)

OSSEC is a Host-based Intrusion Detection System Free Software. Here is How to Install OSSEC HIDS Security on Ubuntu 14.04 on HP Cloud Server. Previously we have talked about the theoretical aspect of Host-based Intrusion Detection System.

Planning to Install OSSEC HIDS Security on Ubuntu 14.04 on HP Cloud

HP Cloud has router. We need one Ubuntu 14.04 server, Apache2, PHP, MySQL and development packages. We will install on a different server which is less important than the main website’s servers and monitor from this remote server. So, the router settings is important.

Install-OSSEC-HIDS-Security-on-Ubuntu-14.04-HP-Cloud

Steps to Install OSSEC HIDS Security on Ubuntu 14.04 on HP Cloud

Like installing WordPress we will perform the first part, copy paste the commands to a text editor first :

apt-get install build-essential make libssl-dev git
#
apt-get install mysql-server libmysqlclient-dev mysql-client apache2 php5 libapache2-mod-php5 php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
#
mysql_secure_installation

1

2

3

4

5

apt-get install build-essential make libssl-dev git

#

apt-get install mysql-server libmysqlclient-dev mysql-client apache2 php5 libapache2-mod-php5 php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

#

mysql_secure_installation

Restart the services :

/etc/init.d/apache2 restart
/etc/init.d/mysql restart

1 2	/etc/init.d/apache2 restart /etc/init.d/mysql restart

We have build OSSEC. You should check for the latest version from the official website or their official Github repo. This is 2.8.1 version. wget it and some extra steps for it :

wget -U ossec http://www.ossec.net/files/ossec-hids-2.8.1.tar.gz
wget -U ossec http://www.ossec.net/files/ossec-hids-2.8.1-checksum.txt
tar -xzvf ossec-hids-2.8*
cd ossec-hids-2.8*
cd src
make setdb

1

2

3

4

5

6

wget -U ossec http://www.ossec.net/files/ossec-hids-2.8.1.tar.gz

wget -U ossec http://www.ossec.net/files/ossec-hids-2.8.1-checksum.txt

tar -xzvf ossec-hids-2.8*

cd ossec-hids-2.8*

cd src

make setdb

You will get Error: PostgreSQL client libraries not installed. but it will not matter. Now you need to run the installer :

cd ../ && ./install.sh

1	cd ../ && ./install.sh

It is not difficult to follow on screen instruction set. All answer will be yes, two important questions are :

What kind of installation do you want (server, agent, local, hybrid or help)? server
Choose where to install the OSSEC HIDS [/var/ossec]:  /var/ossec

1 2	What kind of installation do you want (server, agent, local, hybrid or help)? server Choose where to install the OSSEC HIDS [/var/ossec]: /var/ossec

You can use Mandrill to sent email notification. We will restart the service :

/var/ossec/bin/ossec-control restart

1	/var/ossec/bin/ossec-control restart

We have to configure MySQL, login :

mysql -u root -p
...
create database ossec;
grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on ossec.* to ossec_user;
set password for ossec_user = PASSWORD('your_password');
flush privileges;
quit;

1

2

3

4

5

6

7

mysql -u root -p

...

create database ossec;

grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on ossec.* to ossec_user;

set password for ossec_user = PASSWORD('your_password');

flush privileges;

quit;

We need to import a stuff :

mysql -u root -p ossec < src/os_dbd/mysql.schema

1	mysql -u root -p ossec < src/os_dbd/mysql.schema

Open /var/ossec/etc/ossec.conf in nano or vi and make it like this to match with the above settings :

<ossec_config>
    <database_output>
        <hostname>127.0.0.1</hostname>
        <username>ossec_user</username>
        <password>your_password</password>
        <database>ossec</database>
        <type>mysql</type>
    </database_output>
</ossec_config>

1

2

3

4

5

6

7

8

9

<ossec_config>

<database_output>

<username>ossec_user</username>

<password>your_password</password>

<database>ossec</database>

<type>mysql</type>

</database_output>

</ossec_config>

Now restart the services :

/var/ossec/bin/ossec-control enable database && /var/ossec/bin/ossec-control restart

1	/var/ossec/bin/ossec-control enable database && /var/ossec/bin/ossec-control restart

We will install Analogi dashboard, it is better than the App native web GUI, easy install like WordPress :

cd /var/www/html/ && git clone https://github.com/ECSC/analogi.git
cp analogi/db_ossec.php.new analogi/db_ossec.php
nano analogi/db_ossec.php

1

2

3

cd /var/www/html/ && git clone https://github.com/ECSC/analogi.git

cp analogi/db_ossec.php.new analogi/db_ossec.php

nano analogi/db_ossec.php

You have to add the OSSEC database details here. Web GUI will be at http://I.P.Address/analogi.

Client installation is only installing the OSSEC as client. In both client and server if we run /var/ossec/bin/manage_agents we will get the options to configure. Check this /var/ossec/etc/ossec.conf file on client and change the OSSEC server’s IP and restart the services.

When we are running the /var/ossec/bin/manage_agents on OSSEC server, we will get a key, we will run the same command on client and add the key. On the Server, open this file – /var/ossec/etc/ossec.conf :

    <email_maxperhour>12</email_maxperhour>
</global>

1 2	<email_maxperhour>12</email_maxperhour> </global>

12 emails per hour is too high. Set it lower. You should check the official website for more detailed instructions, this is basic setup.

Tagged With how do you install ossec on security onion 14 04 , ossec git mysql make setdb

About Abhishek Ghosh

Here’s what we’ve got for you which might like :

Take The Conversation Further ...

Get new posts by email: