OSSEC is a Host-based Intrusion Detection System Free Software. Here is How to Install OSSEC HIDS Security on Ubuntu 14.04 on HP Cloud Server. Previously we have talked about the theoretical aspect of Host-based Intrusion Detection System.
Planning to Install OSSEC HIDS Security on Ubuntu 14.04 on HP Cloud
HP Cloud has router. We need one Ubuntu 14.04 server, Apache2, PHP, MySQL and development packages. We will install on a different server which is less important than the main website’s servers and monitor from this remote server. So, the router settings is important.
Steps to Install OSSEC HIDS Security on Ubuntu 14.04 on HP Cloud
Like installing WordPress we will perform the first part, copy paste the commands to a text editor first :
---
|
1 2 3 4 5 |
apt-get install build-essential make libssl-dev git # apt-get install mysql-server libmysqlclient-dev mysql-client apache2 php5 libapache2-mod-php5 php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl # mysql_secure_installation |
Restart the services :
|
1 2 |
/etc/init.d/apache2 restart /etc/init.d/mysql restart |
We have build OSSEC. You should check for the latest version from the official website or their official Github repo. This is 2.8.1 version. wget it and some extra steps for it :
|
1 2 3 4 5 6 |
wget -U ossec http://www.ossec.net/files/ossec-hids-2.8.1.tar.gz wget -U ossec http://www.ossec.net/files/ossec-hids-2.8.1-checksum.txt tar -xzvf ossec-hids-2.8* cd ossec-hids-2.8* cd src make setdb |
You will get Error: PostgreSQL client libraries not installed. but it will not matter. Now you need to run the installer :
|
1 |
cd ../ && ./install.sh |
It is not difficult to follow on screen instruction set. All answer will be yes, two important questions are :
|
1 2 |
What kind of installation do you want (server, agent, local, hybrid or help)? server Choose where to install the OSSEC HIDS [/var/ossec]: /var/ossec |
You can use Mandrill to sent email notification. We will restart the service :
|
1 |
/var/ossec/bin/ossec-control restart |
We have to configure MySQL, login :
|
1 2 3 4 5 6 7 |
mysql -u root -p ... create database ossec; grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on ossec.* to ossec_user; set password for ossec_user = PASSWORD('your_password'); flush privileges; quit; |
We need to import a stuff :
|
1 |
mysql -u root -p ossec < src/os_dbd/mysql.schema |
Open /var/ossec/etc/ossec.conf in nano or vi and make it like this to match with the above settings :
|
1 2 3 4 5 6 7 8 9 |
<ossec_config> <database_output> <hostname>127.0.0.1</hostname> <username>ossec_user</username> <password>your_password</password> <database>ossec</database> <type>mysql</type> </database_output> </ossec_config> |
Now restart the services :
|
1 |
/var/ossec/bin/ossec-control enable database && /var/ossec/bin/ossec-control restart |
We will install Analogi dashboard, it is better than the App native web GUI, easy install like WordPress :
|
1 2 3 |
cd /var/www/html/ && git clone https://github.com/ECSC/analogi.git cp analogi/db_ossec.php.new analogi/db_ossec.php nano analogi/db_ossec.php |
You have to add the OSSEC database details here. Web GUI will be at http://I.P.Address/analogi.
Client installation is only installing the OSSEC as client. In both client and server if we run /var/ossec/bin/manage_agents we will get the options to configure. Check this /var/ossec/etc/ossec.conf file on client and change the OSSEC server’s IP and restart the services.
When we are running the /var/ossec/bin/manage_agents on OSSEC server, we will get a key, we will run the same command on client and add the key. On the Server, open this file – /var/ossec/etc/ossec.conf :
|
1 2 |
<email_maxperhour>12</email_maxperhour> </global> |
12 emails per hour is too high. Set it lower. You should check the official website for more detailed instructions, this is basic setup.
Tagged With how do you install ossec on security onion 14 04 , ossec git mysql make setdb