OSSEC installation guide
SSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Mac OS X, Solaris and Windows.
The official document link: http://www.ossec.net/doc/index.html
How to install OSSEC
Download the latest version
Extract the compressed package and run the “./install.sh” script (It will guide you through the installation).
# tar -zxvf ossec-hids-*.tar.gz (or gunzip -d; tar -xvf)
# cd ossec-hids-*
Follow the installation prompts and complete all steps.
Install Server on server host.
Install Agent on client host.
The configuration part
Add client agent into Server host.
On server machine type command.
Select "A" to enter into add agent menu, and input the agent name and IP.
Back to main menu and select "E" option for extract key for client agent.
Copy the Key to somewhere save for agent machine.
On agent machine side.
Select "I" option for import the key which just extracted from server machine.
You are all set now!
Some simple command examples.
Check the status of your agents
#/var/ossec/bin/agent_control -i agentID
Check the latest log status
# tail -F /var/ossec/logs/ossec.log
Start/Stop OSSEC process
Manage agent main menu
There is a bug in official build 2.7 that the agents disconnect after a few minutes. for resolve it, you may need to upgrade to version 2.7.1 beta.