How to install OSSEC HIDS on Ubuntu 18.04?

0
293
OSSEC
OSSEC

System administrators have a duty to constantly monitor the network. They do it to look for abnormal events in it, for example, a change in the registry of windows systems. With this in mind, this post will teach you how to install OSSEC on Ubuntu 18.04.

There are many applications for detecting “intruders” on a network. However, today I’ll tell you about OSSEC which is open source and free, quite adaptable to many circumstances.

OSSEC is a Host Intrusion Detection System (HIDS). It is responsible for analyzing the event logs of the operating system, checking the integrity of the operating system, audits of Windows computer logs, detection of rootkits, real-time alerts and active response to attacks.

Today, I will install it on Ubuntu 18.04.

1. Upgrade the system

First, you need to update the system. This ensures that you have the latest security updates and improve system stability. Recommended before you start doing anything on the server.

1.- Upgrade the system
1.- Upgrade the system

In the end, you will have the system updated.

2.- Install some required packages

Now it is necessary to install some necessary packages to continue with the OSSEC installation. For example, wget to download it and build-essential for compile the program.

2.- Installing some required packages
2.- Installing some required packages

Then, you can continue.

3. Install Apache web server

OSSEC requires a web server to run its web agent. There are many alternatives, but I will use Apache.

3.- Installing Apache web server
3.- Installing Apache web server

Next, enable and start the service.

4.- Enabling the service
4.- Enabling the service

4. Install PHP and other packages

The next step is to install PHP. PHP is a programming language for the web. I will use this section to install other packages useful and necessary for OSSEC.

5.- Install PHP
5.- Install PHP

5. Download and install OSSEC

Now it’s time to install OSSEC in Ubuntu, but first, you must download it.

6.- Download OSSEC
6.- Download OSSEC

Then, decompress it.

7.- Decompressing the file
7.- Decompressing the file

Then, enter the unzipped folder and start the installation script. Look at the images to answer the questions properly. First, choose the installation language.

8.- Starting the installation
8.- Starting the installation

The following questions are about the OSSEC services.

9.- Continue the installation
9.- Continue the installation
10.- Install OSSEC
10.- Install OSSEC

Next, the build process will start.

11.- Install OSSEC with this script
11.- Install OSSEC with this script

Finally, the installation will end. You will see this.

12.- Installation finished
12.- Installation finished

So, start the OSSEC service.

13.- Starting the service
13.- Starting the service

So, if you want to stop the service, run:

6. Install OSSEC web UI

In order to manage better and an easy way, OSSEC is recommended to install its web interface.

14.- Downloading OSSEC Web UI
14.- Downloading OSSEC Web UI

Then, move it to /var/www/html folder.

Next, run the installation script.

15.- Installing OSSEC web UI
15.- Installing OSSEC web UI

Now you have to assign permissions to the folder. In addition, it is also necessary to change the owner of the folder.

16.- Setting the right permission to the folder
16.- Setting the right permission to the folder

Finally, enable the rewrite module on Apache2 and restart it.

17.- Enabling the rewrite module
17.- Enabling the rewrite module

Now, open your web browser and go to HTTP://IP_SERVER/ossec-wui/

18.- OSSEC-Web UI
18.- OSSEC-Web UI

As you can see, everything is OK.

Conclusion

As you can see, the installation is really simple and should not take more than 1 hour. With this great application, you can keep track of events on your network in order to search for “intruders” and possible unfortunate situations.

You can also read How to install GLPI on Ubuntu 18.04?

Please share this post with your friends.

Spread the love
  • 5
    Shares

PS. If you like this post please share it with your friends on the social networks using the buttons above.Thanks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here