Manager/Agent InstallationΒΆ

Installation of OSSEC HIDS is very simple, the install.sh shell script automating most of it. There are a few questions to be answered before the installation will occur, one of the most important being which type of installation is desired. It is important to choose the correct installation type: server, agent, local, or hybrid. More information on thse can be found on the OSSEC Architecture page.

Note

In the following installation the commands follow the #. Everything else is either comments out output.

  1. Download the latest version and verify its checksum.

Note

On some systems, the command md5, sha1, or wget may not exist. Try md5sum, sha1sum or lynx respectively instead.

Warning

wget may not be able to pull files from the OSSEC site. Use the -U flag to add a UserAgent, or obtain the checksum file by some other manner.

# wget -U ossec http://www.ossec.net/files/ossec-hids-2.8.1.tar.gz
# wget -U ossec http://www.ossec.net/files/ossec-hids-2.8.1-checksum.txt
# cat ossec-hids-2.8.1-checksum.txt
MD5(ossec-hids-2.8.1.tar.gz)= c2ffd25180f760e366ab16eeb82ae382
SHA1(ossec-hids-2.8.1.tar.gz)= 0ecf1df09558dc8bb4b6f65e1fb2ca7a7df9817c
# md5sum ossec-hids-2.8.1.tar.gz
MD5(ossec-hids-2.8.1.tar.gz)= c2ffd25180f760e366ab16eeb82ae382
# sha1sum ossec-hids-2.8.1.tar.gz
SHA1(ossec-hids-2.8.1.tar.gz)= 0ecf1df09558dc8bb4b6f65e1fb2ca7a7df9817c
  1. Extract the compressed package and run the install.sh script. It will guide you through the installation.

    # tar -zxvf ossec-hids-*.tar.gz (or gunzip -d; tar -xvf)
    # cd ossec-hids-*
    # ./install.sh
    
  2. The OSSEC manager listens on UDP port 1514. Any firewall sbetween the agents and the manager will need to allow this traffic.

  3. The server, agent, and hybrid installations will require additional configuration. More information can be found on the Managing the agents page.

  4. Start OSSEC HIDS by running the following command:

    # /var/ossec/bin/ossec-control start