System administrators have a duty to constantly monitor the network. They do it to look for abnormal events in it, for example, a change in the registry of windows systems. With this in mind, this post will teach you how to install OSSEC on Ubuntu 18.04.

There are many applications for detecting “intruders” on a network. However, today I’ll tell you about OSSEC which is open source and free, quite adaptable to many circumstances.

OSSEC is a Host Intrusion Detection System (HIDS). It is responsible for analyzing the event logs of the operating system, checking the integrity of the operating system, audits of Windows computer logs, detection of rootkits, real-time alerts and active response to attacks.

Today, I will install it on Ubuntu 18.04.

1. Upgrade the system

First, you need to update the system. This ensures that you have the latest security updates and improve system stability. Recommended before you start doing anything on the server.

:~$ sudo apt update && sudo apt upgrade

In the end, you will have the system updated.

2.- Install some required packages

Now it is necessary to install some necessary packages to continue with the OSSEC installation. For example, wget to download it and build-essential for compile the program.

:~$ sudo apt install -y wget unzip make gcc build-essential

Then, you can continue.

3. Install Apache web server

OSSEC requires a web server to run its web agent. There are many alternatives, but I will use Apache.

:~$ sudo apt install apache2

Next, enable and start the service.

:~$ sudo systemctl enable apache2
:~$ sudo systemctl start apache2

4. Install PHP and other packages

The next step is to install PHP. PHP is a programming language for the web. I will use this section to install other packages useful and necessary for OSSEC.

:~$ sudo apt install -y php php-cli php-common libapache2-mod-php apache2-utils sendmail inotify-tools

5. Download and install OSSEC

Now it’s time to install OSSEC in Ubuntu, but first, you must download it.

:~$ wget https://github.com/ossec/ossec-hids/archive/3.1.0.tar.gz

Then, decompress it.

:~$ tar -xvzf 3.1.0.tar.gz

Then, enter the unzipped folder and start the installation script. Look at the images to answer the questions properly. First, choose the installation language.

:~$ cd ossec-hids-3.1.0/
:~$ sudo sh install.sh

The following questions are about the OSSEC services.

Next, the build process will start.

Finally, the installation will end. You will see this.

So, start the OSSEC service.

:~$ sudo /var/ossec/bin/ossec-control start

So, if you want to stop the service, run:

:~$ sudo /var/ossec/bin/ossec-control start

6. Install OSSEC web UI

In order to manage better and an easy way, OSSEC is recommended to install its web interface.

:~$ cd /srv/
:~$ sudo git clone https://github.com/ossec/ossec-wui.git

Then, move it to /var/www/html folder.

:~$ sudo mv /srv/ossec-wui /var/www/html

Next, run the installation script.

:~$ cd /var/www/html/ossec-wui
:~$ sudo ./setup

Now you have to assign permissions to the folder. In addition, it is also necessary to change the owner of the folder.

:~$ cd 
:~$ sudo chown -R www-data:www-data /var/www/html/ossec-wui/
:~$ sudo chmod -R 755 /var/www/html/ossec-wui/

Finally, enable the rewrite module on Apache2 and restart it.

:~$ sudo a2enmod rewrite
:~$ sudo systemctl restart apache2

Now, open your web browser and go to HTTP://IP_SERVER/ossec-wui/

As you can see, everything is OK.

Conclusion

As you can see, the installation is really simple and should not take more than 1 hour. With this great application, you can keep track of events on your network in order to search for “intruders” and possible unfortunate situations.

You can also read How to install GLPI on Ubuntu 18.04?

Please share this post with your friends.