16 C
Texas
angeloma
Senior Writer and partner

How to install OSSEC HIDS on Ubuntu 18.04?

System administrators have a duty to constantly monitor the network. They do it to look for abnormal events in it, for example, a change in the registry of windows systems. With this in mind, this post will teach you how to install OSSEC on Ubuntu 18.04.

There are many applications for detecting “intruders” on a network. However, today I’ll tell you about OSSEC which is open source and free, quite adaptable to many circumstances.

OSSEC is a Host Intrusion Detection System (HIDS). It is responsible for analyzing the event logs of the operating system, checking the integrity of the operating system, audits of Windows computer logs, detection of rootkits, real-time alerts and active response to attacks.

Today, I will install it on Ubuntu 18.04.

1. Upgrade the system

- Advertisement -

First, you need to update the system. This ensures that you have the latest security updates and improve system stability. Recommended before you start doing anything on the server.

:~$ sudo apt update && sudo apt upgrade

1.- Upgrade the system
1.- Upgrade the system

In the end, you will have the system updated.

2.- Install some required packages

Now it is necessary to install some necessary packages to continue with the OSSEC installation. For example, wget to download it and build-essential for compile the program.

:~$ sudo apt install -y wget unzip make gcc build-essential

2.- Installing some required packages
2.- Installing some required packages

Then, you can continue.

3. Install Apache web server

OSSEC requires a web server to run its web agent. There are many alternatives, but I will use Apache.

:~$ sudo apt install apache2

3.- Installing Apache web server
3.- Installing Apache web server

Next, enable and start the service.

:~$ sudo systemctl enable apache2
:~$ sudo systemctl start apache2

4.- Enabling the service
4.- Enabling the service

4. Install PHP and other packages

The next step is to install PHP. PHP is a programming language for the web. I will use this section to install other packages useful and necessary for OSSEC.

:~$ sudo apt install -y php php-cli php-common libapache2-mod-php apache2-utils sendmail inotify-tools

5.- Install PHP
5.- Install PHP

5. Download and install OSSEC

Now it’s time to install OSSEC in Ubuntu, but first, you must download it.

:~$ wget https://github.com/ossec/ossec-hids/archive/3.1.0.tar.gz

6.- Download OSSEC
6.- Download OSSEC

Then, decompress it.

:~$ tar -xvzf 3.1.0.tar.gz

7.- Decompressing the file
7.- Decompressing the file

Then, enter the unzipped folder and start the installation script. Look at the images to answer the questions properly. First, choose the installation language.

:~$ cd ossec-hids-3.1.0/
:~$ sudo sh install.sh

8.- Starting the installation
8.- Starting the installation

The following questions are about the OSSEC services.

9.- Continue the installation
9.- Continue the installation

10.- Install OSSEC
10.- Install OSSEC

Next, the build process will start.

11.- Install OSSEC with this script
11.- Install OSSEC with this script

Finally, the installation will end. You will see this.

12.- Installation finished
12.- Installation finished

So, start the OSSEC service.

:~$ sudo /var/ossec/bin/ossec-control start

13.- Starting the service
13.- Starting the service

So, if you want to stop the service, run:

:~$ sudo /var/ossec/bin/ossec-control start

6. Install OSSEC web UI

In order to manage better and an easy way, OSSEC is recommended to install its web interface.

:~$ cd /srv/
:~$ sudo git clone https://github.com/ossec/ossec-wui.git

14.- Downloading OSSEC Web UI
14.- Downloading OSSEC Web UI

Then, move it to /var/www/html folder.

:~$ sudo mv /srv/ossec-wui /var/www/html

Next, run the installation script.

:~$ cd /var/www/html/ossec-wui
:~$ sudo ./setup

15.- Installing OSSEC web UI
15.- Installing OSSEC web UI

Now you have to assign permissions to the folder. In addition, it is also necessary to change the owner of the folder.

:~$ cd 
:~$ sudo chown -R www-data:www-data /var/www/html/ossec-wui/
:~$ sudo chmod -R 755 /var/www/html/ossec-wui/

16.- Setting the right permission to the folder
16.- Setting the right permission to the folder

Finally, enable the rewrite module on Apache2 and restart it.

:~$ sudo a2enmod rewrite
:~$ sudo systemctl restart apache2

17.- Enabling the rewrite module
17.- Enabling the rewrite module

Now, open your web browser and go to HTTP://IP_SERVER/ossec-wui/

18.- OSSEC-Web UI
18.- OSSEC-Web UI

As you can see, everything is OK.

Conclusion

As you can see, the installation is really simple and should not take more than 1 hour. With this great application, you can keep track of events on your network in order to search for “intruders” and possible unfortunate situations.

You can also read How to install GLPI on Ubuntu 18.04?

Please share this post with your friends.

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"

2 COMMENTS

  1. Thank you so much for the tutorial. I tried to install by following the commands on the OSSEC website but it didn't work. With this tutorial I got it.

LEAVE A REPLY

Please enter your comment!
Please enter your name here



Latest article