How To Install OSSEC on Ubuntu 14.04

r00t January 29, 2016

Install OSSEC on Ubuntu 14.04

In this tutorial we will show you how to install and configuration OSSEC on Ubuntu 14.04. For those of you who didn’t know, OSSEC is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD, Mac OS X, Solaris and Windows. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed.

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation OSSEC on a Ubuntu 14.04 server.

Install OSSEC on Ubuntu 14.04

Step 1. First make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.

Step 2. Install LAMP (Linux, Apache, MariaDB, PHP)  server.

A Ubuntu 14.04 LAMP server is required. If you do not have LAMP installed, you can follow our guide here.

Step 3. Installing OSSEC.

First thing to do is to go to OSSEC’s download page and download the latest stable version of OSSEC, At the moment of writing this article it is version 2.8.3:

Unpack the OSSEC archive to the document root directory in your server:

Go back to the previous directory:

You can choose which options to enable/disable, but we recommend you to follow the output below. You can press enter if you want to go with the default choice (which is put in brackets) for every question asked:

Press enter.

Next, press enter to continue with the installation which shouldn’t take more than 3 minutes. After everything is completed you will get:

Start OSSEC:

Step 4. Configuring MariaDB for OSSEC.

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. you should read and below each steps carefully which will set root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB:

Configure it like this:

Next we will need to log in to the MariaDB console and create a database for the OSSEC. Run the following command:

This will prompt you for a password, so enter your MariaDB root password and hit Enter. Once you are logged in to your database server you need to create a database for OSSEC installation:

By default OSSEC provides a schema for the database and it’s located in the src/os_dbd/ directory. Import it into your newly created ossec database:

Now add the database config to OSSEC config file:

You can put the above lines anywhere in the <ossec_config> block:

Save and exit the file. Then, enable the database and restart OSSEC:

Step 5. Installing OSSEC Web UI.

Install the OSSEC Web UI in Apache’s default document root. Enter the directory:

Create a tmp directory inside and set the correct files ownership and permissions:

Step 6. Accessing OSSEC.

OSSEC will be available on HTTP port 80 by default. Open your favorite browser and navigate to http://yourdomain.com/ossec or http://server-ip/ossec. If you are using a firewall, please open port 80 to enable access to the control panel.

Congratulation’s! You have successfully installed OSSEC. Thanks for using this tutorial for installing OSSEC on Ubuntu 14.04 system. For additional help or useful information, we recommend you to check the official OSSEC web site.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get a best deal!
Share on Google+0Share on Facebook2Tweet about this on TwitterShare on Tumblr0Share on StumbleUpon1Share on Reddit1Pin on Pinterest2
The Tags:

Leave a Comment