Manual: Installation

Manual -> Installation

The best installation tutorial is available in the OSSEC book and the installation chapter is available for FREE in PDF at: OSSEC Book - Chapter 2.pdf


OSSEC HIDS Manager/agent Installation

The installation of the OSSEC HIDS is very simple. Just follow these few steps to have it working.Please make sure that you understand the type of installation you are choosing (manager, agent, local, etc) and are also aware of the order (always install the manager first). If you don’t know what I’m talking about, it’s a good idea to visit the install types page.
Remember that when following this installation the commands only start after the “#”. Everything before that is just the information about the prompt.

**If you have experience with Unix, just download the latest version, uncompress it and run the “./install.sh” script.

**If you want a step by step guide, you can use one of the many step by step install guides from here.

1. Download the latest version and verify its checksum.

**Note that on some systems, the command md5, sha1 or wget may not exist, so try md5sum, sha1sum or lynx respectively instead.

[root@ossec ~]# wget http://www.ossec.net/files/ossec-hids-latest.tar.gz
[root@ossec ~]# wget http://www.ossec.net/files/ossec-hids-latest_sum.txt
[root@ossec ~]# cat ossec-hids-latest_sum.txt
MD5 (ossec-hids-latest.tar.gz) = XXXXXXX
SHA1 (ossec-hids-latest.tar.gz) = YYYYYYYY
[root@ossec ~]# md5 ossec-hids-latest.tar.gz
MD5 (ossec-hids-latest.tar.gz) = XXXXXXX
[root@ossec ~]# sha1 ossec-hids-latest.tar.gz

SHA1 (ossec-hids-latest.tar.gz) = YYYYYYYY


2. Extract the compressed package and run the “./install.sh” script (It will guide you through the installation).

[root@ossec ~]# tar -zxvf ossec-hids-*.tar.gz (or gunzip -d; tar -xvf)
[root@ossec ~]# cd ossec-hids-* 

[root@ossec ~]# ./install.sh
..
..


3. Remember to open the port 1514 (UDP) if there is a firewall between the server and the agents (if you didn’t choose the local installation).

4. In case you are installing the server or the agent, remember to follow the Managing the agents section .


5. Start the OSSEC HIDS.

[root@ossec ~]# /var/ossec/bin/ossec-control start


OSSEC HIDS Windows agent Installation

The installation of the agent is explained in detail for FREE at the OSSEC Book - Chapter 2.pdf. The section with the Windows agent install is also available online at: http://searchsecuritychannel.techtarget.com/generic/0,295582,sid97_gci1323744,00.html.


OSSEC HIDS agentless Installation

Agentless installation has its own page at: http://www.ossec.net/main/manual/manual-agentless-monitoring/


OSSEC Updates

Updating OSSEC is as easy as it can get. Just download the latest package and follow the installation instructions as usual. It will detect that you already have it installed and ask:

 - You already have OSSEC installed. Do you want to update it? (y/n): y
 - Do you want to update the rules? (y/n): y

Just say “yes” to these questions and it will update everything properly. Your local rules and configuration options will not be modified. The same applies to the Unix or Windows agent updates.


External installation documents

The following installation guides were written about ossec:

Non-english docs:

Please note that some of these documents were based on old versions of OSSEC.

Always make sure to download the latest version available here.