OSSEC is an open source intrusion detection system that runs in the background on a server that can alert the system administrator to problems or break-in attempts.
- SSH into the server. If you're not familiar with how to SSH.
- Download the appropriate OSSEC version from http://www.ossec.net/main/downloads/. Typically downloading with the wget command is easiest.
- Unzip the installer files on the server.
- Change directories into the OSSEC install directory, in this case: ossec-hids-2.4.1/
- Run ./install.sh to install the program. Choose your language as the first step by entering in 'en' for English followed by a return.
- Press Enter at the prompt
- Enter in the type of install.
- Choose where you want to install OSSEC.
- Choose whether you want email notifications or not. If you do, key in 'y' and then your email address at the prompt. It will then verify your MX record. If that is correct, select 'y'. Otherwise select 'n' and enter in your MX exchanger.
- Select whether you want to run the integrity checksum. Yes is the default.
- Select whether you want to run the rootkit detection engine. Yes is again the default.
- Select whether you want to run active response. Yes is the default.
- Select if you want to enable the firewall-drop response. Yes is the default.
- Whitelist any IP addresses that should be whitelisted in the next section.
- Select whether you want to enable remote systlog. Yes is the default.
- Press Enter (return) to complete the install. Once installed, the agent will run and alert you to any problems on the server.
