By Rory Bray, Daniel Cid and Andrew Hay
Service provider takeaway: Open source security (OSSEC) is a commonly used host-based intrusion detection software that detects unauthorized activity on any particular computer. This section of the chapter excerpt from the book OSSEC Host-based Intrusion Detection Guide
Download the .pdf of the chapter here.
The OSSEC HIDS is most commonly downloaded, compiled, and installed from its source code form. Precompiled packages are not currently available from www.ossec.net, with the exception of the Windows agent. However, the compiling, configuring, and installation of the OSSEC HIDS software is all handled with a single and simple to use script.
On Linux- or BSD-based systems, the installation begins the same way regardless of which install type you select. For Windows, an executable installer is provided and performs the agent install type.
Getting the files
All the OSSEC HIDS files needed for installation to any operating system are available at the www.ossec.net/files/ Web site. There are three files of interest to us: the main source tar file, the Windows agent installer, and the checksum file.
The main source tar file contains the complete source code for the OSSEC HIDS, including the Windows agent code. Because Unix- and Linux-based operating systems provide complete development tools, the main source tar file contains everything needed to install the OSSEC HIDS. For Microsoft Windows, the installation is more complex and development tools are not readily available to build the OSSEC HIDS software. Because no development tools are available, an executable, GUI-based installer is provided that installs a precompiled OSSEC HIDS service. The third file is a checksum file used to validate the integrity of the downloaded files.
From the following URLs, download the main source tar file, the Windows agent installer, and the checksum files, using a browser or command-line utility such as wget:
■ www.ossec.net/fi les/ossec-hids-1.4.tar.gz
■ www.ossec.net/fi les/ossec-agent-win32-1.4.exe
■ www.ossec.net/fi les/ossec-hids-1.4_checksum.txt
The checksums are provided to ensure the integrity of the downloaded files and allow you to check for file corruption or unintentional modification. If these checks fail, you will have to try the download again. From the command line, change to the directory where you saved the downloaded files and verify the checksums.
# md5sum -c ossec-hids-1.4_checksum.txt
Preparing the system
Because the OSSEC HIDS installer must compile the application from source code the first time it runs, a working build environment is required on your system. For most operating systems of the Linux or BSD persuasion, a C compiler and supporting files is already be installed. If not, you must install gcc and development headers before proceeding.
Building and installing
Whether you are doing a local or server installation, the first stage is the same. Extract the .tar.gz file, change into the created directory, and then run the install script.
# gunzip -c ossec-hids-1.3.tar.gz | tar -xf -
# cd ossec-hids-1.3
The installation script is divided into several steps to guide you through the installation.
The steps are slightly different for each install type. However, the initial screen is the same for all installations and allows you to choose your preferred language. Here we choose the default en for English by pressing Enter.
OSSEC HIDS v1.4 Installation Script - http://www.ossec.net
You are about to start the installation process of the OSSEC HIDS.
You must have a C compiler pre-installed in your system.
If you have any questions or comments, please send an e-mail to email@example.com (or firstname.lastname@example.org).
- System: Linux earth 2.6.20-16-generic
- User: root
- Host: earth
-- Press ENTER to continue or Ctrl-C to abort. --
Next, we press Enter to move to the selection of install type. At this point, you must decide which install type you require. You might now decide to jump ahead in the chapter to a specific install, but be sure to review all installation types because each type provides useful information about OSSEC HIDS components and features.
OSSEC Host-Based Intrusion Detection Guide
Downloading OSSEC HIDS
Performing local installation
Performing server agent installations
Installing the Windows agent
Streamlining the installations
Summary and FAQs
About the book
OSSEC Host-Based Intrusion Detection Guide is specifically devoted to Open Source Security (OSSEC) and is a comprehensive and exhaustive guide to the often complicated procedures of installing and implementing such an intrustion detection software. Purchase the book from Syngress Publishing.
Printed with permission from Syngress, a division of Elsevier. Copyright 2008. "OSSEC Host-Based Intrusion Detection Guide" by Rory Bray, Daniel Cid and Andrew Hay. For more information about this title and other similar books, please visit www.elsevierdirect.com.
This was first published in August 2008