Ossec Install Tutorial 2023
3.8 هزار بار بازدید -
8 ماه پیش
-
Ossec is not a straightforward
Ossec is not a straightforward install due to outdated documentation. The WUI has outdated code that no longer works right. This video walks you through how to set all of this up on up-to-date Ubuntu systems. I've taken about 5 hours of troubleshooting and boiled it down to this 20-minute process to get up and running.
The WUI code can be found here: github.com/H3L0Studios/Ossec-WUI-Fixed
As mentioned in the video, I have edited the php files so that it mostly works with the latest php libraries. I edited the original code - verify it yourself before using in any production capacity. I provide no warranties on it, it is for educational purposes only.
Here are the commands used - be sure to fix the https on the wget commands (youtube wont allow the links).
Ossec Server:
Apt update
Apt upgrade
sudo apt install -y php php-cli php-common libapache2-mod-php apache2-utils sendmail inotify-tools apache2 build-essential gcc make wget tar zlib1g-dev libpcre2-dev libpcre3-dev unzip libz-dev libssl-dev libpcre2-dev libevent-dev build-essential
Apt install libsystemd-dev
sudo systemctl enable apache2
sudo systemctl start apache2
sudo a2enmod rewrite
sudo systemctl restart apache2
Cd /tmp
wget xttps://github.com/ossec/ossec-hids/archive/3.7.0.tar.gz
sudo tar -xvzf 3.7.0.tar.gz
Cd ossec-hids-3.7.0
./install.sh
Answer All The Questions
Copy custom WUI package to /tmp via winscp
sudo tar -xvzf ossec-wui.tar.gz
sudo mv /home/dave/ossec-wui /var/www/html
cd /var/www/html/ossec-wui
Should not have to run ./setup.sh
sudo chown -R www-data:www-data /var/www/html/ossec-wui/
sudo chmod -R 755 /var/www/html/ossec-wui/
usermod -a -G ossec www-data
cd /var/ossec/bin/
./ossec-control start
sudo systemctl restart apache2
Agent:
apt-get install build-essential make zlib1g-dev libpcre2-dev libevent-dev libssl-dev libsystemd-dev
wget xttps://github.com/ossec/ossec-hids/archive/3.7.0.tar.gz
tar -xvzf 3.7.0.tar.gz
cd ossec-hids-3.7.0
./install.sh
Sudo su
Cd /var/ossec/bin/
./manage_agents
./ossec-control restart
The WUI code can be found here: github.com/H3L0Studios/Ossec-WUI-Fixed
As mentioned in the video, I have edited the php files so that it mostly works with the latest php libraries. I edited the original code - verify it yourself before using in any production capacity. I provide no warranties on it, it is for educational purposes only.
Here are the commands used - be sure to fix the https on the wget commands (youtube wont allow the links).
Ossec Server:
Apt update
Apt upgrade
sudo apt install -y php php-cli php-common libapache2-mod-php apache2-utils sendmail inotify-tools apache2 build-essential gcc make wget tar zlib1g-dev libpcre2-dev libpcre3-dev unzip libz-dev libssl-dev libpcre2-dev libevent-dev build-essential
Apt install libsystemd-dev
sudo systemctl enable apache2
sudo systemctl start apache2
sudo a2enmod rewrite
sudo systemctl restart apache2
Cd /tmp
wget xttps://github.com/ossec/ossec-hids/archive/3.7.0.tar.gz
sudo tar -xvzf 3.7.0.tar.gz
Cd ossec-hids-3.7.0
./install.sh
Answer All The Questions
Copy custom WUI package to /tmp via winscp
sudo tar -xvzf ossec-wui.tar.gz
sudo mv /home/dave/ossec-wui /var/www/html
cd /var/www/html/ossec-wui
Should not have to run ./setup.sh
sudo chown -R www-data:www-data /var/www/html/ossec-wui/
sudo chmod -R 755 /var/www/html/ossec-wui/
usermod -a -G ossec www-data
cd /var/ossec/bin/
./ossec-control start
sudo systemctl restart apache2
Agent:
apt-get install build-essential make zlib1g-dev libpcre2-dev libevent-dev libssl-dev libsystemd-dev
wget xttps://github.com/ossec/ossec-hids/archive/3.7.0.tar.gz
tar -xvzf 3.7.0.tar.gz
cd ossec-hids-3.7.0
./install.sh
Sudo su
Cd /var/ossec/bin/
./manage_agents
./ossec-control restart
8 ماه پیش
در تاریخ 1402/09/22 منتشر شده
است.
3,804
بـار بازدید شده