CentOS 7.x Install OSSEC

From Notes_Wiki
Revision as of 16:21, 2 August 2017 by Saurabh (talk | contribs)

<yambe:breadcrumb>CentOS_7.x_OSSEC|CentOS 7.x OSSEC</yambe:breadcrumb>

CentOS 7.x Install OSSEC

Install OSSEC server

To install OSSEC on CentOS 7.0 use following steps:

  1. Disable Selinux permanently in '/etc/selinux/config'. This method needs reboot of server.
    SELINUX=disabled
  2. Disable Selinux for current run by using 'setenforce 0'
  3. Enable httpd in Firewall
    firewall-cmd --permanent --add-port=80/tcp
    firewall-cmd --reload
  4. Install epel repository
    yum install epel-release -y
  5. Install httpd
    yum install httpd -y
  6. Start the httpd service & make enable on startup
    systemctl start httpd
    systemctl enable httpd
  7. Install require packages for OSSEC
    yum install -y gcc php php-cgi php-devel inotify-tools httpd mysql-devel postgresql-devel
  8. Download OSSEC-HIDS server
    git clone https://github.com/ossec/ossec-hids.git
  9. Install OSSEC-HIDS server
    cd ossec-hids/
    ./install.sh
    Answer the following
    (en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]: en
    What kind of installation do you want (server, agent, local, hybrid or help)? Server
    Choose where to install the OSSEC HIDS [/var/ossec]: Press Enter
    Do you want e-mail notification? (y/n) [y]: n
    Do you want to run the integrity check daemon? (y/n) [y]: y
    Do you want to run the rootkit detection engine? (y/n) [y]: y
    Do you want to enable active response? (y/n) [y]: n
    Do you want to enable remote syslog (port 514 udp)? (y/n) [y]: y
    --- Press ENTER to continue ---
  10. Start OSSEC for first time
    /var/ossec/bin/ossec-control start
    After running OSSEC like this for first time, in future 'systemctl restart ossec' etc. can be used.


Installing OSSEC web user interface (OSSEC-wui)

  1. Download and extract ossec-wui tar file from OSSEC webpage
    wget https://github.com/ossec/ossec-wui/archive/0.9.tar.gz
    tar zxf 0.9.tar.gz
    Move ossec-wui directory to web root directory
    mv ossec-wui-0.9/ /var/www/html/ossec-wui
    Navigate to ossec-wui directory and run the setup script.
    cd /var/www/html/ossec-wui/
    ./setup.sh
    Answer the following
    Username: centos
    New password: centos
    Re-type new password: centos
    Enter your web server user name (e.g. apache, www, nobody, www-data, ...) apache
    Here you can choose any username and password. The values do not seem to have any effect. User 'centos' does not needs to be any valid OS user.
  2. Change the permissions
    usermod -aG ossec apache
    cd /var/www/html/ossec-wui/
    chmod 770 tmp/
    chgrp apache tmp/
  3. Restart httpd & ossec
    systemctl restart httpd
    systemctl restart ossec
  4. To access your ossec-wui, navigate to your browser and enter;
    http://<your-server's-IP-address>/ossec-wui/

Correct OSSEC web-UI timezone

  1. OSSEC taking time zone info from '/etc/php.ini'. Change the time zone depends on your locality.
    date.timezone = Asia/Kolkata
  2. Restart httpd
    systemctl restart httpd



<yambe:breadcrumb>CentOS_7.x_OSSEC|CentOS 7.x OSSEC</yambe:breadcrumb>