CentOS 7.x Install OSSEC
From Notes_Wiki
<yambe:breadcrumb>CentOS_7.x_OSSEC|CentOS 7.x OSSEC</yambe:breadcrumb>
CentOS 7.x Install OSSEC
Install OSSEC server
To install OSSEC on CentOS 7.0 use following steps:
- Disable Selinux permanently in '/etc/selinux/config'. This method needs reboot of server.
- SELINUX=disabled
- Disable Selinux for current run by using 'setenforce 0'
- Enable httpd in Firewall
- firewall-cmd --permanent --add-port=80/tcp
- firewall-cmd --reload
- Install epel repository
- yum install epel-release -y
- Install httpd
- yum install httpd -y
- Start the httpd service & make enable on startup
- systemctl start httpd
- systemctl enable httpd
- Install require packages for OSSEC
- yum install -y gcc php php-cgi php-devel inotify-tools httpd mysql-devel postgresql-devel
- Download OSSEC-HIDS server
- git clone https://github.com/ossec/ossec-hids.git
- Install OSSEC-HIDS server
- cd ossec-hids/
- ./install.sh
- Answer the following
- (en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]: en
- What kind of installation do you want (server, agent, local, hybrid or help)? Server
- Choose where to install the OSSEC HIDS [/var/ossec]: Press Enter
- Do you want e-mail notification? (y/n) [y]: n
- Do you want to run the integrity check daemon? (y/n) [y]: y
- Do you want to run the rootkit detection engine? (y/n) [y]: y
- Do you want to enable active response? (y/n) [y]: n
- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]: y
- --- Press ENTER to continue ---
- Start OSSEC for first time
- /var/ossec/bin/ossec-control start
- After running OSSEC like this for first time, in future 'systemctl restart ossec' etc. can be used.
Installing OSSEC web user interface (OSSEC-wui)
- Download and extract ossec-wui tar file from OSSEC webpage
- wget https://github.com/ossec/ossec-wui/archive/0.9.tar.gz
- tar zxf 0.9.tar.gz
- Move ossec-wui directory to web root directory
- mv ossec-wui-0.9/ /var/www/html/ossec-wui
- Navigate to ossec-wui directory and run the setup script.
- cd /var/www/html/ossec-wui/
- ./setup.sh
- Answer the following
- Username: centos
- New password: centos
- Re-type new password: centos
- Enter your web server user name (e.g. apache, www, nobody, www-data, ...) apache
- Here you can choose any username and password. The values do not seem to have any effect. User 'centos' does not needs to be any valid OS user.
- Change the permissions
- usermod -aG ossec apache
- cd /var/www/html/ossec-wui/
- chmod 770 tmp/
- chgrp apache tmp/
- Restart httpd & ossec
- systemctl restart httpd
- systemctl restart ossec
- To access your ossec-wui, navigate to your browser and enter;
- http://<your-server's-IP-address>/ossec-wui/
Correct OSSEC web-UI timezone
- OSSEC taking time zone info from '/etc/php.ini'. Change the time zone depends on your locality.
- date.timezone = Asia/Kolkata
- Restart httpd
- systemctl restart httpd