Installing OSSEC HIDS in CentOS
From the OSSEC HIDS website: [http://www.ossec.net/]
“OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
It runs on [most operating systems], including Linux, MacOS, Solaris, HP-UX, AIX and Windows.”
wget http://www.ossec.net/files/ossec-hids-2.7.1.tar.gz tar -xzvf ossec-hids-2.7.1.tar.gz cd ossec-hids-2.7.1 ./install.sh
By now, you have to read and answer all questions in installation. It’s easy. In the end of installation, you will receive all informations about how to configure, how to start OSSEC HIDS and how to stop.
/var/ossec/bin/ossec-control start /var/ossec/bin/ossec-control stop /var/ossec/etc/ossec.conf
This is my first e-mail notification that I’ve received:
OSSEC HIDS Notification. 2014 Feb 20 17:03:18 Received From: srvcob->ossec-monitord Rule: 502 fired (level 3) -> "Ossec server started." Portion of the log(s): ossec: Ossec started. --END OF NOTIFICATION