This is an old revision of the document!
OSSEC Tips & Tricks
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Installation
GNU/Debian (Ubuntu)
See: OSSEC Download
# wget -O - http://ossec.alienvault.com/repos/apt/conf/ossec-key.gpg.key | apt-key add - # echo "deb http://ossec.alienvault.com/repos/apt/debian wheezy main" >> /etc/apt/sources.list (change wheezy for your Debian distribution) # apt-get update # apt-get install ossec-hids (or ossec-hids-agent)
change “wheezy” to “jessie” to use with Ubuntu LTS 12.04 (14.04)
Ansible deploy
TODO
Windows (Agent)
TODO