OSSEC is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD, Mac OS X, Solaris and Windows. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed.

Installing requirements

OSSEC requires gcc, libc and a working apache with php5 installation. Thanks to apt-get, you can install these in seconds. Just open a terminal and type:

sudo apt-get install build-essential apache2 libapache2-mod-php5 apache2-utils

Installing OSSEC

First of all, download the needed packages from the OSSEC webpage and save them to a directory (let’s say Downloads/”:

Server/Agent 2.8 – Linux/BSD ossec-hids-2.8.tar.gz
Web UI 0.8 ossec-wui-0.8.tar.gz

Install OSSEC Server/Agent

Open a terminal and:

cd Downloads
tar xfz ossec-hids-2.8.tar.gz
cd ossec-hids-2.8/
sudo ./install.sh

(en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]: en
1- What kind of installation do you want (server, agent, local, hybrid or help)? local
- Choose where to install the OSSEC HIDS [/var/ossec]: Press Enter
3.1- Do you want e-mail notification? (y/n) [y]: n
3.2- Do you want to run the integrity check daemon? (y/n) [y]: Press Enter
3.3- Do you want to run the rootkit detection engine? (y/n) [y]: Press Enter
- Do you want to enable active response? (y/n) [y]: Press Enter
- Do you want to enable the firewall-drop response? (y/n) [y]: Press Enter
- Do you want to add more IPs to the white list? (y/n)? [n]: Press Enter


sudo /var/ossec/bin/ossec-control start

Install OSSEC Web UI

cd $home/Downloads
tar xfz ossec-wui-0.8.tar.gz
sudo mv ossec-wui-0.8 /var/www/html/osssec-wui/
cd /var/www/html/osssec-wui/
sudo ./setup.sh

Username: enter-a-username
New password: enter-a-password
Re-type new password: retype-password
Adding password for user test
Enter your web server user name (e.g. apache, www, nobody, www-data, ...)
Enter your OSSEC install directory path (e.g. /var/ossec)
You must restart your web server after this setup is done.

Restart apache:
sudo apache2ctl restart

Now open-up a browser and point it to: http://localhost/osssec-wui/

If you get a ossec directory read error, run this in a terminal (Ubuntu):

sudo chown -R www-data:www-data /var/www/html/osssec-wui/

For other distributions, check /etc/apache2/apache.conf or /etc/httpd/httpd.conf and look for User and Group directives.

That’s it! Enjoy!


How To Install OSSEC on Ubuntu 14.04
Tagged on:         
  • Oscar Andrea Merandi

    hello , good article , but I have a problem to access the web page here is the screenshot

    • Sounds like a permission issue. If you are running Ubuntu, have you entered this command?

      sudo chown -R www-data:www-data /var/www/html/osssec-wui/

      or do you run another distro?

  • Dawit Girmai

    @oscarandreamerandi:disqus the same thing happen on my ubuntu server, any idea on it?

  • Pingback: Evaluation of Host Intrusion Detection Systems (HIDS) | Binarymist()