OSSEC for CentOS 7

OSSEC’s official documentation sucks. I managed to compile full installation steps (via RPM) for OSSEC in CentOS. Read more.

What is OSSEC? OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. (source : http://ossec.github.io/about.html)

OSSEC Server
1. sudo -i
2. yum install mysql-devel postgresql-devel
3. wget -q -O – https://updates.atomicorp.com/installers/atomic |sh
4. yum install -y ossec-hids ossec-hids-server
5. /var/ossec/bin/ossec-control start
6. firewall-cmd –permanent –add-port=1514/udp
7. firewall-cmd –reload
8. /var/ossec/bin/manage_agent # ASSIGN unique key for OSSEC AGENT
9. /var/ossec/bin/ossec-control restart

OSSEC Agent
1. sudo -i
2. wget -q -O – https://updates.atomicorp.com/installers/atomic |sh
3. yum install -y ossec-hids ossec-hids-client
4. /var/ossec/bin/ossec-control start
5. firewall-cmd –permanent –add-port=1514/udp
6. firewall-cmd –reload
7. /var/ossec/bin/manage_client # ADD unique key from OSSEC SERVER for the agent
8. vi /var/ossec/etc/ossec-agent.conf # EDIT OSSEC SERVER IP <server-ip>XXX.XXX.XXX.XXX</server-ip>
9. /var/ossec/bin/ossec-control restart