Tutorial of setup OSSEC with OSSEC- WUI (Web User Interface).
As a scalable, multi-platform, open-source Host-based Intrusion Detection System (HIDS), OSSEC has an authoritative analysis and correlation engine, integrating log analysis, Windows registry monitoring, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most OS, including OpenBSD, Linux, macOS, FreeBSD, Solaris, and Windows. As an Open Source tool, it continues so in the upcoming days. You can reallocate it and/or alter it under the terms of the GNU General Public License (version 2) as published by the Free Software Foundation (FSF)
Features of OSSEC
- Log based Intrusion Detection (LIDs)
Aggressively analyzes and monitors data from manifold log data points in real-time
- Malware and Rootkit Detection
Process and file level analysis for detect malevolent rootkits and applications
- Active Response
Respond to changes and attacks on the system in real-time through manifold techniques including firewall policies, integration with 3rd parties such as CDN’s and support portals, as well as self-healing actions.
- Compliance Auditing
Focuses on auditing pertaining to application and system level for compliance with numerous common standards such as PCI-DSS, and CIS standards.
- File Integrity Monitoring (FIM)
For both files and windows registry settings in real-time not only detects changes to the system, it also maintains a forensic copy of the data as it changes over time.
- System Inventory
Gathers system information, such as installed hardware, software, utilization, network services, listeners, and other information.
Extract tar file:
● Tar -xf file_name.tar.gz
● Go to directory and execute install.sh
Press enter to continue
Configure as per as requirements
Add your machine ip address in white list
● Continue to install
● Go to
/var/ossec/bi n and start ossec.
Add agent and extract key of agent.
● Add server ip address in ossec.conf which is located in /var/ossec/etc
● Now restart ossec.
Extract file and move it to
● Execute setup.sh
Now change permission
Now install agent client in system (ex. windows)
Select OSSEC Server IP
●Agent config file is say we have to add server ip in ossec.conf on server. Which is already done
●Now add server ip and agent key in client
Now refresh ossec-wui.
This a tutorial of setup OSSEC with OSSEC- WUI.