OSSEC local install from package

Published: May 25, 2019


If you read OSSEC’s installation documentation, you’ll learn that there are 4 installation types: server, agent, local and hybrid. While there’s no official documentation explaining this, per this Google Groups thread a local install is equivalent to a standalone install on a single system.

OSSEC’s documentation states that the installation type can be selected when using the install.sh wizard. However, I prefer package installation whenever possible. Unfortunately I couldn’t find any documentation on this.

Eventually I was able to figure out what is documented in this GitHub issue. Essentially, you just do a server install and that is the same as a local install.

Download the yum packages

$ wget -q -O - https://updates.atomicorp.com/installers/atomic |sh
$ yum install ossec-hids ossec-hids-server

Next start the server

$ /var/ossec/bin/ossec-control start

OSSEC server is now running on the box and sending alerts to /var/ossec/logs/alerts/.

Max Chadwick Hi, I'm Max!

I'm a software developer who mainly works in PHP, but also dabbles in Ruby and Go. Technical topics that interest me are monitoring, security and performance.

During the day I solve challenging technical problems at Something Digital where I mainly work with the Magento platform. I also blog about tech, work on open source and hunt for bugs.

If you'd like to get in touch with me the best way is on Twitter.