OSSEC local install from package

Published: May 25, 2019

If you read OSSEC’s installation documentation, you’ll learn that there are 4 installation types: server, agent, local and hybrid. While there’s no official documentation explaining this, per this Google Groups thread a local install is equivalent to a standalone install on a single system.

OSSEC’s documentation states that the installation type can be selected when using the install.sh wizard. However, I prefer package installation whenever possible. Unfortunately I couldn’t find any documentation on this.

Eventually I was able to figure out what is documented in this GitHub issue. Essentially, you just do a server install and that is the same as a local install.

Download the yum packages

$ wget -q -O - https://updates.atomicorp.com/installers/atomic |sh
$ yum install ossec-hids ossec-hids-server

Next start the server

$ /var/ossec/bin/ossec-control start

OSSEC server is now running on the box and sending alerts to /var/ossec/logs/alerts/.

Max Chadwick Hi, I'm Max!

I'm a software developer who mainly works in PHP, but loves dabbling in other languages like Go and Ruby. Technical topics that interest me are monitoring, security and performance. I'm also a stickler for good documentation and clear technical writing.

During the day I lead a team of developers and solve challenging technical problems at Something Digital where I mainly work with the Magento platform. I've also spoken at a number of events.

In my spare time I blog about tech, work on open source and participate in bug bounty programs.

If you'd like to get in contact, you can find me on Twitter and LinkedIn.