If you read OSSEC’s installation documentation, you’ll learn that there are 4 installation types: server, agent, local and hybrid. While there’s no official documentation explaining this, per this Google Groups thread a local install is equivalent to a standalone install on a single system.
OSSEC’s documentation states that the installation type can be selected when using the
install.sh wizard. However, I prefer package installation whenever possible. Unfortunately I couldn’t find any documentation on this.
Eventually I was able to figure out what is documented in this GitHub issue. Essentially, you just do a server install and that is the same as a local install.
Download the yum packages
$ wget -q -O - https://updates.atomicorp.com/installers/atomic |sh $ yum install ossec-hids ossec-hids-server
Next start the server
$ /var/ossec/bin/ossec-control start
OSSEC server is now running on the box and sending alerts to
Hi, I'm Max!
If you'd like to get in touch with me the best way is on Twitter.