OSSEC local install from package
Published: May 25, 2019
If you read OSSEC’s installation documentation, you’ll learn that there are 4 installation types: server, agent, local and hybrid. While there’s no official documentation explaining this, per this Google Groups thread a local install is equivalent to a standalone install on a single system.
OSSEC’s documentation states that the installation type can be selected when using the
install.sh wizard. However, I prefer package installation whenever possible. Unfortunately I couldn’t find any documentation on this.
Eventually I was able to figure out what is documented in this GitHub issue. Essentially, you just do a server install and that is the same as a local install.
Download the yum packages
$ wget -q -O - https://updates.atomicorp.com/installers/atomic |sh $ yum install ossec-hids ossec-hids-server
Next start the server
$ /var/ossec/bin/ossec-control start
OSSEC server is now running on the box and sending alerts to