Each distro needs different packages to compile the code there are pre-made binaries available,
Each distro needs different packages to compile the code Install the appropriate packages for you distro. I’ll update them as I discover them
apt install -y unzip build-essential zlib1g-dev libsqlite3-dev libpcre2-dev wget unzip make gcc php php-cli php-common libapache2-mod-php apache2-utils sendmail inotify-tools libevent-dev libssl-dev
Pacman -Sy unzip base-devel yay -S sendmail (still a work in progress)
To get started, we need to get the latest version of the source from the github releases page. At the time of writing this, version 3.6 is the latest
Next, we can extract the zip and start the installer. This both installs the package and compiles it.
unzip 3.6.0 cd ossec-hids-3.6.0 sudo ./install.sh
For my setup, I’ll be doing a hybrid install. This option installs both the server and the client. If you only want the agent, select the agent. Fill out the options according to your needs and wants.
After you are done installing, run the following as root:
If you are hosting the server, you can check if it is running by running the following
This will show and output of all the listening ports if you see port 1514/udp or 1515/tcp active it is working. example output:
udp6 0 0 :::1514 :::* 30108/ossec-remoted tcp6 0 0 :::1515 :::* 30108/ossec-remoted
As you can see, the server is running. Now all you need to do is create a firewall rule for it. See FIREWALL ARTICLE on how to do it
To see what agents are connected, login to the server and run: