I want to install OSSEC HIDS in my Network Infrastructure for monitoring my network traffic & act based on that. I had gone through the OSSEC site regarding pre-requisites. I want to do it only for my Routers , Switches and Firewalls which can be done through "agentless" type . How that could be done?
When installing with mysql support, I get this error:
/tmp/ccuS4FYw.o: In function `mysql_osdb_connect':
/home/bkhezry/Downloads/ossec-hids-2.6/src/os_dbd/db_op.c:164: undefined reference to `mysql_init'
/home/bkhezry/Downloads/ossec-hids-2.6/src/os_dbd/db_op.c:178: undefined reference to `mysql_options'
I'm trying to set up OSSEC on a CemtOS 6.5 server. This is to be installed as an agent, not a server or local instance. The package successfully installed and I created the clients.key file, but when I try to start the daemon I receive the error
error: queue not accessible (/var/ossec/etc/queue/ossec) connection refused
OSSEC 2.8 has been released. OSSEC is a cross-platform host intrusion detection system. Hence it’s also known as OSSEC HIDS. It is Free software released under the GNU General Public License, and features log analysis, file integrity monitoring, rootkit detection and real-time active responses. If you intend to run a server anywhere, this is one of the first applications you […]
OSSEC is Free Software, a GPL-licensed, host-based intrusion detection system (HIDS) that operates on a client-server model. Its development is sponsored by Trend Micro, a software security outfit based in Tokyo, Japan.
OSSEC is cross-platform, with binary packages available for all Linux distributions, the BSDs, Windows, Solaris, Mac OS, VMWare ESX, AIX, and HP-UX.
I'm running OSSEC as a HIDS on a Ubuntu 12.10 server, and it routinely (3-4x a day) sends me a notification like this: (note the last octet of the IP address has been changed to 'xxx' to protect the guilty)
OSSEC HIDS Notification.
2013 Nov 21 15:10:43
Received From: localhost->/var/log/auth.log
Rule: 2502 fired (level 10) -> "User missed the password more than one time"
Portion of the log
I have recently installed ossec and its web-ui from the repositories.
I have configured its parameters, have added www-data to the /var/ossec folder, changed its permissions to 755 (although not necessary) ...
I did not touch php nor apache configuration.
Now whenever I try accessing the web gui I get this message:
OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.