INSTALLING OSSEC AGENT IN CENTOS

OSSEC is an open source centralized log monitoring and notification system. OSSEC is often used to meet PCI Compliance central logging and intrusion monitoring requirements with a free and self-managed solution.

First download the package

#wget https://github.com/ossec/ossec-hids/releases/download/v2.7/ossec-hids-2.7.tar.gz

Now extract it

#tar -zxvf ossec*

mv to ossec-hids directory

#cd ossec-hids/

Install the file

#./install.sh

Now start the service

#service ossec start (Centos 6)
#systemctl start ossec (Centos7)

UNINSTALLING OSSEC

As OSSEC is installed from source, we don't have all the nice package management options. we have to remove all the things manually, that is, all the ossec files, the init files, the ossec users and ossec groups. The following shell commands do that:

#rm -f /etc/init.d/ossec /etc/rc0.d/K20ossec /etc/rc1.d/K20ossec /etc/rc2.d/S20ossec
#rm -f /etc/rc3.d/S20ossec /etc/rc4.d/S20ossec /etc/rc5.d/S20ossec /etc/rc6.d/K20ossec
#rm -rf /var/ossec
#/usr/sbin/deluser ossec
#/usr/sbin/deluser ossecm
#/usr/sbin/deluser ossecr
#/usr/sbin/deluser ossecd
#/usr/sbin/delgroup ossec
#/usr/sbin/delgroup ossecd

go server space

Search This Blog

INSTALLING OSSEC AGENT IN CENTOS