How to deploy OSSEC across a large network of systems from RPMs

OSSEC is a Host-based Intrusion Detection System (HIDS). It is Free Software, made available under the GNU General Public License (version 2).

It can do “log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.” When I was looking for a security solution for my Cloud servers, it was numero uno on a list of such software that I compiled.

Installing it on the couple of servers I maintain (one as an OSSEC server, and the other as an OSSEC agent) was easy (it comes with a very simple, command-line installer), but if you ever need to deploy it on more than a couple of servers, here’s a tutorial that I think can be helpful. It was written by Vic Hargrave, Community Manager for the OSSEC Project, and a developer for the Data Analytics Group at Trend Micro, a security software and service solutions provider that sponsors OSSEC.

Here’s an excerpt from the article:

When I first started playing around with OSSEC I downloaded the agent and server source packages then proceeded to install them by hand. This method was fine when I had a server and 1 or 2 agent systems, but for a large network of systems it is tedious and error prone.

The OSSEC Project offers RPM packages that can be installed with yum on RedHat derived Linux distributions. Using these packages and the ossec-authd system, you can script the installation of OSSEC and automatically register agents with the server.

You may read the complete article here.
OSSEC HIDS Linux security

Related Posts

How to install Cinnamon in Ubuntu 11.10 Cinnamon is a new desktop environment, forked from GNOME 3 by the developers of Linux Mint. It is intended as an optional desktop for those who have n...
Install Cinnamon 1.6 in Ubuntu 12.04 LTS Alternate titles: How to install Cinnamon desktop in Ubuntu 12.04 Precise Pangolin; how to install Cinnamon desktop 1.6 in Ubuntu 12.04 LTS. Cinnam...
Openfiler 2.3 and Interface Bonding Openfiler is an rPath Linux-based, free and open source NAS/SAN software solution. We have previously written a comparative review of Openfiler and Fr...
Disk partitioning guide for Linux Mint Debian Linux Mint Debian is the latest version of Linux Mint. Unlike other versions of Mint, it is not based on Ubuntu, but rather on Debian Testing, and com...
How to test-drive Ubuntu Core on Fedora 21 Workstation Ubuntu Core is a containerized edition of Ubuntu for Cloud deployments. A beta release was announced yesterday. (See Ubuntu Core to bring Snappy and t...
Best IDEs for Octave, Python and R Code-wise, I've been getting my hands dirty with some digital grease over the past few months, and it's been fun. Most of the fun has resolved around ...

We Recommend These Vendors

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Leave a Comment

Your email address will not be published. Required fields are marked *