Upgrading OSSEC 2.7 to 2.8 and the bro-ids rule issue

Upgrade OSSEC 2.7 bro-ids rule

‘Tis the season for upgrading.

This hour, the target is OSSEC. Next will be a Cloud server running Ubuntu 12.04 LTS, which will be upgraded to Ubuntu 14.04 LTS

OSSEC is a cross-platform and Free Software “host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.”

It is one of the best of its kind, and one piece of software you want on your server as soon as it’s online. Most tutorials you read advocate Fail2ban, but OSSEC brings a lot more to the table than Fail2ban. Don’t get me wrong, Fail2ban is nice to have on your server, but OSSEC is nicer.

Before the upgrade, the target server was running OSSEC 2.7.1. It was then upgraded to OSSEC 2.8, which was released on June 4 (2014). Upgrading OSSEC is a very simple operation, but I ran into a problem at the end. More on that later. For now, here’s how the upgrade was done.

Related Post:  Dual-boot Windows 8 or Windows 7 and Ubuntu 13.10, with Ubuntu on a btrfs filesystem

Downloaded OSSEC 2.8 from here. Verified its checksums and moved the compressed tarball to the server. Unpacked it (tar zxf ossec-hids-2.8.tar.gz), changed to the OSSEC directory (cd ossec-hids-2.8), and started the installation by typing ./install.sh.

Your language is likely supported by the installation script.
Upgrade OSSEC 2.7

It wil detect that there’s an existing OSSEC installation and ask for an upgrade.
Upgrade OSSEC 2.7 to 2.8

From this screenshot, you can tell that something did not go as intended: OSSEC analysisd. Testing rules failed. Configuration error. Exiting.
Upgrade OSSEC 2.7 Linux

Related Post:  Building Interactive Maps with Leaflet

Querying the status of OSSEC showed that it is not running. What can the log file tell me?
Upgrade OSSEC 2.7 failed

Entries in the log file revealed the cause of the problem: The program failed to load the bro-ids rule: Invalid decoder name: ‘bro-ids’. Error loading the rules: ‘bro-ids_rules.xml’.
Upgrade OSSEC 2.7 logs

I found out that the issue with bro-ids rules is a longstanding one and that the recommended fix, if you can call it that, is to uncomment the bro-ids_rules.xml line in OSSEC’s main configuration file. And that did the trick
Upgrade OSSEC 2.7 bro-ids rule

Now, OSSEC is up and running, monitoring the system and sending email alerts when it detects bad traffic.

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Hola! Did you notice that LinuxBSDos.com no longer run network ads?  Yep, no more ads from the usual suspects that track and annoy you across the Internet. But since I still need to pay to keep the site running, feel free to make a small donation by PayPal or your favorite cryptocurrency.

  • Bitcoin
  • Ethereum
  • Xrp
  • Bitcoin cash
  • Bitcoin sv
  • Litecoin
  • Binance coin
  • Cardano
  • Ethereum classic
Scan to Donate Bitcoin to bc1qzvlte2m224zkayhdc7fdfjkp2rsgt0l5a496ua

Donate Bitcoin to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0x0F4362DFF77F3Ba0Dc637F5f3Eba35D09a2fA60C

Donate Ethereum to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Xrp to r4ggjvL36njsMCYTkJ3S7cTHscPsMsSGQv

Donate Xrp to this address

Scan the QR code or copy the address below into your wallet to send some Xrp

Scan to Donate Bitcoin cash to qrs0dedzp9t55af3nfwypydghp29r0xguy9s20fz2k

Donate Bitcoin cash to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin cash

Scan to Donate Bitcoin sv to 15K9TLyVDBtLuG9cYvXCX9SSkq9C9oUKHK

Donate Bitcoin sv to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin sv

Scan to Donate Litecoin to LetJ9QQMb7u2LMZ9Tu6rtHwcBcQFW98fbG

Donate Litecoin to this address

Scan the QR code or copy the address below into your wallet to send some Litecoin

Scan to Donate Binance coin to bnb1ga8trq08ssqepd90v6225nzfgy448pu5pw8gxp

Donate Binance coin to this address

Scan the QR code or copy the address below into your wallet to send some Binance coin

Scan to Donate Cardano to addr1qx2354yw49etstfljpdhwja3ajjlt487lg95vu9ngy2q6vu4rf2ga2tjhqknlyzmwa9mrm997h20a7stgectxsg5p5esq5l7d9

Donate Cardano to this address

Scan the QR code or copy the address below into your wallet to send some Cardano

Scan to Donate Ethereum classic to 0xcD6CC972a2297FcafACDcfE042C55C69516a9264

Donate Ethereum classic to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum classic

Subscribe for updates. Trust me, no spam!

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

Upcoming events

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.

Categories
Archives

The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.