Security: OSSEC

Table of Contents

Setup server
Setup web interface
Setup client

Setup server

by ross at 17:40:11 on December 31, 2014

Install

# cd /usr/ports/security/ossec-hids-server
# make install clean
# rehash

Setup

Refer to OSSEC docs. Here's example of /usr/local/ossec-hids/etc/ossec.conf: ossec.conf.

Enable active response firewall-drop. OSSEC detects whatever firewall you use and installs the appropriate active-response/bin/firewall-drop.sh script.

If the script uses pf additional setup is needed: create ossec_fwtable table and block all traffic from hosts of this table. Just like in my PF example.

Add to /etc/rc.conf:

# Enable OSSEC
ossechids_enable="YES"

Start OSSEC

Fix installation:

# chmod -R ug+w /usr/local/ossec-hids

Start ossec-hids:

# service ossec-hids start

 

Comments