OSSEC is a free and open source host-based intrusion detection system (IDS). It has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response.

It works on most operationg systems, including Linux, Windows, Solaris, FreeBSD and OpenBSD. It also has an easy to setup centralized architecture, allowing multiple servers to be monitored from one central node.

It provides a pretty complete coverage if you are looking for an endpoint (server) security solution.

If you have not used OSSEC before, I recommend reading my guide to get started:



OSSEC is very easy to install and takes less than 5 minutes if you are doing it on just one server:

1- Download OSSEC:

# wget https://dcid.me/ossec-packages/ossec-hids-latest.tar.gz

2- Install gcc and make. A simple “apt-get install gcc make” on Ubuntu or “yum install gcc make” on CentOS/RedHat will do it for you.

3- Run the script ./install.sh. It will guide you through the installation process.

# cd *ossec*
# ./install.sh

4- The install script will create everything necessary and get you up and running in a few minutes. Once completed, just run ossec-control to start OSSEC:

# /var/ossec/bin/ossec-control start

5- If you are running it on multiple servers, make sure to install the manager first and the agent install on the others. Use the manage_agents tool to create the right encryption keys.

6- Enjoy.

Contributing and patches

I am keeping both the bitbucket and github repositories of my fork in sync. So you can submit PR’s and issues to either one of them:

https://bitbucket.org/dcid/ossec-hids https://github.com/dcid/ossec-hids

I personally use more bitbucket, but either works.

Download History

Looking for old versions of OSSEC? Or just a history of all the versions? Enjoy!

The latest snapshot is here: https://bitbucket.org/dcid/ossec-hids/get/tip.tar.gz

Quick Links


External Projects