How Do You Install OSSEC on Any Type of Linux?

Problem scenario
You have Debian/Ubuntu, RedHat (including CentOS and Fedora), and SUSE distributions of Linux.  You want to install OSSEC on each server (to protect them with host-based intrusion detection systems, IDSes).  You want to use the same script to install OSSEC on each server. How do you do this?

Solution
1.  Create a script such as this /tmp/ossec.sh.

#!/bin/bash
# Written by www.continualintegration.com

ossecversion=3.1.0  # Change this version as necessary

filename=`basename "$0"`
numlines=$(wc -l $filename | awk '{print $1}')
if [ 83 -lt $numlines ]    # change 83 to the correct number of lines if script grows
then
  echo "line numbers too long.  Were extra lines introduced accidentally during a cut and paste?"
  echo "****************EXITING**********************************"
  exit
else
  echo "Script running..."
fi

distro=$(cat /etc/*-release | grep NAME)

debflag=$(echo $distro | grep -i "ubuntu")
if [ -z "$debflag" ]
then   # If it is not Ubuntu, test if it is Debian.
  debflag=$(echo $distro | grep -i "debian")
  echo "determining Linux distribution..."
else
   echo "You have Ubuntu Linux!"
fi

rhflag=$(echo $distro | grep -i "red*hat")
if [ -z "$rhflag" ]
then   #If it is not RedHat, see if it is CentOS or Fedora.
  rhflag=$(echo $distro | grep -i "centos")
  if [ -z "$rhflag" ]
    then    #If it is neither RedHat nor CentOS, see if it is Fedora.
    echo "It does not appear to be CentOS or RHEL..."
    rhflag=$(echo $distro | grep -i "fedora")
    fi
fi

if [ -z "$rhflag" ]
  then
  echo "...still determining Linux distribution..."
else
  echo "You have a RedHat distribution (e.g., CentOS, RHEL, or Fedora)"
  yum -y install httpd unzip wget gcc php sendmail python-inotify
fi

if [ -z "$debflag" ]
then
  echo "...still determining Linux distribution..."
else
   echo "You are using either Ubuntu Linux or Debian Linux."
   apt-get -y update # This is necessary on new AWS Ubuntu servers.
   apt -y install build-essential gcc make apache2 libapache2-mod-php7.0 php7.0 php7.0-cli php7.0-common apache2-utils unzip

wget sendmail inotify-tools
fi

suseflag=$(echo $distro | grep -i "suse")
if [ -z "$suseflag" ]
then
  if [ -z "$debflag" ]
  then
    if [ -z "$rhflag" ]
      then
      echo "*******************************************"
      echo "Could not determine the Linux distribution!"
      echo "Installation aborted. Nothing was done."
      echo "******************************************"
      exit
    fi
  fi
else
   echo "You have Linux SUSE."
   zypper -n install gcc make apache2 apache2-mod_php7 php7 apache2-utils unzip
fi

cd /tmp
wget https://github.com/ossec/ossec-hids/archive/$ossecversion.tar.gz
tar -zxvf $ossecversion.tar.gz
mv /tmp/ossec-hids-$ossecversion /bin/ossec   #ossec-hids-$ossecversion
echo "go to /bin/ossec (with a cd) and run 'sudo bash install.sh'"
echo "Then follow the interactive text menu prompts after that.  It should be self-explanatory."
echo "For a proof-of-concept, it is easiest if you do not configure email alerts or an SMTP notification server."

2.  Run the script with this command: sudo bash ossec.sh

Leave a comment

Your email address will not be published. Required fields are marked *