How Do You Install OSSEC on Any Type of Linux?

Problem scenario
You have Debian/Ubuntu, RedHat (including CentOS and Fedora), and SUSE distributions of Linux.  You want to install OSSEC on each server (to protect them with host-based intrusion detection systems, IDSes).  You want to use the same script to install OSSEC on each server. How do you do this?

Solution
1.  Create a script such as this /tmp/ossec.sh.

#!/bin/bash
# Written by www.continualintegration.com

ossecversion=3.1.0 

 » Read more..

How Do You Deal with An “hwloc library not found” Error?

Problem scenario
You are trying to install Snort on Ubuntu.  You have installed hwloc (because you know the command hwloc-info works).  But when you try to run a configure script (e.g., configure_cmake.sh), you get this error:

“– Could NOT find PkgConfig (missing:  PKG_CONFIG_EXECUTABLE)
CMake Error at cmake/FindHWLOC.cmake:6 (message):

        ERROR! hwloc library not found.

        Get it from https://www.open-mpi.org/projects/hwloc/

Call Stack (most recent call first):
 

 » Read more..

How Do You Use Tripwire Commands without the “Keyfile Read/Write error”?

Problem scenario
You created a tripwire keyfile.  You perform a tripwire (e.g., twprint) command but you get this error:


### Error: Keyfile Read/Write error.
### /etc/tripwire/site.key
### Exiting…

What should you do?

How Do You Troubleshoot the Problem “No package ‘Luajit’ Found” When Attempting to Install Snort?

Problem scenario
You install the Lua Just-In-Time package named luajit (e.g., with sudo apt-get -y install luajit).  You are trying to install Snort.  When you run the ./configure script, you get this error:


— Checking for module ‘luajit’
—   No package ‘luajit’ found
CMake Error at /usr/share/cmake-3.5/Modules/FindPackageHandleStandardArgs.cmake:148 (message):

/usr/bin/luajit-2.0.4
/usr/share/luajit-2.0.4/jit

You tried this:

./configure_cmake.sh –with-luajit-libraries=/usr/share/luajit-2.0.4/jit/ –with-luajit-includes=/usr/bin

But that command failed too.

 » Read more..

How Do You Install Snort on RHEL 7.x?

Problem scenario
You want to install Snort on a Red Hat Enterprise Linux server.  How do you do this?

Solution
1.  Log into the server.
2.  Create a file /tmp/snortinstaller.sh with the following content:

yum -y install libdnet

yum -y install https://www.snort.org/downloads/snort/daq-2.0.6-1.f21.x86_64.rpm

curl https://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/l/libnghttp2-1.28.0-1.fc28.x86_64.rpm > libnghttp2-1.28.0-1.fc28.x86_64.rpm

rpm -ivh libnghttp2-1.28.0-1.fc28.x86_64.rpm

yum -y install https://www.snort.org/downloads/snort/snort-2.9.11-1.f25.x86_64.rpm

ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1

3. 

 » Read more..

How Do You Get Snort Working to Test It Out?

Problem scenario
You have a Linux server, and you want to install Snort use its basic functionality.  How do you do this?

Background
It is advisable to place Snort on every machine (Upguard).  This way if one server is compromised, you have Snort’s features on all other servers.  When alerting but not logging, running Snort usually consumes a negligible amount of resources (RAM,

 » Read more..

How to Install Suricata on an AWS Instance of SUSE Linux

These “directions” to install Suricata on SUSE Linux include a script and how to run it.  The script was designed to install Suricata 3.1dev on an AWS instance of SUSE 12 SP1.  This script was based on these here. This script requires that your AWS SUSE Linux server is in a security group that has access to the Internet.  The script takes approximately five minutes to run.  But bandwidth and resources on your instance may vary.

 » Read more..

How to Install Suricata on an AWS Instance of Ubuntu Linux

Updated on 11/28/17

Problem scenario
You want to install Suricata on Ubuntu Linux.  How do you do this?

Solution
These directions to install Suricata on include a script and how to run it.   The optional script in 2.c was based on these here.  The optional script in 2.c script requires that your AWS Ubuntu Linux server is in a security group that has access to the Internet. 

 » Read more..

How to Install Suricata on an AWS Instance of RedHat Enterprise Linux Server

Updated 11/29/17

These directions will allow you to install Suricata.  The script in step 2 was designed to install Suricata 4.0.1 on an AWS instance of RHEL 7.4.  This script requires that your AWS RedHat Enterprise Linux server is in a security group that has access to the internet.  You do not need a subscription to RedHat packages. 

Step #1  Log into the Red Hat Enterprise Linux server. 

 » Read more..