This guide covers the installation of OSSEC 3.6.0 as a local agent on Debian 10 (Buster). The process has been tested and works consistently on both x64 and ARM systems.
Because this installation process always catches me by surprise when I need to do it, and while I don’t do it often, it’s always the setup that bothers me the most. Here’s a straightforward guide to get OSSEC 3.6.0 running on your Debian 10 system.
Installation#
Install Required Dependencies#
First, install the necessary packages. I usually run a minimalist version of Debian, so these packages may not come with your current installation:
apt install wget build-essential libpcre2-dev zlib1g-dev inotify-tools libevent-dev libssl-dev
Download OSSEC 3.6.0#
With the dependencies installed, download the OSSEC 3.6.0 package:
wget https://github.com/ossec/ossec-hids/archive/3.6.0.tar.gz
Extract the Package#
Unpack the newly downloaded .tar.gz file:
tar -zxvf 3.6.0.tar.gz
Run the Installation#
Navigate into the extracted folder, locate the install.sh script, and run it:
cd ossec-hids-3.6.0
./install.sh
During the installation process:
- Select your preferred language
- Choose “local” for the installation type
- Follow the remaining prompts with default settings
This process should also work for other OSSEC modes, but I typically use local installation and pull logs through other methods for my setup.
Conclusion#
That’s it! You now have OSSEC 3.6.0 running on your Debian 10 system. The installation process is straightforward once you have all the dependencies in place.
Have fun monitoring your system!