- Instant OSSEC Host-based Intrusion Detection System
- Brad Lhotsky
- 107字
- 2021-08-13 16:28:01
Getting ready
In this example, we assume that the:
- OSSEC server is 192.168.0.1
- Our servers live on 192.168.0.0/23 (192.168.0.1 to 192.168.1.254)
- We have an external MS Exchange server at 1.2.3.4
We also assume that you have successfully installed OSSEC. Otherwise, you can install it from the source or with a binary installer. To install from a source, use the install.sh command and select server as the installation type in the first step. Binary installers will label their server packages as ossec-hids-server.
In order to run OSSEC in server mode, you need to open up the UDP port 1514 on your firewalls from and to your OSSEC server.