ossec Archives

How to remove OSSEC Agent on macOS Sierra

I’ve been trying to find a way to remove OSSEC on one of my Macs. Most documentation is a bit outdated and references files from yesteryear, so here’s how to do it on macOS Sierra in 2018. These instructions were written with OSSEC 2.8 in mind. I’m not familiar with later versions. Removing the three … Read more

How to fix Duplicate Counter Error in OSSEC

You may come across a duplicated counter / duplicate error in OSSEC. This can happen when you try to add an agent to the server again which was previously added (say when you had to rebuild the OSSEC Server).

The agent is basically saying “hey I’ve got some data here which doesn’t line up with what I should be getting from the server”.

This problem can be resolved easily – let me show you how.

Read more

How to install OSSEC HIDS on CentOS 6 and 7

Remote computers are under constant attack by Evil Dudes – that’s especially true for Linux servers. To prevent such attacks by Evil Dudes from Hacker Land, I’ve been relying on the amazing OSSEC Host Intrusion Detection System on all my machines.

Even though the OSSEC website is great, I always forget the simple steps that are involved in getting it up and running on a brand new server. Here are the steps that work for me.

I’ve originally written this article in 2011 for OSSEC 2.6, but I’ve just updated and tested the instructions again with OSSEC 2.8.1 on CentOS 7. It’s my go-to guide on how to get OSSEC up and running. However, by the time you read this it may all be completely out of date – please bear that in mind. Thanks 😉

Read more