Install OSsec on Centos

1. Download Ossec :

wget <a href="" title=""></a>

tar -zxvf ossec-hids-2.7.tar.gz

cd ossec-hids-2.7

Controlling Service:

/var/ossec/bin/ossec-control start

/var/ossec/bin/ossec-control stop

Edit Configuration File :

vi /var/ossec/etc/ossec.conf

Installing Agent:

Authorizing Agents:


  1. Add an Agent : press A

  2. Extract Key for an agent : Press E


Copy the agent Key and now login to the agent machine


a. Press I to import the key : Press I

b. Paste the key:


/var/ossec/bin/ossec-control start

Now Restart the server [ you have to restart the server every time you add an agent ]

Troubleshooting :

Error Executing analysisd :

There is a small bug in version 2.6 , the logtest directory is missing, run the below command to fix that.

ln -s /var/ossec/bin/ossec-logtest /var/ossec/ossec-logtest

Tips & Tricks :

**SendingĀ  Email to a different email for a particular rule ID: **

<email_alerts> <email_to></email_to> <rule_id>31430</rule_id> </email_alerts>

Disable Ossec Active Response :

Replace everything between with following :


In order to Enable Ossec Active Response , just replace that part with :

host-deny local 6 600 firewall-drop local 6 600