ossec-hids on kali linux

Install OSSEC in Kali Linux from OSSEC-HIDS Repository

OSSEC is best and free FIM system (File integrity monitoring), Log Parser, Intrusion Detection System.

It even lets you know which file is added in the system. Which file is edited in the system and what text is added in the file.

You can also be notified of any SSH based login, Privilege escalation, Invalid password attempts.

Monitoring and alerts for errors such as 404, 500 and others in Apache logs and send emails on given address about all of the above issues.

It can also do more than the above list.

As we know that adding any Repository in Kali Linux is not possible through add-apt-repository.

Although one can install OSSEC easily with .deb package, but installing with repository is always a good practice. This ensures that we get all bug fixes and updates of the package with simple apt command.

Recently I needed to install OSSEC in Kali 2017.3, so I followed the below process and installed OSSEC successfully.

Enter:

root@kali:/# wget -q -O – https://updates.atomicorp.com/installers/atomic | sudo bash

This will create a repo file and add gpg file as well in the system.

You may get below error:

Error: Unable to determine distribution type. Please send the contents of /etc/os-release to support@atomicrocketturtle.com

To fix this we need to add below content in os-release file:

root@debian:root# cat /etc/os-release
PRETTY_NAME=”Debian GNU/Linux 8 (jessie)”
NAME=”Debian GNU/Linux”
VERSION_ID=”8″
VERSION=”8 (jessie)”
ID=debian
HOME_URL=”http://www.debian.org/”
SUPPORT_URL=”http://www.debian.org/support”
BUG_REPORT_URL=”https://bugs.debian.org/”

Rename the current os-release file:

root@kali:root# mv /etc/os-release /etc/os-release-bkp

Now add above debian os-release content in Kali Linux os-release file. Run below command:

root@kali:/home/waqas# echo ‘PRETTY_NAME=”Debian GNU/Linux 8 (jessie)”
> NAME=”Debian GNU/Linux”
> VERSION_ID=”8″
> VERSION=”8 (jessie)”
> ID=debian
> HOME_URL=”http://www.debian.org/”
> SUPPORT_URL=”http://www.debian.org/support”
> BUG_REPORT_URL=”https://bugs.debian.org/”‘ > /etc/os-release

One more step is left. If we try to install OSSEC just now. We will find below error:

root@kali:root# apt-get update && apt-get install ossec-hids-server
Reading package lists… Done
Building dependency tree
Reading state information… Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
ossec-hids-server : Depends: libmysqlclient18 (>= 5.5.24+dfsg-1) but it is not installable
Depends: libssl1.0.0 (>= 1.0.1) but it is not installable
E: Unable to correct problems, you have held broken packages.

To fix above we would need to add Debian repo to install couple of packages from there. Run below command:

root@kali:root# echo ‘deb http://ftp.de.debian.org/debian jessie main’ >> /etc/apt/sources.list.d/atomic.list

Also add Debian gpg key:

root@kali:/root# sudo apt-key adv –keyserver keyserver.ubuntu.com –recv-keys 8BC3A7D46F930576

Now you will easily get OSSEC-HIDS installed. Run below command:

root@kali:/root# apt-get update && apt-get install ossec-hids-server

Thats all. You will get latest and updated OSSEC-HIDS package installed in Kali Linux.

Let me know if you face any issue in comments below.

Leave a Reply

Your email address will not be published.


*