OSSEC is best and free FIM system (File integrity monitoring), Log Parser, Intrusion Detection System.
It even lets you know which file is added in the system. Which file is edited in the system and what text is added in the file.
You can also be notified of any SSH based login, Privilege escalation, Invalid password attempts.
Monitoring and alerts for errors such as 404, 500 and others in Apache logs and send emails on given address about all of the above issues.
It can also do more than the above list.
As we know that adding any Repository in Kali Linux is not possible through add-apt-repository.
Although one can install OSSEC easily with .deb package, but installing with repository is always a good practice. This ensures that we get all bug fixes and updates of the package with simple apt command.
Recently I needed to install OSSEC in Kali 2017.3, so I followed the below process and installed OSSEC successfully.
root@kali:/# wget -q -O – https://updates.atomicorp.com/installers/atomic | sudo bash
This will create a repo file and add gpg file as well in the system.
You may get below error:
Error: Unable to determine distribution type. Please send the contents of /etc/os-release to email@example.com
To fix this we need to add below content in os-release file:
root@debian:root# cat /etc/os-release
PRETTY_NAME=”Debian GNU/Linux 8 (jessie)”
Rename the current os-release file:
root@kali:root# mv /etc/os-release /etc/os-release-bkp
Now add above debian os-release content in Kali Linux os-release file. Run below command:
root@kali:/home/waqas# echo ‘PRETTY_NAME=”Debian GNU/Linux 8 (jessie)”
> NAME=”Debian GNU/Linux”
> VERSION=”8 (jessie)”
> BUG_REPORT_URL=”https://bugs.debian.org/”‘ > /etc/os-release
One more step is left. If we try to install OSSEC just now. We will find below error:
root@kali:root# apt-get update && apt-get install ossec-hids-server
Reading package lists… Done
Building dependency tree
Reading state information… Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
ossec-hids-server : Depends: libmysqlclient18 (>= 5.5.24+dfsg-1) but it is not installable
Depends: libssl1.0.0 (>= 1.0.1) but it is not installable
E: Unable to correct problems, you have held broken packages.
To fix above we would need to add Debian repo to install couple of packages from there. Run below command:
root@kali:root# echo ‘deb http://ftp.de.debian.org/debian jessie main’ >> /etc/apt/sources.list.d/atomic.list
Also add Debian gpg key:
root@kali:/root# sudo apt-key adv –keyserver keyserver.ubuntu.com –recv-keys 8BC3A7D46F930576
Now you will easily get OSSEC-HIDS installed. Run below command:
root@kali:/root# apt-get update && apt-get install ossec-hids-server
Thats all. You will get latest and updated OSSEC-HIDS package installed in Kali Linux.
Let me know if you face any issue in comments below.