How to Set Up OSSEC Host-Based Intrusion Detection
OSSEC is a powerful open-source host-based intrusion detection system (HIDS) that monitors file integrity, log analysis, rootkit detection, and real-time alerting on your Breeze.
Install OSSEC
# Install dependencies
sudo apt update
sudo apt install -y build-essential gcc make libevent-dev libpcre2-dev libz-dev libssl-dev
# Download and install OSSEC
wget https://github.com/ossec/ossec-hids/archive/3.7.0.tar.gz
tar -xzf 3.7.0.tar.gz
cd ossec-hids-3.7.0
sudo ./install.shSelect local installation type when prompted for a standalone Breeze deployment.
Configure Monitoring
Edit /var/ossec/etc/ossec.conf to customize monitored directories and alert levels:
<syscheck>
<frequency>7200</frequency>
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/var/www</directories>
<ignore>/etc/mtab</ignore>
</syscheck>Start and Verify
sudo /var/ossec/bin/ossec-control start
sudo /var/ossec/bin/ossec-control status
# View alerts
sudo tail -f /var/ossec/logs/alerts/alerts.logEmail Notifications
Configure email alerts in ossec.conf under the <global> section by setting <email_to>, <smtp_server>, and <email_from>. Set alert levels appropriately so you receive notifications for critical events without being overwhelmed by noise.