OSSEC on OSX

Next up for reinstall is OSSEC. OSSEC is an Open Source Host-basted Intrusion Detection System. I also had this installed before the i reinstalled OSX.

To install OSSEC just follow the default instructions and everything works out just fine. Note, you’ll have to start this manual after each reboot, I’m sure there is a way to add it to autostart, but I haven’t gotten there yet.

To install the OSSEC-WUI follow the instructions up to the point before running the setup.sh script, it will not work on OSX (client anyway, not sure about server). All you need to do to get it working is first change the permission on the whole folder and files to _www. Then you need to add the _www user to the ossec group. That is done with the following command:
sudo dscl . -append /Groups/ossec GroupMembership _www

Thats it now its up and running and you have a nice interface for it.