On 5/12/23 08:47, Jeremy Stanley wrote:
On 2023-05-12 08:10:04 -0700 (-0700), Jeffrey Chimene wrote:
[...]
I'd like to propose adding a section that describes ossec.
[...]
There's an (ancient) RFP for it which apparently used to be an ITP:
https://bugs.debian.org/361954
There's no ossec-hids package in Debian currently though, so
actually packaging it for inclusion in the distribution seems like
the place to start.
Agreed. Actually, ossec itself has a debian package, so no ITP for me
:). It made my work significantly easier since the regex package (pcre2)
isn't part of the distro; the absence has a reason, but it's still an
impediment that ossec itself has addressed with their .deb
I'm proposing adding a section to the document. I'll do the work.
There's a particular focus that I think needs clarifying, i.e. the
"accidental" sysop. To be clear, I've been using Debian since Potato as
a developer. It's only since 2017 that I've been actively using Buster,
Bullseye.
<rant>I'm somewhat annoyed that, for example, Linode thinks documenting
ossec installation on Debian 7 is relevant to the sysop looking to
improve their security posture. That someone exploring ossec would be
running 7 seems not be a problem.</rant>
```
# Add Apt sources.lst
wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo bash
# Update apt data
sudo apt-get update
# Agent
sudo apt-get install ossec-hids-[server|agent]
```
Cheers,
jec
