Skip to content Skip to site navigation Skip to service navigation

Deploy OSSEC Using BigFix

Warning: BigFix is a powerful tool and should only be used by system administrators with proper training. Please see the BigFix  for Servers page for more information about BigFix.

  1. Log in to the BigFix console, then select all the computers to which you are deploying OSSEC.

      select the computers on which you want to deploy OSSEC

  2. Right-click your selection, and click Modify Custom Site Subscriptions from the context menu. Subscribe the selected computers to the Stanford-Linux site.

    subscribe the selected computers to Stanford-Linux

  3. Click Fixlets and Tasks, then enter ossec into the search box.

    Search for ossec action

  4. Choose your installation. The Information Security Office provides OSSEC HIDS 2.9 GA in a standalone mode via BigFix. 
    Note:  This install depends on the target host having 'make' and 'gcc' already present on the system as helper programs. 
  5. In the lower-right pane, click Take Action.
  6. Click Deploy from scratch. Use the default location, unless you must do otherwise.

    Select deploy action

  7. Select the computers to receive the the installation package.

  8. Click Yes to confirm the Action Summary, then click OK.

    confirm action summary

The installation operations take one or two polling periods, and can be tracked in the BigFix console.

Last modified November 28, 2017