On most production systems, a C compiler may not available. Don't worry, it is still possible to deploy it on these systems without requiring administrators to install hefty development packages.

OSSEC provides a binary installer for Windows on the Downloads page (http://www.ossec.net/?page_id=19) of the site. This is an agent-only binary, so you will still require a Linux/BSD server to manage any Windows agents.

For Linux systems, there are two major package managers, RPM and APT. Distributions based on Red Hat use a binary package called an RPM. Atomicorp provides a handy installer for their nicely packaged OSSEC RPMs, which you can install using the following command on your Red Hat server:

$ wget -q -O - https://www.atomicorp.com/installers/atomic |sudo sh

After that, you'll be able to install the OSSEC server or agent through yum:

$ sudo yum install ossec-hids-server

Or for a client install, use the following command:

$ sudo yum install ossec-hids-client

If you intend to install it on a Debian-based Linux distribution, Nicolas Zin has packaged OSSEC for Ubuntu. His work is available at the following link:

https://launchpad.net/~nicolas-zin/+archive/ossec-ubuntu

Follow his instructions to enable the source in APT. Install OSSEC server by running the following command:

$ sudo apt-get install ossec-hids-server

Or for a client install, use the following command:

$ sudo apt-get install ossec-hids-agent

Integrating the deployment of OSSEC into your organization's configuration management solution is much easier with binary packaging. Servers receiving a binary package do not require a C compiler to be installed. This often fits within the organization's requirements to remove unnecessary software from its infrastructure.

Even though OSSEC may already be running, we need to make sure that we configure our installation to start during the operating system's boot sequence. This step varies depending on the operating system you're running. The easiest way to start OSSEC on Linux/BSD is to add the /var/ossec/bin/ossec-control start command to the /etc/rc.d/rc.local file, which is executed at boot.

If you've chosen the binary package install, chances are that the package provides an initialization script for your operating system. Most modern systems use an initialization script usually installed as /etc/init.d/ossec-hids, and the following commands will enable it:

The Microsoft Windows binary installer configures OSSEC to run at startup, so no additional steps are necessary.