This cookbook provides custom resources for installing and configuring OSSEC HIDS from the Atomicorp package archives used by the legacy cookbook.
The package path is constrained by upstream and vendor archive support. Read LIMITATIONS.md before expanding platform coverage.
This cookbook is maintained by the Sous Chefs. See sous-chefs.org.
- Chef Infra Client 15.3+
- Amazon Linux 2023
- Debian 12 / 13
- Rocky Linux 9
- Ubuntu 22.04 / 24.04
The actual package archive is broader than this list, but the cookbook only declares currently-supported platforms that align with the documented vendor support and the maintained Kitchen matrix.
- ossec_repository
- ossec_install
- ossec_config
- ossec_local
- ossec_client
- ossec_server
- ossec_authd
- ossec_agent_auth
Server and client key distribution uses a data bag item that defaults to
ossec/ssh.
{
"id": "ssh",
"pubkey": "ssh-ed25519 AAAA...",
"privkey": "-----BEGIN OPENSSH PRIVATE KEY-----\n..."
}If you use encrypted data bags, set encrypted_data_bag true on the resource.
ossec_local 'default'ossec_client 'default' do
agent_server_ip '192.0.2.10'
endossec_server 'default'ossec_authd 'default' do
certificate '/var/ossec/etc/sslmanager.cert'
key '/var/ossec/etc/sslmanager.key'
endossec_agent_auth 'default' do
agent_server_ip '192.0.2.10'
endossec_config, ossec_local, ossec_client, ossec_server, ossec_authd,
and ossec_agent_auth all accept an ossec_conf hash that is rendered to
/var/ossec/etc/ossec.conf via Gyoku.
For server workflows, agent_conf is written to
/var/ossec/etc/shared/agent.conf.
Example:
ossec_server 'default' do
ossec_conf(
'global' => {
'email_notification' => true,
'email_to' => 'ossec@example.com',
'smtp_server' => 'smtp.example.com'
}
)
agent_conf(
[
{
'syscheck' => { 'frequency' => 4321 },
'rootcheck' => { 'disabled' => true }
}
]
)
endberks install
cookstyle
chef exec rspec --format documentation
KITCHEN_LOCAL_YAML=kitchen.dokken.yml kitchen test default-ubuntu-2404 --destroy=always