Uninstall OSSEC Server

916 views
Skip to first unread message

Carlos Islas

unread,
Jul 27, 2020, 4:56:26 PM7/27/20
to ossec-list
Hello to everybody,

I need to do the uninstall the OSSEC server from a Redhat OS. I was searching info in the group post but idont find anything. How can i do this?

Thank you.

Regards.

Scott Wozny

unread,
Jul 27, 2020, 9:33:28 PM7/27/20
to ossec...@googlegroups.com
If you inherited the install, first make sure it wasn't installed through a package manager by running a: yum list installed | grep ossec

If you get a response, do a yum remove of the package name returned. If you don't, then stop the app with: sudo /var/ossec/bin/ossec-control stop (if that doesn't work, it may have had its binaries installed elsewhere; do a sudo find / -name ossec-control and run that path with a stop command).

Then find where all the files and directories are with a: sudo find / -name *ossec* and a sudo find / -name *hids* which should give you all the places needed to do a manual scrape-out. Inelegant, I know, but I haven't found a better way. Perhaps some day someone will add an uninstaller to the tarball installer, but in the meantime, this is what's worked for me.

Best of luck,

Scott

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/78308faa-ecf1-4495-abef-122bfdcf4794o%40googlegroups.com.

Yunus Yasar

unread,
Jul 28, 2020, 6:46:09 AM7/28/20
to ossec...@googlegroups.com

Hi,

The post below can help you.

https://raymii.org/s/tutorials/Uninstall_OSSEC.html


best regards.


Yunus YASAR

Jr.System Operastions Specialist at sahibinden.com

27.07.2020 23:56 tarihinde Carlos Islas yazdı:

Scott Wozny

unread,
Jul 28, 2020, 11:59:52 AM7/28/20
to ossec...@googlegroups.com
Just note that this article was written before widespread deployment of systemd so it may leave some files related to systemd service management behind if your server uses systemd. But it DOES include the removal of OSSEC users and groups which I forgot to mention so perhaps consider a hybrid approach. 

To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/7fa4ee8c-7e02-1ef3-3a0c-df64787b6b7d%40gmail.com.
Reply all
Reply to author
Forward
0 new messages