Installing OSSEC on Mac OS

ossec_on_mac-225x225Sometimes building and deploying open-source systems on the Mac OS can be a bit of a pain. Don’t get me wrong I love the Mac, and most things Apple for that matter. But some of the libraries in the system tool chain are bit outdated.

For those of you who want to run OSSEC on OS X Yosemite, you’ll find that the version of OpenSSL included with that version of Mac OS is outdated. In this article I’ll show you how to correct this problem.


Get a Package Manager

Although the AppStore lets you keep your applications update, at least those that you installed that way, there is no package manager like yum or apt-get to do system component upgrades. Instead you can use MacPorts, Brew, or Fink, all of which work pretty well. I’ll discuss using MacPorts since that is what I use on my system.

First let’s install MacPorts, if you don’t already have it.  Go to the MacPorts install page then download the MacPorts for your OS X version. In my case it is OS X Yosemite.  There are versions for OS X Mavericks and the latest El Capitan. Double click on the MacPorts install package you require then follow the directions on the screen.

The MacPorts installer will set your $PATH to include /opt/local/bin which contains the port command that you use to get packages. To see what is available run the command like this:

port list

Install the Latest OpenSSL

MacPorts packages will reside in your /opt/local directory. To install the latest OpenSSL use port again:

sudo port install openssl

The new library will be placed in /opt/local/lib. Next you have to put symbolic links to libssl.dylib in /usr/lib so the C compiler can find it. You should see a symbolic link to the pre-1.x version libssl.dylib that you should create a copy of just in case you find that you have to restore that version.

cd /usr/lib
sudo mv libssl.dylib libssl.dylib.factory
sudo ln -s /opt/local/lib/libssl.dylib libssl.dylib

Install OSSEC

Now you can run the install OSSEC install script to setup an agent, server, or hybrid server-agent install. Just run the install script in your expanded OSSEC directory. Assuming you have OSSEC 2.8.3 in your $HOME directory it would look like this:

cd $HOME/ossec-hids-2.8.3
sudo ./

You should be good to go. Remember that you need to load the version of MacPorts that is designed to work on your version of OS X.


Article by Vic Hargrave

Software developer, blogger and family man enjoying life one cup of coffee at a time. I like programming and writing articles on tech topics. And yeah, I like coffee.

Leave a Reply

Your email address will not be published. Required fields are marked *