Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status


ossec (27) Versions 2.0.2

Installs and configures ossec

cookbook 'ossec', '= 2.0.2', :supermarket
cookbook 'ossec', '= 2.0.2'
knife supermarket install ossec
knife supermarket download ossec
Quality 50%

ossec cookbook

Cookbook Version
Build Status

Installs OSSEC from source in a server-agent installation. See:

For managing Wazuh, consider using the Wazuh Chef Cookbook here:


This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit or come chat with us on the Chef Community Slack in #sous-chefs.



  • Ubuntu / Debian
  • RHEL and derivatives


  • Chef 16.13+


  • yum-atomic


  • node['ossec']['dir'] - Installation directory for OSSEC, default /var/ossec. All existing packages use this directory so you should not change this.
  • node['ossec']['server_role'] - When using server/agent setup, this role is used to search for the OSSEC server, default ossec_server.
  • node['ossec']['server_env'] - When using server/agent setup, this value will scope the role search to the specified environment, default nil.
  • node['ossec']['agent_server_ip'] - The IP of the OSSEC server. The client recipe will attempt to determine this value via search. Default is nil, only required for agent installations.
  • node['ossec']['data_bag']['encrypted'] - Boolean value which indicates whether or not the OSSEC data bag is encrypted
  • node['ossec']['data_bag']['name'] - The name of the data bag to use
  • node['ossec']['data_bag']['ssh'] - The name of the data bag item which contains the OSSEC keys


OSSEC's configuration is mainly read from an XML file called ossec.conf. You can directly control the contents of this file using node attributes under node['ossec']['conf']. These attributes are mapped to XML using Gyoku. See the Gyoku site for details on how this works.

Chef applies attributes from all attribute files regardless of which recipes were executed. In order to make wrapper cookbooks easier to write, node['ossec']['conf'] is divided into the three installation types mentioned below, local, server, and agent. You can also set attributes under all to apply settings across all installation types. The typed attributes are automatically deep merged over the all attributes in the normal Chef manner.

true and false values are automatically mapped to "yes" and "no" as OSSEC expects the latter.

ossec.conf makes little use of XML attributes so you can generally construct nested hashes in the usual fashion. Where an attribute is required, you can do it like this:

default['ossec']['conf']['all']['syscheck']['directories'] = [
  { '@check_all' => true, 'content!' => '/bin,/sbin' },

This produces:

  <directories check_all="yes">/bin,/sbin</directories>

The default values are based on those given in the OSSEC manual. They do not include any specific rules, checks, outputs, or alerts as everyone has different requirements.


OSSEC servers can also distribute configuration to agents through the centrally managed XM file called agent.conf. Since Chef is better at distributing configuration than OSSEC is, the cookbook leaves this file blank by default. Should you want to populate it, it is done in a similar manner to the above. Since this file is only used on servers, you can define the attributes directly under node['ossec']['agent_conf']. Unlike conventional XML files, agent.conf has multiple root nodes so node['ossec']['agent_conf'] must be treated as an array like so.

default['ossec']['agent_conf'] = [
    'syscheck' => { 'frequency' => 4321 },
    'rootcheck' => { 'disabled' => true }
    '@os' => 'Windows',
    'content!' => {
      'syscheck' => { 'frequency' => 1234 }

This produces:


<agent_config os="Windows">



Adds the OSSEC repository to the package manager. This recipe is included by others and should not be used directly. For highly customised setups, you should use ossec::install_agent or ossec::install_server instead.


Installs the agent packages but performs no explicit configuration.


Install the server packages but performs no explicit configuration.


Puts the configuration file in place and starts the (agent or server) service. This recipe is included by other recipes and generally should not be used directly.

Note that the service will not be started if the client.keys file is missing or empty. For agents, this results in an error. For servers, this prevents ossec-remoted from starting, resulting in agents being unable to connect. Once client.keys does exist with content, simply perform another chef-client run to start the service.


Runs ossec::install_server and then configures for local-only use. Do not mix this recipe with the others below.


OSSEC uses the term agent instead of client. The agent recipe includes the ossec::client recipe.


Configures the system as an OSSEC agent to the OSSEC server. This recipe will search for the server based on node['ossec']['server_role']. It will also set the agent_server_ip attribute. The ossec user will have an SSH key created so the server can distribute the agent key.


Sets up a system to be an OSSEC server. This recipe will search for all nodes that have an ossec attribute and add them as an agent.

To manage additional agents on the server that don't run chef, or for agentless OSSEC configuration (for example, routers), add a new node for them and create the node['ossec']['agentless'] attribute as true. For example if we have a router named with the IP

% knife node create
  "name": "",
  "json_class": "Chef::Node",
  "automatic": {
  "normal": {
    "hostname": "gw01",
    "fqdn": "",
    "ipaddress": "",
    "ossec": {
      "agentless": true
  "chef_type": "node",
  "default": {
  "override": {
  "run_list": [

Enable agentless monitoring in OSSEC and register the hosts on the server. Automated configuration of agentless nodes is not yet supported by this cookbook. For more information on the commands and configuration directives required in ossec.conf, see the OSSEC Documentation


If you do not wish to distribute agent keys via SSH then the authd mechanism provides an alternative. Set the agent_server_ip attribute manually and this recipe will attempt to register with the given server running ossec-authd. To allow registration with a new server after changing agent_server_ip, delete the client.keys file and rerun the recipe.


For a server to accept agent registrations, it needs to be running ossec-authd. This recipe installs an init script for it (systemd only for now) and will attempt to start it once the mandatory SSL certificate and key have been put in place. From OSSEC 2.9, you can also set a CA certificate to validate agents against.


The cookbook can be used to install OSSEC in one of the three types:

  • local - use the ossec::default recipe.
  • server - use the ossec::server recipe.
  • agent - use the ossec::client recipe

For local-only installations, add just recipe[ossec] to the node run list, or put it in a role (like a base role).


This section describes how to use the cookbook for server/agent configurations.

The server will use SSH to distribute the OSSEC agent keys. Create a data bag ossec, with an item ssh. It should have the following structure:

  "id": "ssh",
  "pubkey": "",
  "privkey": ""

Generate an ssh keypair and get the privkey and pubkey values. The output of the two ruby commands should be used as the privkey and pubkey values respectively in the data bag.

ssh-keygen -t rsa -f /tmp/id_rsa
ruby -e 'puts"/tmp/id_rsa")'
ruby -e 'puts"/tmp/")'

For the OSSEC server, create a role, ossec_server. Add attributes per above as needed to customize the installation.

% cat roles/ossec_server.rb
name "ossec_server"
description "OSSEC Server"
  "ossec" => {
    "conf" => {
      "server" => {
        "global" => {
          "email_to" => "",
          "smtp_server" => ""

For OSSEC agents, create a role, ossec_client.

% cat roles/ossec_client.rb
name "ossec_client"
description "OSSEC Client Agents"
  "ossec" => {
    "conf" => {
      "agent" => {
        "syscheck" => {
          "frequency" => 321


The main configuration file is maintained by Chef as a template, ossec.conf.erb. It should just work on most installations, but can be customized for the local environment. Notably, the rules, ignores and commands may be modified.

Further reading:


This project exists thanks to all the people who contribute.


Thank you to all our backers!


Support this project by becoming a sponsor. Your logo will show up here with a link to your website.

Dependent cookbooks

yum-atomic >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.


2.0.2 - 2023-02-23

Standardise files with files in sous-chefs/repo-management

2.0.1 - 2023-02-14

Standardise files with files in sous-chefs/repo-management

2.0.0 - 2023-01-12

  • Standardise files with files in sous-chefs/repo-management
  • Partially modernize cookbook
    • Refactor library helper
  • Properly set repositories for various supported platforms
  • Cleanup and Fix CI
  • Add support to various platforms
  • Fix idempotency issues

1.2.7 - 2022-02-08

  • Standardise files with files in sous-chefs/repo-management

1.2.6 - 2022-02-07

  • Remove delivery folder
  • Standardise files with files in sous-chefs/repo-management

1.2.5 - 2021-09-08

  • resolved cookstyle error: recipes/authd.rb:25:4 refactor: Chef/Modernize/UseChefLanguageSystemdHelper

1.2.4 - 2021-08-30

  • Standardise files with files in sous-chefs/repo-management

1.2.3 - 2021-06-01

  • resolved cookstyle error: spec/unit/recipes/agent_spec.rb:5:31 convention: Style/ExpandPathArguments
  • resolved cookstyle error: spec/unit/recipes/client_spec.rb:5:31 convention: Style/ExpandPathArguments
  • resolved cookstyle error: spec/unit/recipes/server_spec.rb:5:31 convention: Style/ExpandPathArguments

1.2.2 - 2020-05-14

  • resolved cookstyle error: recipes/common.rb:20:35 convention: Layout/TrailingWhitespace
  • resolved cookstyle error: recipes/common.rb:20:36 refactor: ChefModernize/FoodcriticComments
  • resolved cookstyle error: recipes/common.rb:90:24 convention: Layout/TrailingWhitespace
  • resolved cookstyle error: recipes/common.rb:90:25 refactor: ChefModernize/FoodcriticComments

1.2.1 - 2020-05-05


  • Migration to Github Actions


  • Various Cookstyle and foodcritic fixes
  • resolved cookstyle error: libraries/helpers.rb:31:18 convention: Style/HashEachMethods



[1.2.0] - 2019-05-13


  • Add distro based authd service name




[1.1.0] - 2018-08-13

  • README Updates:
    • Fix broken links
    • Add reference to Wazzuh
  • General updates to cookbook
    • Remove EOL distros
    • Update for current supported Chef version (13)

[1.0.5] - 2014-04-15

  • Avoid to prevent incomplete attribute collections
  • should be sorted for idempotency
  • Ability to disable ossec configuration template
  • Support for encrypted databags
  • Support for environment-scoped searches
  • Support for multiple email_to addresses

[1.0.4] - 2013-05-14

  • [COOK-2740]: Use FQDN for a client name
  • [COOK-2739]: Upgrade OSSEC to version 2.7

[1.0.2] - 2012-07-01

  • [COOK-1394] - update ossec to version 2.6


  • Initial/current release

Collaborator Number Metric

2.0.2 passed this metric

Contributing File Metric

2.0.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Cookstyle Metric

2.0.2 passed this metric

No Binaries Metric

2.0.2 passed this metric

Testing File Metric

2.0.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Version Tag Metric

2.0.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must include a tag that matches this cookbook version number