linux poison RSS
linux poison Email

Open Source Host-based Intrusion Detection System - OSSEC

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.

OSSEC Features:
OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.

 * Compliance Requirements
 * Multi platform
 * Real-time and Configurable Alerts
 * Integration with current infrastructure
 * Centralized management
 * Agent and agentless monitoring
 * File Integrity checking
 * Log Monitoring
 * Rootkit detection
 * Active response

OSSEC HIDS Manager/Agent Installation:
Installation of the OSSEC HIDS is very simple. Just follow these few steps to have it working. Please make sure that you understand the type of installation you are choosing (manager, agent, local, etc) and are also aware of the order (always install the manager first). If you don’t know what I’m talking about, it’s a good idea to visit the install types page.

The best installation tutorial is available in the OSSEC book and the installation chapter is available for FREE in PDF at: OSSEC Book - Chapter 2.pdf

OSSEC Downloads:
Unix/Linux version 2.7
OSSEC for Linux, Solaris, *BSD, Mac, AIX and variants: ossec-hids-2.7.tar.gz

Windows agent version 2.7
OSSEC for Windows 2000, XP, Vista, 7 and Windows Server 2003, 2008: ossec-agent-win32-2.7.exe

Extract the compressed package and run the “./” script (It will guide you through the installation).
# tar -zxvf ossec-hids-*.tar.gz
# cd ossec-hids-*
# ./
# /var/ossec/bin/ossec-control start
NOTE: Remember to open port 1514 (UDP) if there is a firewall between the server and the agents


Post a Comment

Related Posts with Thumbnails