Hide minor edits
Show changes to output
October 28, 2009, at 03:57 PM
Added lines 1-36:
!!!OSSEC Open Source Host-based Intrusion Detection System.
OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. A list with all supported platforms is available http://www.ossec.net/main/supported-systems
If you have one system to monitor, you can install the OSSEC HIDS locally on that box and do everything from there.
However, if you are administering a few systems, you can select one to be your OSSEC server and the others to be OSSEC agents, forwarding events to the server for analysis. One of the greatest benefits of the OSSEC HIDS is its scalability, allowing you to monitor multiple systems from a central point.
# wget http://www.ossec.net/files/ossec-hids-latest.tar.gz
Your IDS and rootkit rules will be just in one box, making it much easier to administer and configure.
Please make sure that you understand the type of installation you are choosing (manager, agent, local, etc) and are also aware of the order (always install the manager first).
# tar -zxvf ossec-hids-*.tar.gz (or gunzip -d; tar -xvf)
# cd ossec-hids-*
Start the OSSEC HIDS.
# /var/ossec/bin/ossec-control start
Page last modified on October 28, 2009, at 03:57 PM