Sponsored Links

Kamis, 09 November 2017

Sponsored Links

VMAdmin: Wazuh ELK OSSEC
src: 1.bp.blogspot.com

OSSEC is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD, OS X, Solaris and Windows. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed.


Video OSSEC



History

In June 2008, the OSSEC project and all the copyrights owned by Cid, the project leader, were acquired by Third Brigade, Inc. They promised to continue to contribute to the open source community and to extend commercial support and training to the OSSEC open source community.

In May 2009, Trend Micro acquired Third Brigade and the OSSEC project, with promises to keep it open source and free.

It is compliant with Payment Card Industry Data Security Standard (PCI DSS) requirements.


Maps OSSEC



Software components

OSSEC consists of a main application, a Windows agent, and a web interface.

  • Main application, OSSEC, which is required for distributed network or stand-alone installations. It is supported by Linux, Solaris, BSD, and Mac environments.
  • Windows agent, which is provided for Microsoft Windows environments. The main application needs to be installed and configured for server mode to support the Windows Agent.
  • Web interface (deprecated), which as a separate application provides a graphical user interface. Like the main application, it is supported by Linux, Solaris, BSD, and Mac environments. It is now suggested to use Kibana, Splunk Graylog or something similar for monitoring alerts.

install ossec hids server on centOs - YouTube
src: i.ytimg.com


Capabilities

OSSEC has a log analysis engine that is able to correlate and analyze logs from multiple devices and formats. The following are currently supported:

  • Unix-only: Unix PAM, sshd (OpenSSH), Solaris telnetd, Samba, Su, and Sudo
  • FTP servers: ProFTPd, Pure-FTPd, vsftpd, Microsoft FTP Server, and Solaris ftpd
  • Mail servers: Imapd and pop3d, Postfix, Sendmail, vpopmail, and Microsoft Exchange Server
  • Databases: PostgreSQL and MySQL
  • Web servers: Apache HTTP Server (access log and error log), IIS web server (NSCA and W3C extended), and Zeus Web Server errors log
  • Web applications: Horde IMP, SquirrelMail, and Modsecurity
  • Firewalls: iptables firewall, Solaris IPFilter firewall, AIX ipsec/firewall, Netscreen firewall, Windows Firewall, Cisco PIX, Cisco FWSM, and Cisco ASA
  • NIDS: Cisco IOS IDS/IPS module, and Snort IDS (full, fast, and syslog)
  • Security tools: Symantec AntiVirus, Nmap, Arpwatch, and Cisco VPN Concentrator
  • Others: Named (BIND), Squid proxy, Zeus eXtensible Traffic Manager (now Riverbed Stingray Traffic Manager)
  • Windows event logs (logins, logouts, audit information, etc.)
  • Windows Routing and Remote Access logs
  • Generic Unix authentication (adduser, logins, etc.)

Ossec talk - YouTube
src: i.ytimg.com


See also

  • Host-based intrusion detection system comparison

CentOS 6.4 使ç
src: www.yunweidashi.com


References


ossec alert viewer - YouTube
src: i.ytimg.com


External links

  • Official website

Source of the article : Wikipedia

Comments
0 Comments