Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

An Open Source Security Triple Play 65

Posted by ScuttleMonkey from the wake-me-up-when-things-are-goin-down dept.
Marcus Maciel writes to tell that Linux.com's Joe Barr recently took a look at OSSEC-HIDS, an open source host intrusion detection system. From the article: "According the OOSEC-HIDS Web site, it's more than a host intrusion detection system (IDS). It's also a security event manager and a security information manager, which makes it the security equivalent of a hat trick in hockey, a triple-play in baseball, or a rare triple-double in basketball. OSSEC-HIDS runs on both Windows and Linux/Unix. You can download the latest version along with the project's PGP public key, so you can verify the download." Linux.com and Slashdot are both owned by OSTG.
This discussion has been archived. No new comments can be posted.

An Open Source Security Triple Play More

An Open Source Security Triple Play

Comments Filter:

  • OSSEC is great (Score:5, Informative)

    by Darkael ( 969121 ) on Tuesday August 08, 2006 @06:29AM (#15864684)
    Here is a list of what OSSEC can do if you are too lazy to RTFA:
    - Log Analysis, with a powerful xml-based rules system
    - File integrity checker
    - Rootkit detection
    - Active response (automatically ban hosts on critical alerts)
    - Mail reporting
    - Server/clients or local installation

    It's GPL and runs on many *nix OS. I've tried OSSEC for a few months to monitor a few servers and I must say I'm pretty impressed with it. Its log analysis system is powerful and easy to understand. I've met a few false positives, but you can easily define your own rules to ignore some events. The project is a bit young, but development is very active. Definitely worth trying if you are interested in Unix security.

  • Re:OSSEC is great (Score:4, Informative)

    by Farce Pest ( 67765 ) <farcepest@gmail.com> on Tuesday August 08, 2006 @07:35AM (#15864812) Homepage Journal
    Uh, no. Nagios is great for monitoring network services and local services, but it is not an IDS, and it does not look at logs or look for modified files or rootkits. There are some plugins that allow at least one IDS (Prelude) to talk to Nagios, but that's a separate product.

  • Iv'e used this system for a while now... (Score:3, Informative)

    by Victor Fors ( 987095 ) on Tuesday August 08, 2006 @08:22AM (#15864977)
    It's actually quite useful, and not only from a security/intrusion standpoint; it reads the system logs and reports on errors. And the best thing about it is, it's self-learning! It will count the number of times a certain (low-level, as in "cannot find file" type) system error is encountered, and then, if it appears often enough on a regular basis it learns to ignore it. Very neat.

Slashdot Top Deals

Mystics always hope that science will some day overtake them. -- Booth Tarkington

Close