Slashdot Mirror

← Back to Stories (view on slashdot.org)

An Open Source Security Triple Play

Posted by ryuzaki0 on from the wake-me-up-when-things-are-goin-down dept.

Marcus Maciel writes to tell that Linux.com's Joe Barr recently took a look at OSSEC-HIDS, an open source host intrusion detection system. From the article: "According the OOSEC-HIDS Web site, it's more than a host intrusion detection system (IDS). It's also a security event manager and a security information manager, which makes it the security equivalent of a hat trick in hockey, a triple-play in baseball, or a rare triple-double in basketball. OSSEC-HIDS runs on both Windows and Linux/Unix. You can download the latest version along with the project's PGP public key, so you can verify the download." Linux.com and Slashdot are both owned by OSTG.

3 of 65 comments (clear)

  1. OSSEC is great by Darkael · · Score: 5, Informative

    Here is a list of what OSSEC can do if you are too lazy to RTFA:
    - Log Analysis, with a powerful xml-based rules system
    - File integrity checker
    - Rootkit detection
    - Active response (automatically ban hosts on critical alerts)
    - Mail reporting
    - Server/clients or local installation

    It's GPL and runs on many *nix OS. I've tried OSSEC for a few months to monitor a few servers and I must say I'm pretty impressed with it. Its log analysis system is powerful and easy to understand. I've met a few false positives, but you can easily define your own rules to ignore some events. The project is a bit young, but development is very active. Definitely worth trying if you are interested in Unix security.

    1. Re:OSSEC is great by Farce+Pest · · Score: 3, Informative

      Uh, no. Nagios is great for monitoring network services and local services, but it is not an IDS, and it does not look at logs or look for modified files or rootkits. There are some plugins that allow at least one IDS (Prelude) to talk to Nagios, but that's a separate product.

      --
      This message has been scanned for memes and dangerous content by MindScanner, and is believed to be unclean.
  2. Iv'e used this system for a while now... by Victor+Fors · · Score: 3, Informative

    It's actually quite useful, and not only from a security/intrusion standpoint; it reads the system logs and reports on errors. And the best thing about it is, it's self-learning! It will count the number of times a certain (low-level, as in "cannot find file" type) system error is encountered, and then, if it appears often enough on a regular basis it learns to ignore it. Very neat.