Slashdot Mirror

← Back to Stories (view on slashdot.org)

An Open Source Security Triple Play

Posted by ryuzaki0 on from the wake-me-up-when-things-are-goin-down dept.

Marcus Maciel writes to tell that Linux.com's Joe Barr recently took a look at OSSEC-HIDS, an open source host intrusion detection system. From the article: "According the OOSEC-HIDS Web site, it's more than a host intrusion detection system (IDS). It's also a security event manager and a security information manager, which makes it the security equivalent of a hat trick in hockey, a triple-play in baseball, or a rare triple-double in basketball. OSSEC-HIDS runs on both Windows and Linux/Unix. You can download the latest version along with the project's PGP public key, so you can verify the download." Linux.com and Slashdot are both owned by OSTG.

16 of 65 comments (clear)

  1. I'm not a proper geek! by HugePedlar · · Score: 2, Funny

    I'm so embarassed. I truly thought this was about physical building security with cameras and PIRs and shit.

    To whom to I report to hand back my geek membership card?

    --
    Argh.
  2. Re:Sporting Analogies by Xserv · · Score: 4, Funny

    Exactly. What makes them think we'll understand any of that? We're nerds. Basketball? Hmm. How about pong?

    Xserv

    --
    "I love lamp."
  3. Good but could be improved by datasetgo · · Score: 4, Interesting

    While OSSEC HIDS looks like the beginnings of a good solution (aside from the name - sheesh - sounds like a sneeze) I'd like to see integration of projects like DShield.org and maybe some community-maintained updates for rootkit definitions and such. APF/BFD does this - why not OSSEC HIDS?
    Gesundheit.

  4. Translation by lisaparratt · · Score: 2, Funny

    "It makes it the equivalent of massive hyperbole amongst rational discussion!"

  5. OSSEC is great by Darkael · · Score: 5, Informative

    Here is a list of what OSSEC can do if you are too lazy to RTFA:
    - Log Analysis, with a powerful xml-based rules system
    - File integrity checker
    - Rootkit detection
    - Active response (automatically ban hosts on critical alerts)
    - Mail reporting
    - Server/clients or local installation

    It's GPL and runs on many *nix OS. I've tried OSSEC for a few months to monitor a few servers and I must say I'm pretty impressed with it. Its log analysis system is powerful and easy to understand. I've met a few false positives, but you can easily define your own rules to ignore some events. The project is a bit young, but development is very active. Definitely worth trying if you are interested in Unix security.

    1. Re:OSSEC is great by Farce+Pest · · Score: 3, Informative

      Uh, no. Nagios is great for monitoring network services and local services, but it is not an IDS, and it does not look at logs or look for modified files or rootkits. There are some plugins that allow at least one IDS (Prelude) to talk to Nagios, but that's a separate product.

      --
      This message has been scanned for memes and dangerous content by MindScanner, and is believed to be unclean.
    2. Re:OSSEC is great by Darkael · · Score: 2, Interesting

      Well, can Nagios detect a SSH brute force attack, report it to you by mail and ban the offending IP, out of the box with almost no configuration to do?

      Last time I checked Nagios was a general-purpose monitoring system, a pain in the ass to configure and too bloated if all you want is just improving your security. An HIDS like OSSEC is better suited for this kind of task.

  6. Re:Sporting Analogies by MaxInBxl · · Score: 3, Insightful

    Ok so it's a security tool with 3 different "modules". Fantastic, probably a first in the software industry.

  7. For those who don't get how great this is by CosmeticLobotamy · · Score: 5, Funny

    It's true that it's like a hat trick, triple-double, and that other thing, but if you don't know what any of those things are, it's also like a hole-in-three in golf, or three goals in three non-consecutive games of soccer, or to go in a non-sporting direction, three pieces of ham on a ham sandwich. But I guess the simplest way to explain it is that it does three seperate things. Three! I know it's a bit complicated, so I can explain further using many, many more analogies if need be. Just let me know.

    1. Re:For those who don't get how great this is by Whiney+Mac+Fanboy · · Score: 3, Funny

      three pieces of ham on a ham sandwich. **snip** I can explain further using many, many more analogies if need be. Just let me know.

      I'm not sure I'm following here - is that brown bread or white bread? Smoked ham or honey cured?

      --
      There are shills on slashdot. Apparently, I'm one of them.
    2. Re:For those who don't get how great this is by dpiven · · Score: 4, Funny
      Or, put another way, it's like having a wife, a girlfriend, AND an inflatable doll in your briefcase.

      (If you just thought, "if I had a girlfriend, how would I get her to stay in my briefcase?", you might be a /.er)

  8. Ironically... by daBass · · Score: 4, Insightful

    The metaphores used in the summary indicate three *the same* things while the product in question does three *different* things.

  9. Re:Sporting Analogies by ryanhornbeck · · Score: 2, Interesting

    Not to get anal, but a triple play is MUCH more rare than either a triple-double or a hat trick.

    MLB: 30 teams x 162 games = 4860 games (possibly 2 triple plays per season or 1 every 2430 games)
    NBA: 30 teams x 82 games = 2460 games (23 triple-doubles last season or 1 ever 106.95652173913043478260869565217 games)
    NHL: 30 teams x 82 games = 2460 games (84 hat tricks last season or 1 every 29.285714285714285714285714285714 games)

    --
    Vocal minorities are often confused with silent majorities.
  10. Re:Sporting Analogies by Shaper_pmp · · Score: 2, Insightful

    Except this is Slashdot, not ESPN. For clarity analogies should probably be restricted to politics, code, IT infrastructure and cars (failed).

    Plus, of course, the analogy in the summary was so long by the time it finished I'd almost forgotten what the summary was about...

    --
    Everything in moderation, including moderation itself
  11. Iv'e used this system for a while now... by Victor+Fors · · Score: 3, Informative

    It's actually quite useful, and not only from a security/intrusion standpoint; it reads the system logs and reports on errors. And the best thing about it is, it's self-learning! It will count the number of times a certain (low-level, as in "cannot find file" type) system error is encountered, and then, if it appears often enough on a regular basis it learns to ignore it. Very neat.

  12. Re:Sporting Analogies by Alioth · · Score: 2, Insightful

    Why couldn't they have just SAID that instead of this ridiculous sporting analogy which sounds like rapid-fire buzzwords from a marketdroid? I couldn't resist tagging the article 'badsportinganalogy'.

    --
    Oolite: Elite-like game. For Mac, Linux and Windows