Slashdot Mirror

← Back to Stories (view on slashdot.org)

An Open Source Security Triple Play

Posted by ryuzaki0 on from the wake-me-up-when-things-are-goin-down dept.

Marcus Maciel writes to tell that Linux.com's Joe Barr recently took a look at OSSEC-HIDS, an open source host intrusion detection system. From the article: "According the OOSEC-HIDS Web site, it's more than a host intrusion detection system (IDS). It's also a security event manager and a security information manager, which makes it the security equivalent of a hat trick in hockey, a triple-play in baseball, or a rare triple-double in basketball. OSSEC-HIDS runs on both Windows and Linux/Unix. You can download the latest version along with the project's PGP public key, so you can verify the download." Linux.com and Slashdot are both owned by OSTG.

6 of 65 comments (clear)

  1. Re:Sporting Analogies by Xserv · · Score: 4, Funny

    Exactly. What makes them think we'll understand any of that? We're nerds. Basketball? Hmm. How about pong?

    Xserv

    --
    "I love lamp."
  2. Good but could be improved by datasetgo · · Score: 4, Interesting

    While OSSEC HIDS looks like the beginnings of a good solution (aside from the name - sheesh - sounds like a sneeze) I'd like to see integration of projects like DShield.org and maybe some community-maintained updates for rootkit definitions and such. APF/BFD does this - why not OSSEC HIDS?
    Gesundheit.

  3. OSSEC is great by Darkael · · Score: 5, Informative

    Here is a list of what OSSEC can do if you are too lazy to RTFA:
    - Log Analysis, with a powerful xml-based rules system
    - File integrity checker
    - Rootkit detection
    - Active response (automatically ban hosts on critical alerts)
    - Mail reporting
    - Server/clients or local installation

    It's GPL and runs on many *nix OS. I've tried OSSEC for a few months to monitor a few servers and I must say I'm pretty impressed with it. Its log analysis system is powerful and easy to understand. I've met a few false positives, but you can easily define your own rules to ignore some events. The project is a bit young, but development is very active. Definitely worth trying if you are interested in Unix security.

  4. For those who don't get how great this is by CosmeticLobotamy · · Score: 5, Funny

    It's true that it's like a hat trick, triple-double, and that other thing, but if you don't know what any of those things are, it's also like a hole-in-three in golf, or three goals in three non-consecutive games of soccer, or to go in a non-sporting direction, three pieces of ham on a ham sandwich. But I guess the simplest way to explain it is that it does three seperate things. Three! I know it's a bit complicated, so I can explain further using many, many more analogies if need be. Just let me know.

    1. Re:For those who don't get how great this is by dpiven · · Score: 4, Funny
      Or, put another way, it's like having a wife, a girlfriend, AND an inflatable doll in your briefcase.

      (If you just thought, "if I had a girlfriend, how would I get her to stay in my briefcase?", you might be a /.er)

  5. Ironically... by daBass · · Score: 4, Insightful

    The metaphores used in the summary indicate three *the same* things while the product in question does three *different* things.