Why I use OSSEC

There are some great reasons to use OSSEC. One of them is you get emails like these I received this morning: Jun 10 09:24:51 pukwudgie sshd[28651]: Failed password for invalid user pureftp from 202.121.49.62 port 45542 ssh2 Jun 10 09:24:48 pukwudgie sshd[28651]: Invalid user pureftp from 202.121.49.62 Jun 10 09:24:29 pukwudgie sshd[28630]: Failed password for […]

System Administration: Information

Probably 50% of a SysAdmin’s job revolves around information. Knowing what is going on with your systems can make all the difference. Just don’t make the mistake of thinking that the more information the better. What you really need is the *correct* information at the appropriate time and it shouldn’t be obfuscated by extra information. […]

Server Build

Last night on the TechShow I was asked about providing some info on a decent default server build. Here are some quick notes to get people going. Adjust as necessary. Just for ease, here, lets assume you are installing CentOS 5, a nice robust enterprise class Linux for your server needs. CentOS 5 / RHEL […]

Splunk + OSSEC

I have just started working with splunk a little bit and one of the things I have tried is to hook it up to OSSEC. This, like most things these days, has proven to be interesting to say the least. Actually, it’s a very simple process, however, the documentation is abysmal at best and I […]

Ossec 2

Yessiree Bob. Ossec has released v2. Go and grab it now. One of the really exciting new features it’s supposed to have is clientless monitoring. I can’t wait to try that out! Most of you know that I run Ossec on a *lot* of systems. Almost every box I run at home and at work […]

Ossec insmod error

Let me preface this by saying that if you are not running Ossec on at least your external facing machines, then you should be. It’s great software! The reason this post is here is for reference mostly and maybe to be able to help someone out later via their favorite search engine. I have been […]