HIDS

ossec_logo.jpg
Wow, even my wife has been buggin that I haven’t posted anything lately. So, here goes…

For quite some time now I have been running a program called OSSEC at work as an IDS or Intrusion Detection System. I had even recommended it to Dann a while back, but haven’t heard back from him regarding his thoughts about it or if he has even tried it yet.

At any rate, I have become increasingly comfortable with OSSEC and I have to say it does its thing really well and otherwise stays out of the way, which is something I really like and it has gotten a lot of very good reviews.

Here is a quick guide to installing it on my ubuntu server, however, the process is very much the same on any Linux.

First, make sure you have a compiler installed:
sudo apt-get install build-essential

Then:
wget http://www.ossec.net/files/ossec-hids-latest.tar.gz
tar xzvf ossec-hids-latest.tar.gz
cd ossec-hids-1.4/
sudo ./install.sh

I choose a local install and the default settings and just plugged in my smtp account information. A good note here is that the system this is running on does *NOT* have to be running mail of any kind. This prog will send mail to the smtp server of your choice.

After the indstall was complete, I started ossec by doing:
sudo /etc/init.d/ossec start

And that was that. At this point, Ossec will check your system for rootkits, etc, and monitor for intrusion detection. If it finds anything suspicious, it’ll email you with the details. It’s a really great way to keep track of things, especially on any system that faces the internet in any capacity.

Try it, you’ll like it!

Comments are closed.