Securing Your Server With A Host-based Intrusion Detection System

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

This article shows how to install and run OSSEC HIDS, an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. It helps you detect attacks, software misuse, policy violations and other forms of inappropriate activities.

With OSSEC HIDS you can monitor multiple systems, with one system being the OSSEC HIDS server and the others the OSSEC HIDS agents that report back to the server. However, in this tutorial I want to monitor just one system, so I perform a "local" installation so that OSSEC HIDS will do its work locally on that system.

In the following I use a Debian Sarge (3.1) system to install OSSEC HIDS on.

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!...

To read the rest of the article, click here...

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

nice article and its the way I took when I was setting mine up (With a few minor adjustments)