1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Securing Your Server With A Host-based Intrusion Detection System

Discussion in 'Computer Security' started by Mr.Cheeks, Sep 21, 2006.

  1. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    This article shows how to install and run OSSEC HIDS, an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. It helps you detect attacks, software misuse, policy violations and other forms of inappropriate activities.

    With OSSEC HIDS you can monitor multiple systems, with one system being the OSSEC HIDS server and the others the OSSEC HIDS agents that report back to the server. However, in this tutorial I want to monitor just one system, so I perform a "local" installation so that OSSEC HIDS will do its work locally on that system.

    In the following I use a Debian Sarge (3.1) system to install OSSEC HIDS on.

    I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!...

    To read the rest of the article, click here...
  2. phonics3k

    phonics3k Nibble Poster

    nice article and its the way I took when I was setting mine up (With a few minor adjustments)
    Certifications: None As Yet
    WIP: MCTS: 70-536 & 70-526

Share This Page