Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: OSSEC  (Read 8254 times)

0 Members and 2 Guests are viewing this topic.

Godwin

  • Guest
OSSEC
« on: November 29, 2014, 06:35:30 pm »
OSSEC [ Open Source Security ]


OSSEC is a full platform to monitor and control your systems.
It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.
OSSEC has a sophisticated analysis engine that performs the following functions:
   • Rootkit Detection
   • System Integrity Checking
   • Log File Monitoring
   • Alert Generation
   •Active Response

A rootkit is unauthorized software installed into an operating system by an adversary with the dual goals of ensuring continued privileged access to the system and hiding its own existence from other processes and users on the system.

OSSEC reads and parses log messages in real time, looking for suspicious events. Typical log files monitored include:
/var/log/messages
/var/log/secure
/var/log/vsftpd.log
/var/log/maillog
/var/log/httpd/access_log
/var/log/httpd/error_log