Admin-Ahead Community
Windows => Server Security & Hardening => Topic started by: Godwin on November 29, 2014, 06:35:30 pm
-
OSSEC [ Open Source Security ]
OSSEC is a full platform to monitor and control your systems.
It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.
OSSEC has a sophisticated analysis engine that performs the following functions:
• Rootkit Detection
• System Integrity Checking
• Log File Monitoring
• Alert Generation
•Active Response
A rootkit is unauthorized software installed into an operating system by an adversary with the dual goals of ensuring continued privileged access to the system and hiding its own existence from other processes and users on the system.
OSSEC reads and parses log messages in real time, looking for suspicious events. Typical log files monitored include:
/var/log/messages
/var/log/secure
/var/log/vsftpd.log
/var/log/maillog
/var/log/httpd/access_log
/var/log/httpd/error_log