OSSEC is an open source Host-based Intrusion Detection System (HIDS). It is really eay to install with ubuntu and is able to detect many intrusion attemps. It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.
There’s a large library of existing rules but new can be created via simple xml files.
The OSSEC provides a Web User Interface (wui) to check in real time what’s happening and to have statistics about incoming activity to your server.
OSSEC is available for Linux, Solaris, *BSD, Mac and variants, Windows 2000,XP and 2003
comments : 0 Add comment
