ESFI111 - Defend your Network with OSSEC
CyberWarrior
About This Course
OSSEC is an open source, host-based intrusion detection system (HIDS) that performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response.
It’s one of the most important security applications you could install on your server and it can be used to monitor one machine or thousands in a client/server or agent/server fashion. If properly configured, OSSEC can give you a view into what’s happening on your server via email alerts to any number of configured email addresses.
It detects intrusions on Linux, OpenBSD, FreeBSD, OS X, Solaris, and Windows, among other operating systems.
Requirements
OSSEC needs a firewall active on the system for its active response feature. It’s also important that the server keeps accurate time which calls for NTP to be enabled. Finally, the server’s time zone needs to be set – by default it’s UTC.
