I find there are a number of IDS softwares. I am looking into AIDE and OSSEC. Based on your experiences which is better as I see OSSEC have the email capability though. Any good suggestion? [by newbie14]
I want to install OSSEC HIDS in my Network Infrastructure for monitoring my network traffic & act based on that. I had gone through the OSSEC site regarding pre-requisites. I want to do it only for my Routers , Switches and Firewalls which can be done through "agentless" type . How that could be done?
I am trying to integrate ossec 2.7.1 into prelude (prelude-manager 1.0.2). I registered the ossec master as a prelude agent witht the prelude master (ossec and prelude master both on the same host). Now I successfully registered an ossec agent with the ossec master.
quick question. I am trying to get Ossec to avoid specific / repetitive logging from ossec. It doesn't seem to be working ( I think I am not understanding the way rules work in Ossec and jumped into it just like that ).
All my Ossec client machines are getting monitored by Nagios.
I'm running an eight server environment with OSSEC reporting to a central server. What would cause an ossec agent to report 0.0.0.0 for available agents instead of the server's public IP address in ossec-web for all but ossec-server and two of the other servers?
I have recently installed ossec and its web-ui from the repositories.
I have configured its parameters, have added www-data to the /var/ossec folder, changed its permissions to 755 (although not necessary) ...
I did not touch php nor apache configuration.
Now whenever I try accessing the web gui I get this message:
I am having an issue with OSSEC. Whenever a user script tries to change the memory limit, the ossec simply blocks its IP. On further research, i found that OSSEC blocks an IP if a rule of frequency greater than or equal to 6 is triggered. I need to find this rule and change its frequency. Any ideas?
OSSEC, an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response, is now at version 2.7.
It's been over a year from the previous major version of OSSEC, 2.6, which was released back in July 2011.