Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


OSSEC, the free and open source IDS

Feb 27, 2014, 10:00 (0 Talkback[s])
(Other stories by Doug Vitale)

OSSEC is a HIDS that functions using both signature and anomaly detection (the book OSSEC HIDS Host Based Intrusion Guide states on page 161 that OSSEC’s “kernel-level checks do not use any signatures and instead rely on anomaly detection technology to look for rootkits”). OSSEC provides both host agent and file integrity agent (integrity checking) capabilities. It can also detect rootkits and perform log analysis. OSSEC can be deployed as a stand-alone agent or as part of a distributed network of agents with a central OSSEC server controlling their configurations and settings. In server mode, a central OSSEC server manages one or more remote OSSEC agents. These agents generate updates and status reports which are transmitted to the server. If any of these notifications are deemed suspicious by the server, it generates alerts.

Complete Story

Related Stories: