Download presentation
Presentation is loading. Please wait.
Published byKevin Evans Modified over 9 years ago
1
Power of OSSEC By Donovan Thorpe CS 5910 Fall 2010
2
CS 5910 - dthorpe - OSSEC - 2010-12-08 2 What is OSSEC OSSEC History Host-based Intrusion Detection System Open Source Multi-platform
3
CS 5910 - dthorpe - OSSEC - 2010-12-08 3 Installation Types Local Server Agent and Agent-less
4
CS 5910 - dthorpe - OSSEC - 2010-12-08 4 OSSEC features System Integrity Checking Rootkit Detection Log Analysis Active Response
5
CS 5910 - dthorpe - OSSEC - 2010-12-08 5 Integrity Checking syscheck checks: md5sum, sha1sum, size, owner, group, perms realtime option for directories
6
CS 5910 - dthorpe - OSSEC - 2010-12-08 6 Rootkit Detection Looks for known rootkits Scans filesystem looking for unusual files and permissions Looks for hidden ports Looks for promiscuous mode on all interfaces
7
CS 5910 - dthorpe - OSSEC - 2010-12-08 7 Log Analysis File Monitoring Process Monitoring search the output of a command df -h based on when the output changes netstat -tan |grep LISTEN|grep -v 127.0.0.1
8
CS 5910 - dthorpe - OSSEC - 2010-12-08 8 Output and Alerts syslog email database
9
CS 5910 - dthorpe - OSSEC - 2010-12-08 9 Active Response Based on an alert run a command hosts deny firewall drop route null
10
CS 5910 - dthorpe - OSSEC - 2010-12-08 10 Comparison CISCO Security Agent Symantec Client Security Tripwire
11
CS 5910 - dthorpe - OSSEC - 2010-12-08 11 Enhancements Recursive optional or blocking Realtime options for files More inotify event codes Per entry of inotify
12
CS 5910 - dthorpe - OSSEC - 2010-12-08 12 Resources Main web site www.ossec.netwww.ossec.net Mailing lists Books Web interface and Plugins
13
CS 5910 - dthorpe - OSSEC - 2010-12-08 13 Q & A Questions ???
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.