You are previewing Instant OSSEC Host-based Intrusion Detection.
O'Reilly logo
Instant OSSEC Host-based Intrusion Detection

Book Description

A hands-on guide exploring OSSEC HIDS for operational and security awareness

  • Learn something new in an Instant! A short, fast, focused guide delivering immediate results.

  • Install, configure, and customize an OSSEC-HIDS for your environment

  • Manage your OSSEC-HIDS robust and comprehensive security checks

  • Write your own rules and decoders to enhance alert accuracy and expand operational and security intelligence

In Detail

Security software is often expensive, restricting, burdensome, and noisy. OSSEC-HIDS was designed to avoid getting in your way and to allow you to take control of and extract real value from industry security requirements. OSSEC-HIDS is a comprehensive, robust solution to many common security problems faced in organizations of all sizes.

"Instant OSSEC-HIDS" is a practical guide to take you from beginner to power user through recipes designed based on real- world experiences. Recipes are designed to provide instant impact while containing enough detail to allow the reader to further explore the possibilities. Using real world examples, this book will take you from installing a simple, local OSSEC-HIDS service to commanding a network of servers running OSSEC-HIDS with customized checks, alerts, and automatic responses.

You will learn how to maximise the accuracy, effectiveness, and performance of OSSEC-HIDS’ analyser, file integrity monitor, and malware detection module. You will flip the table on security software and put OSSEC-HIDS to work validating its own alerts before escalating them. You will also learn how to write your own rules, decoders, and active responses. You will rest easy knowing your servers can protect themselves from most attacks while being intelligent enough to notify you when they need help!

You will learn how to use OSSEC-HIDS to save time, meet security requirements, provide insight into your network, and protect your assets.

Table of Contents

  1. Instant OSSEC Host-based Intrusion Detection
    1. Instant OSSEC Host-based Intrusion Detection
    2. Credits
    3. About the Author
    4. About the Reviewers
    5. www.PacktPub.com
      1. Support files, eBooks, discount offers and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
    6. Preface
      1. What this book covers
      2. What you need for this book
        1. Official documentation
        2. The community
        3. Commercial support
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    7. 1. Instant OSSEC Host-based Intrusion Detection
      1. Installing OSSEC (Simple)
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more…
          1. Binary installations
          2. Starting OSSEC at boot
      2. Configuring an OSSEC server (Simple)
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Getting agents to communicate (Simple)
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Managing agent keys automatically
      4. Writing your own rules (Simple)
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Decoding event data
      5. Detecting SSH brute-force attacks (Intermediate)
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. Configuring the alerts (Simple)
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. What is rule 1002 and why is it spamming me?
          2. Playing nice with others
      7. File integrity monitoring (Simple)
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Monitoring the Windows registry
          2. Working with prelinking
      8. Monitoring command output (Intermediate)
        1. Getting ready
        2. How to do it...
        3. How it works...
      9. Detecting rootkits and anomalies (Simple)
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Auditing your systems
          2. Increasing paranoia
      10. Introducing active response (Intermediate)
        1. Getting ready
        2. How to do it...
        3. How it works...
      11. Verifying alerts with active response (Advanced)
        1. Getting ready
        2. How to do it...
        3. How it works...