O'Reilly logo

Instant OSSEC Host-based Intrusion Detection by Brad Lhotsky

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Detecting SSH brute-force attacks (Intermediate)

The rules engine tracks its state; it knows what's been happening in the recent past. We can leverage that information to alert or squelch alarms based on frequency of events. The most common example of this is to detect and defend against SSH brute-force password attacks.

Getting ready

This is such a common problem the SSH brute-force detection and active response is built into OSSEC and enabled by default. We're going to take a look at the rules that interact to provide this functionality and provide an explanation of those rules. This will give us insight into how to write something similar for a web application log.

How to do it...

The decoder provides the analyzer with interesting elements out ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required