IDS » OSSEC
OSSEC
OSSEC is a host based IDS system. It is able to monitor file integrity and syslog events.Install
Run install.sh and answer its questions. It will provide the start/stop instructions at the end.Customization
Edit /var/ossec/etc/ossec.confManual perform integrity check
/var/ossec/bin# ./syscheck_control -l OSSEC HIDS syscheck_control. List of available agents: ID: 000, Name: ism.comme.ca (server), IP: 127.0.0.1, Active/Local /var/ossec/bin# ./syscheck_control -i 000 Integrity checking changes for local system 'ism.comme.ca - 127.0.0.1':
Update integrity database
./syscheck_update -u local
There are no comments on this page. [Add comment]