Instant OSSEC Host-based Intrusion Detection
By Brad Lhotsky
()
About this ebook
Related to Instant OSSEC Host-based Intrusion Detection
Related ebooks
OSSEC Host-Based Intrusion Detection Guide Rating: 5 out of 5 stars5/5Snort Intrusion Detection and Prevention Toolkit Rating: 5 out of 5 stars5/5Cuckoo Malware Analysis Rating: 0 out of 5 stars0 ratingsLearning iOS Security Rating: 0 out of 5 stars0 ratingsSnort Intrusion Detection 2.0 Rating: 4 out of 5 stars4/5Cisco Router and Switch Forensics: Investigating and Analyzing Malicious Network Activity Rating: 3 out of 5 stars3/5VMware View Security Essentials Rating: 0 out of 5 stars0 ratingsThe Core of Hacking Rating: 0 out of 5 stars0 ratingsMastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks Rating: 0 out of 5 stars0 ratingsCisco Security Professional's Guide to Secure Intrusion Detection Systems Rating: 0 out of 5 stars0 ratingsApplied Network Security Rating: 0 out of 5 stars0 ratingsNmap Essentials Rating: 4 out of 5 stars4/5Hands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools Rating: 0 out of 5 stars0 ratingsBotnets: The Killer Web Applications Rating: 5 out of 5 stars5/5BackTrack: Testing Wireless Network Security Rating: 0 out of 5 stars0 ratingsIntrusion Prevention and Active Response: Deploying Network and Host IPS Rating: 3 out of 5 stars3/5Seven Deadliest Unified Communications Attacks Rating: 0 out of 5 stars0 ratingsInvestigating Windows Systems Rating: 0 out of 5 stars0 ratingsCybersecurity Charter Standard Requirements Rating: 0 out of 5 stars0 ratingsImplementing Digital Forensic Readiness: From Reactive to Proactive Process Rating: 0 out of 5 stars0 ratingsImplementing Splunk: Big Data Reporting and Development for Operational Intelligence Rating: 4 out of 5 stars4/5Seven Deadliest Social Network Attacks Rating: 0 out of 5 stars0 ratingsDefense in Depth: An Impractical Strategy for a Cyber-World Rating: 5 out of 5 stars5/5UNHACKABLE : Your Online Security Playbook: Recreating Cyber Security in an Unsecure World Rating: 0 out of 5 stars0 ratingsCybersecurity Experts Rating: 0 out of 5 stars0 ratingsVirtualization and Forensics: A Digital Forensic Investigator’s Guide to Virtual Environments Rating: 4 out of 5 stars4/5Network Security Traceback Attack and React in the United States Department of Defense Network Rating: 0 out of 5 stars0 ratingsOnline Hacker Survival Guide Rating: 0 out of 5 stars0 ratingsMalware Forensics: Investigating and Analyzing Malicious Code Rating: 5 out of 5 stars5/5
Security For You
CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5CompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Hacking : Guide to Computer Hacking and Penetration Testing Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Cybersecurity All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsTor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Destination CISSP Rating: 3 out of 5 stars3/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsHow to Hack Like a GOD: Master the secrets of hacking through real-life hacking scenarios Rating: 4 out of 5 stars4/5Codes and Ciphers Rating: 5 out of 5 stars5/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Real-World Cryptography Rating: 4 out of 5 stars4/5
Reviews for Instant OSSEC Host-based Intrusion Detection
0 ratings0 reviews
Book preview
Instant OSSEC Host-based Intrusion Detection - Brad Lhotsky
Table of Contents
Instant OSSEC Host-based Intrusion Detection
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Official documentation
The community
Commercial support
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Instant OSSEC Host-based Intrusion Detection
Installing OSSEC (Simple)
Getting ready
How to do it...
How it works...
There's more…
Binary installations
Starting OSSEC at boot
Configuring an OSSEC server (Simple)
Getting ready
How to do it...
How it works...
Getting agents to communicate (Simple)
Getting ready
How to do it...
How it works...
There's more...
Managing agent keys automatically
Writing your own rules (Simple)
Getting ready
How to do it...
How it works...
There's more...
Decoding event data
Detecting SSH brute-force attacks (Intermediate)
Getting ready
How to do it...
How it works...
Configuring the alerts (Simple)
Getting ready
How to do it...
How it works...
There's more...
What is rule 1002 and why is it spamming me?
Playing nice with others
File integrity monitoring (Simple)
Getting ready
How to do it...
How it works...
There's more...
Monitoring the Windows registry
Working with prelinking
Monitoring command output (Intermediate)
Getting ready
How to do it...
How it works...
Detecting rootkits and anomalies (Simple)
Getting ready
How to do it...
How it works...
There's more...
Auditing your systems
Increasing paranoia
Introducing active response (Intermediate)
Getting ready
How to do it...
How it works...
Verifying alerts with active response (Advanced)
Getting ready
How to do it...
How it works...
Instant OSSEC Host-based Intrusion Detection
Instant OSSEC Host-based Intrusion Detection
Copyright © 2013 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: July 2013
Production Reference: 2160813
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78216-764-8
www.packtpub.com
Credits
Author
Brad Lhotsky
Reviewers
JB Cheng
Scott Miller
Mark Stanislav
Acquisition Editor
Mary Nadar
Commissioning Editor
Meeta Rajani
Technical Editor
Hardik B. Soni
Copy Editors
Insiya Morbiwala
Gladson Monteiro
Project Coordinator
Esha Thakker
Proofreader
Lindsey Thomas
Graphics
Ronak Dhruv
Production Coordinator
Nilesh R. Mohite
Cover Work
Nilesh R. Mohite
Cover Image
Ronak Dhruv
About the Author
Brad Lhotsky started working with Unix systems professionally in 1998 as a system administrator, database administrator, network engineer, programmer, and security administrator. He has been an active member of the OSSEC HIDS community since 2004. He currently administers one of the largest OSSEC HIDS deployments in the world!
First, I'd like to thank my beautiful wife, April, for inspiring and supporting me in everything I do.
Thanks also to Clinton, Tim, Wouter, and Willem for their helpful suggestions.
About the Reviewers
JB Cheng has over 20 years' experience in the networking and security industry. His professional experiences include working for the IBM RTP Network Management Division, AT&T Wireless Data Division, and WatchGuard Unified Threat Management appliance development group. Since 2007, he has joined Trend Micro as a Senior Staff Engineer and is currently the OSSEC project manager responsible for OSSEC releases and for engaging with the open source community. His personal blog can be found at http://ossec-notebook.blogspot.com/.
I would like to thank Daniel Cid for creating OSSEC and making it an open source project. Without him you wouldn't be reading this book today, period.
Scott Miller is a Linux administrator, security professional, and IT professional in Raleigh, North Carolina. His expertise includes system administration, Apache/nginx, Amazon web services, security, and Linux. He has worked in large-scale academia IT environments as well as in the enterprise private sector in mission-critical environments. Currently employed