Tag Archives | ossec

Enable OSSEC Active Response

Many OSSEC users start of running with active response disabled to ensure that the OSSEC agent does not affect the server especially when running in a live production environment. Once you have an understanding of the number of alerts and types of alerts you are seeing, it is a good idea to enable active response. […]

Continue Reading

OSSEC on NGINX and Ubuntu 10.04 LTS

As mentioned in previous posts my web server has moved to a Nginx environment. Being a fan of the ossec host based intrusion detection software (hids) of course I had to add it the new host. Installed as usual. Then it was merely a matter of adding the log files (access.log and error.log) from my […]

Continue Reading

OSSEC Introduction and Installation Guide

OSSEC is a Host Based Intrusion Detection and Prevention system. Best practice security management calls for a layered approach to security; security vulnerability scanning, a firewall, strong passwords, patch management and intrusion detection capabilities are all important layers. Using a HIDS allows you to have into what security events are taking place on a server. […]

Continue Reading