OSSEC
OSSEC – the representative intrusion detection systems at the level hostallowing to analyze magazines, to check integrity of files and register, to detect rootkit and actively to react to attempts of cracking of a system. In functionality an opportunity to analyze local magazines of both the OS level, and separate applications, for example is put: SSH MS Exchange Apache Proofpoint Sendmail ARP Watch FTPD Microsoft IIS Squid.
OSSEC processes information on events which comes from other systems, from nodes with the set agents of OSSEC, from firewalls. On the basis of rules in the XML format notifications about suspicious actions are issued.
OSSEC can trace permissions, the size and the owner of the file. The hash functions of MD5 and SHA1 for files which it was specified to watch saves values. The database of all these values is stored on the server.
Pluses of OSSEC – simplicity of installation and work, ample opportunities and support of magazines from the different systems.
Minuses – difficulty of expansion of the knowledge base about the attacks.
See Also
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |