22,79 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
Security software is often expensive, restricting, burdensome, and noisy. OSSEC-HIDS was designed to avoid getting in your way and to allow you to take control of and extract real value from industry security requirements. OSSEC-HIDS is a comprehensive, robust solution to many common security problems faced in organizations of all sizes.
"Instant OSSEC-HIDS" is a practical guide to take you from beginner to power user through recipes designed based on real- world experiences. Recipes are designed to provide instant impact while containing enough detail to allow the reader to further explore the possibilities. Using real world examples, this book will take you from installing a simple, local OSSEC-HIDS service to commanding a network of servers running OSSEC-HIDS with customized checks, alerts, and automatic responses.
You will learn how to maximise the accuracy, effectiveness, and performance of OSSEC-HIDS' analyser, file integrity monitor, and malware detection module. You will flip the table on security software and put OSSEC-HIDS to work validating its own alerts before escalating them. You will also learn how to write your own rules, decoders, and active responses. You will rest easy knowing your servers can protect themselves from most attacks while being intelligent enough to notify you when they need help!
You will learn how to use OSSEC-HIDS to save time, meet security requirements, provide insight into your network, and protect your assets.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 74
Veröffentlichungsjahr: 2013
Ähnliche
Table of Contents
Instant OSSEC Host-based Intrusion Detection
Instant OSSEC Host-based Intrusion Detection
Copyright © 2013 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: July 2013
Production Reference: 2160813
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78216-764-8
www.packtpub.com
Credits
Author
Brad Lhotsky
Reviewers
JB Cheng
Scott Miller
Mark Stanislav
Acquisition Editor
Mary Nadar
Commissioning Editor
Meeta Rajani
Technical Editor
Hardik B. Soni
Copy Editors
Insiya Morbiwala
Gladson Monteiro
Project Coordinator
Esha Thakker
Proofreader
Lindsey Thomas
Graphics
Ronak Dhruv
Production Coordinator
Nilesh R. Mohite
Cover Work
Nilesh R. Mohite
Cover Image
Ronak Dhruv
About the Author
Brad Lhotsky started working with Unix systems professionally in 1998 as a system administrator, database administrator, network engineer, programmer, and security administrator. He has been an active member of the OSSEC HIDS community since 2004. He currently administers one of the largest OSSEC HIDS deployments in the world!
First, I'd like to thank my beautiful wife, April, for inspiring and supporting me in everything I do.
Thanks also to Clinton, Tim, Wouter, and Willem for their helpful suggestions.
About the Reviewers
JB Cheng has over 20 years' experience in the networking and security industry. His professional experiences include working for the IBM RTP Network Management Division, AT&T Wireless Data Division, and WatchGuard Unified Threat Management appliance development group. Since 2007, he has joined Trend Micro as a Senior Staff Engineer and is currently the OSSEC project manager responsible for OSSEC releases and for engaging with the open source community. His personal blog can be found at http://ossec-notebook.blogspot.com/.
I would like to thank Daniel Cid for creating OSSEC and making it an open source project. Without him you wouldn't be reading this book today, period.
Scott Miller is a Linux administrator, security professional, and IT professional in Raleigh, North Carolina. His expertise includes system administration, Apache/nginx, Amazon web services, security, and Linux. He has worked in large-scale academia IT environments as well as in the enterprise private sector in mission-critical environments. Currently employed at MetaMetrics, Inc. in Durham, NC, He has previously worked for Qualys, UC Davis, and UC Berkeley. Scott is a contributor to many online IT blogs and outlets.
Mark Stanislav is the security evangelist for Duo Security, an Ann Arbor, Michigan-based start-up focused on two-factor authentication and mobile security. With a career spanning a decade, he has worked within small businesses, academia, start-up, and corporate environments primarily focused on Linux architecture, information security, and web application development. He holds a Bachelor's degree in Networking and IT Administration and a Master's in Technology Studies focused on Information Assurance, both from Eastern Michigan University. He also holds his CISSP, Security+, Linux+, and CCSK certifications.
www.PacktPub.com
Support files, eBooks, discount offers and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why Subscribe?
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
Preface
Welcome to Instant OSSEC Host-based Intrusion Detection. We're going to jump into exploring the vast possibilities that OSSEC HIDS offers its users. We'll dive into the installation and basic configuration of OSSEC HIDS so you can start protecting your valuable assets today! From there, we will build on these basic concepts to explore harnessing the power of OSSEC HIDS's flexible decoders, rules, and active responses to unlock powerful, time-saving functionality. We will challenge the notion that security software will slow you down and create more work by leveraging OSSEC HIDS's automation capabilities to do our work so we can spend more time at the pub!
What this book covers
Installing OSSEC (Simple) gets you started with installing OSSEC HIDS through a few different methods. We look at both source and binary installs to get OSSEC HIDS installed and ready to configure.
Configuring an OSSEC server (Simple) takes you through the basic configuration of the OSSEC HIDS server. This server allows us to perform aggregations and correlations across our install base to make better decisions.
Getting agents to communicate (Simple) walks us through the basics of setting up our OSSEC HIDS agents to communicate with the OSSEC HIDS server. We also look at utilizing the OSSEC HIDS authentication daemon to make this process simpler for larger installs.
Writing your own rules (Simple) asks you to roll up your sleeves and start extending the OSSEC HIDS rules to better suit your environment. We look at the ossec-logtest tool to understand how our rules are being interpreted.
Detecting SSH brute-force attacks (Intermediate) takes a look at the compound rules of OSSEC to see how we can detect events based on their frequency. We also delve into the decoders that make compound rules possible!
Configuring the alerts (Simple) looks at various options for adjusting the alert volume for OSSEC HIDS. We start with some broad, sweeping approaches to decrease e-mails and gradually increase our granularity. We also explore the different channels for alerting.
File integrity monitoring (Simple) briefly explains what FIM is and why it's useful for product security. After that, we dissect the problem and tune our alerting to more useful levels so we don't trip over the number of alerts!
Monitoring command output (Intermediate) demonstrates a few operational intelligence capabilities of OSSEC HIDS through the monitoring of the command output. We will look into monitoring the command output either line by line or all at once.
Detecting rootkits and anomalies (Simple)
