0 Members and 1 Guest are viewing this topic.
Welcome to the Home of OSSEC OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. A list with all supported platforms is available here.OSSEC is freeOSSEC is a free software and will remain so in the future; you can redistribute it and/or modify it under the terms of the GNU General Public License (version 3) as published by the FSF - Free Software Foundation. More details here.Awards and ReviewsThe OSSEC project has received some pretty good awards/reviews in the past. Check them out out our Awards page.Easy to installOSSEC is multi-platform and can be easily installed on most operating systems. Just follow some of our Install guides if you need some help.Widely usedOSSEC is a growing project, with more than 5,000 downloads per month on average. It is being used by ISPs, universities, governments and even large corporate data centers as their main HIDS solution. In addition to being deployed as an HIDS, it is commonly used strictly as a log analysis tool, monitoring and analyzing firewalls, IDSs, web servers and authentication logs.Active DevelopmentOSSEC has a very active development, with a release cycle of every 3/4 months. Bugs and feature requests can be sent through our bugzilla or mailing lists and we will do our best to solve them. If you are interested in being a part of this project, we are always open to new contributors. Check out our FAQ entry “How to start helping with the project?†for more information.Commercial SupportIf you need an enterprise-class commercial support for OSSEC, Trend Micro, the company behind this great open source project, offers this option to our users.OSSEC Architecture OSSEC is composed of multiple pieces. It has a central manager monitoring everything and receiving information from agents, syslog, databases and from agentless devices.ManagerThe manager is the central piece of the OSSEC deployment. It stores the file integrity checking databases, the logs, events and system auditing entries. All the rules, decoders and major configuration options are stored centrally in the manager, making easy to administer even a large number of agents.AgentsThe agent is a small program installed on the systems you desire to monitor. It will collect information on real time and forward to the manager for analysis and correlation. It has a very small memory and CPU footprint by default, not affecting with the system’s usage.Agent security: It runs with a low privilege user (created during the installation) and inside a chroot jail isolated from the system. Most of the agent configuration is pushed from the manager, with just some of them are stored locally on each agent. In case these local options are changed, the manager will receive the information and will generate an alert.AgentlessFor systems that you can’t install an agent, OSSEC allows you to perform file integrity monitoring on them without the agent installed. It can be very useful to monitor firewalls, routers and even Unix systems where you are not allowed to install the agent.Virtualization/VmwareOSSEC allows you to install the agent on the guest operating systems or inside the host (Vmware ESX). With the agent installed inside the VMware ESX you can get alerts about when a VM guest is being installed, removed, started, etc. It also monitors logins, logouts and errors inside the ESX server. In addition to that, OSSEC performs the CIS checks for Vmware, alerting if there is any insecure configuration option enabled or any other issue.Firewalls, switches and routersOSSEC can receive and analyze syslog events from a large variety of firewalls, switches and routers. It supports all Cisco routers, Cisco PIX, Cisco FWSM, Cisco ASA, Juniper Routers, Netscreen firewall, Checkpoint and many others.ArchitectureThis diagram shows the central manager receiving events from the agents and system logs from remote devices. When something is detected, active responses can be executed and the admin is notified.OSSEC ArchitectureInternal ArchitectureFor technical and deep detailed information on how it works, please read the following documents:OSSEC log analysis/inspection architecture - by Daniel CidSupportEveryone knows that support and technical expertise are critical in ensuring the success of any product deployment. With an open source project this is not different. If you need enterprise-class commercial support for OSSEC, Trend Micro, the company behind this great open source project, offers this option to our users.