Skip to main content

SSFI108 - Defiende tu Red con OSSEC


CyberWarrior

About This Course

OSSEC is an open source, host-based intrusion detection system (HIDS) that performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response.

It’s one of the most important security applications you could install on your server and it can be used to monitor one machine or thousands in a client/server or agent/server fashion. If properly configured, OSSEC can give you a view into what’s happening on your server via email alerts to any number of configured email addresses.

It detects intrusions on Linux, OpenBSD, FreeBSD, OS X, Solaris, and Windows, among other operating systems.

Requirements

OSSEC needs a firewall active on the system for its active response feature. It’s also important that the server keeps accurate time which calls for NTP to be enabled. Finally, the server’s time zone needs to be set – by default it’s UTC.

Enroll