“This article shows how to install and run OSSEC HIDS, an open source host-based intrusion detection system. It performs log analysis, integrity checking, rootkit detection, time-based alerting, and active response. It helps you detect attacks, software misuse, policy violations, and other forms of inappropriate activities.”
Securing Your Server with a Host-Based Intrusion Detection System
Submitted by falko 2006-09-20 Privacy, Security 5 Comments
I’ve been running this on my FreeBSD server for 2 months now, and it’s been fantastic. If I so much as modify one file in /etc I get an email telling me about it. It watches a ton of other things, and is very configurable, but don’t be deterred, it runs fine on the default settings while you learn the system, and install is a snap. While the above HOWTO looks good, I installed w/o any problems from the OSSEC install doc:
I would like to see this project get more attention, as computer security should not end at the firewall or snort.