OSSEC is a hosted intrusion detection system ( HIDS ), free and open source . It analyzes system logs , checks integrity, monitors the Windows registry , detects rootkits , alerts at the specified time and if any event is detected. It provides intrusion detection for most operating systems, including Linux , OpenBSD , FreeBSD , Mac OS X , Solaris, and Windows . Its cross-platform architecture makes it easy to manage and monitor multiple operating systems at once. It is written by Daniel B. Sid, and has been available since 2004 .
| OSSEC | |
|---|---|
| Type of | Data Protection / HIDS |
| Developer | Daniel B. Cid |
| Written on | |
| operating system | Cross-platform software |
| Latest version | 2.9.2 [1] ( August 9, 2017 ) |
| License | GNU GPL v3 |
| Site | ossec.imtqy.com |
OSSEC features comply with some PCI DSS rules. [3] Read more in the PDF document provided on the OSSEC project website. [3]
In June 2008, the OSSEC project and all copyrights belonging to the project leader, Daniel B. Sid, were acquired by Third Brigade [4] . The company is committed to combining the development of the program with the Open Source community and providing commercial support and training to OSSEC users.
In May 2009, Trend Micro acquired Third Brigade and the OSSEC project, also committing to keep it open and free [5] .
Content
Components
OSSEC consists of a main application, an agent for Windows, and a web interface .
- Main application: The main application, OSSEC, works both in a distributed network and autonomously. Supports Linux, Solaris, BSD and Mac OS.
- Agent for Windows: only works on Windows. To enable the server mode of the main application, an agent program is required.
- Web interface: graphical user interface . Like the main application, it supports Linux, Solaris, BSD, and Mac.
Features
OSSEC conducts a very detailed analysis of the logs, the program can compare and analyze the logs of several applications at once in several formats. The following applications are supported for monitoring:
- Unix- specific:
- Unix PAM
- sshd ( OpenSSH )
- Solaris telnetd
- Samba
- Su
- Sudo
- FTP servers:
- Proftpd
- Pure-ftpd
- vsftpd
- Microsoft FTP Server
- Solaris ftpd
- Mail Servers:
- Imapd and pop3d
- Postfix
- Sendmail
- vpopmail
- Microsoft Exchange Server
- Database:
- PostgreSQL
- MySQL
- Web servers:
- Apache HTTP Server (access and error logs)
- IIS web server (including NSCA and W3C extensions)
- Zeus Web Server Error Logs
- Internet applications:
- Horde imp
- Squirrelmail
- Modsecurity
- Firewalls:
- Iptables
- Solaris IPFilter
- AIX ipsec / firewall
- Netscreen
- Windows firewall
- Cisco PIX
- Cisco FWSM
- Cisco ASA
- NIDS:
- Cisco IOS IDS / IPS
- Snort IDS (snort full, snort fast and snort syslog)
- Security Utilities:
- Norton AntiVirus
- Nmap
- Arpwatch
- Cisco VPN Concentrator
- Other:
- Named ( BIND )
- Squid proxy
- Zeus eXtensible Traffic Manager
- Windows event logs (login, logon, audit information and others)
- Windows Routing and Remote Access Logs
- Unix authentication tools (adduser, logins and others)
Notes
- ↑ What's new - OSSEC
- ↑ The ossec Open Source Project on Open Hub: Languages Page - 2006.
- ↑ 1 2 http://www.ossec.net/ossec-docs/ossec-PCI-Solution.pdf Archived February 6, 2012 to Wayback Machine
- ↑ News of the Third Brigade purchase of the open HIDS OSSEC Archived copy of August 5, 2010 on the Wayback Machine
- ↑ News of the purchase of Trend Micro Acquires by Third Brigade and the OSSEC project Archived on April 10, 2012. (eng.)