Networking and System Administration

What is OSSEC? According to OSSEC "It is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response." Installation on Debian Server I installed on Debian .6.24-19-server, already running web service. Install environment Make sure you have compiler e.g gcc or cc and 'make' already installed in your system, otherwise you will get error message and abort the installation process. root@www:/usr/local/src/ossec-hids-2.4.1# apt-get install gcc Dwonload the latest build from www.ossec.net website Extract into folder and start installation imran@web:~/ossec-hids-2.4.1$ tar -zxvf ossec-hids-2.4.1.tar.gz imran@web:~/ossec-hids-2.4.1$ cd ossec-hids-2.4.1/ Run the installation script; root@web:~/ossec-hids-2.4.1# ./install.sh ** Para instalação em português, escolha [br]. ** 要使用中文进行安装, 请选择 [cn]. ** Fur eine deutsche Installation wohlen Sie [de]. ** Για ε...

Intrusion Detection was stopped in my IPCoP, version 1.4.1, a while a go, I tried to start them all three through GUI but Got message fail to start. I loged in in console of Ipcop. I checked the existing version of snort, which was older than latest. r oot@firewall:/etc/snort/rules # snort --version snort: unrecognized option `--version' ,,_ -*> Snort! o" )~ Version 2.6.1.5 (Build 59) '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html (C) Copyright 1998-2007 Sourcefire Inc., et al. And when tried to start the snort using this command root@firewall:~ # snort -c /etc/snort/snort.conf -l /var/log/snort/ I got error that there is error in line # 38 in exploit.rules file located in /etc/snort/rules/ folder. When I tried to comment the line it gives error on line#39. Solution Replace the existing rules folder with working one. For that I installed the latest snort in my laptop, and check the version. imran@imra...