OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.
OSSEC HIDS performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Get OSSEC HIDS and try it for yourself to see just how useful it can actually be for providing you with a supplemental layer of security!
What's New in This Release:
The key enhancements in v2.7 are:
Installation:
· Add hybrid mode – allows the same host to be both a server and an agent, useful for multi-tier OSSEC deployment.
· Add manage_agents -f option for bulk generation of client keys from an input file.
· During Agent installation, allow the OSSEC server to be specified using hostname instead of IP.
Syscheck:
· Add prelinking support – reduce confusion when a file change is the result of prelinking.
Rootcheck:
· Add fine-grained configuration control – allows you to turn ON/OFF individual rootcheck tasks for more efficiency and flexibility. The default is all ON.
Log monitoring/analysis:
· Add GeoIP lookup support – allows geographical city names to be associated with IP addresses in OSSEC alerts, for more intelligent correlation.
Alert options and syslog output:
· Add syscheck MD5/SHA1 sum to alerts for easier integration with third-party file signature checking.
· Support JSON and Splunk formats in syslog output.
· Rules and other notable changes/f...