PDA

View Full Version : OSSEC - HIDS



Ash Palmer
11-29-08, 06:54 PM
Hey all,
Check this HIDS software out www.ossec.net.
I've found a few false positives regarding binary string searching part
of the rootkit checker. Other than that its awesome!

What yar all think? :)

Ta,
--
Ash Palmer
Network Security Logistics - SevenL Networks Inc.

www: http://www.sevenl.net
pkey: BF66 27B2 F2AA A919 1AE9 DBDF 2993 ADD5 5767 1606

Dale Elfes
11-30-08, 11:45 AM
Ash Palmer wrote:
> Hey all,
> Check this HIDS software out www.ossec.net.
> I've found a few false positives regarding binary string searching part
> of the rootkit checker. Other than that its awesome!
>
> What yar all think? :)
>
> Ta,
It is a very nice application. I've used it extensively on various
flavors of 'nix. I have not used it on Windows though.

Alex Elsayed
12-14-08, 12:29 AM
Dale Elfes wrote:

> Ash Palmer wrote:
>> Hey all,
>> Check this HIDS software out www.ossec.net.
>> I've found a few false positives regarding binary string searching part
>> of the rootkit checker. Other than that its awesome!
>>
>> What yar all think? :)
>>
>> Ta,
> It is a very nice application. I've used it extensively on various
> flavors of 'nix. I have not used it on Windows though.

I've been meaning to try it, but its build system is _strange_.
I've heard many good things about it though, so I'm debating
the merits of installing it to a temporary directory and rolling
my own distro-specific[0] package for it.

[0] Gentoo with Paludis, meaning a call to importare(1)