OSSEC
OSSEC is an Open Source Host-based Intrusion Detection System.
It performs log analysis, integrity checking, monitoring, rootkit
detection, real-time alerting and active response.
In addition to being deployed as an HIDS, it is commonly used
strictly as a log analysis tool, monitoring and analyzing firewalls,
IDSs, web servers and authentication logs.
Features include:
- Unix-only:
- Unix PAM
- sshd (OpenSSH)
- Solaris telnetd
- Samba
- Su
- Sudo
- FTP servers:
- ProFTPd
- Pure-FTPd
- vsftpd
- Microsoft FTP Server
- Solaris ftpd
- Mail servers:
- Imapd and pop3d
- Postfix
- Sendmail
- vpopmail
- Microsoft Exchange Server
- Databases:
- Web servers:
- Apache
HTTP Server (access log and error log)
- IIS web server (NSCA and W3C extended)
- Zeus Web Server errors log
- Web applications:
- Firewalls:
- Iptables firewall
- Solaris IPFilter firewall
- AIX ipsec/firewall
- Netscreen firewall
- Windows Firewall
- Cisco PIX
- Cisco FWSM
- Cisco ASA
- NIDS:
- Cisco IOS IDS/IPS module
- Snort IDS (snort full, snort fast and snort syslog)
- Security tools:
- Symantec AntiVirus
- Nmap
- Arpwatch
- Cisco VPN Concentrator
- Others:
- Named (BIND)
- Squid proxy
- Zeus eXtensible Traffic Manager
- Generic unix authentication (adduser,
logins, etc)
Return
to Security Home Page
Last Updated Tuesday, February 28 2012 @ 02:25 PM EST
| 
