OSSEC is an Open Source Host-based Intrusion Detection System.
It performs log analysis, integrity checking, monitoring, rootkit detection, real-time alerting and active response.
In addition to being deployed as an HIDS, it is commonly used strictly as a log analysis tool, monitoring and analyzing firewalls, IDSs, web servers and authentication logs.
Key Features
- Unix-only:
- Unix PAM.
- sshd (OpenSSH).
- Solaris telnetd.
- Samba.
- Su.
- Sudo.
- FTP servers:
- ProFTPd.
- Pure-FTPd.
- vsftpd.
- Microsoft FTP Server.
- Solaris ftpd.
- Mail servers:
- Imapd and pop3d.
- Postfix.
- Sendmail.
- vpopmail.
- Microsoft Exchange Server.
- Databases:
- PostgreSQL.
- MySQL.
- Web servers:
- Apache HTTP Server (access log and error log).
- IIS web server (NSCA and W3C extended).
- Zeus Web Server errors log.
- Web applications:
- Horde IMP.
- Modsecurity.
- Firewalls:
- Iptables firewall.
- Solaris IPFilter firewall.
- AIX ipsec/firewall.
- Netscreen firewall.
- Windows Firewall.
- Cisco PIX.
- Cisco FWSM.
- Cisco ASA.
- NIDS:
- Cisco IOS IDS/IPS module.
- Snort IDS (snort full, snort fast and snort syslog).
- Security tools:
- Symantec AntiVirus.
- Nmap.
- Arpwatch.
- Cisco VPN Concentrator.
- Others:
- Named (BIND).
- Squid proxy.
- Zeus eXtensible Traffic Manager.
- Generic unix authentication (adduser, logins, etc).
Website: www.ossec.net
Support: Documentation, GitHub Code Repository
Developer: Daniel B. Cid
License: GNU General Public License v2.0
OSSEC is written in C. Learn C with our recommended free books and free tutorials.
Related Software
| Host-Based Intrusion Detection Systems | |
|---|---|
| Wazuh | Platform used for threat prevention, detection, and response |
| OSSEC | Full platform to monitor and control your systems. |
| AIDE | Advanced Intrusion Detection Environment |
| Logwatch | Powerful and versatile log parser and analyzer |
| Samhain | File integrity checking and log file monitoring/analysis and more |
| Sagan | Multi-threads, high performance log analysis engine |
| Tripwire | Security and data integrity tool |
| rkhunter | Scans for rootkits, backdoors and possible local exploits |
| chkrootkit | Locally checks for signs of a rootkit |
Read our verdict in the software roundup.
| Vulnerability Detection Tools | |
|---|---|
| Metasploit | Penetration testing framework |
| Nuclei | Fast and customisable vulnerability scanner |
| OpenVAS | Full-featured vulnerability scanner |
| Nikto | Web server scanner |
| Lynis | Auditing, system hardening, compliance testing |
| grype | Vulnerability scanner for container images and filesystems |
| OSSEC | Centralized architecture for monitoring and managing multiple systems |
| OpenSCAP | NIST Certified SCAP 1.2 toolkit |
| octoscan | Static vulnerability scanner for GitHub action workflows |
| Greenbone | Central management service between security scanners and the user clients. |
| Terrapin | Terrapin Vulnerability Scanner for the Terrapin attack |
| Tiger | Security audit and intrusion detection too |
| PRS | Web security scanner |
| Trivy | Terrapin Vulnerability Scanner for the Terrapin attack |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |