skip to content
OSSEC host-based intrusion detection guide Preview this item
ClosePreview this item
Checking...

OSSEC host-based intrusion detection guide

Author: Andrew Hay; Daniel Cid; Rory Bray
Publisher: Burlington, Mass. : Syngress Pub., ©2008.
Edition/Format:   eBook : Document : EnglishView all editions and formats
Database:WorldCat
Summary:
This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features of the  Read more...
Rating:

based on 1 rating(s) 1 with a review

Subjects
More like this

 

Find a copy online

Links to this item

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Genre/Form: Electronic books
Additional Physical Format: Print version:
Hay, Andrew.
OSSEC host-based intrusion detection guide.
Burlington, Mass. : Syngress Pub., c2008
(DLC) 2008273648
(OCoLC)180880719
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Andrew Hay; Daniel Cid; Rory Bray
ISBN: 9781597492409 159749240X
OCLC Number: 272382225
Notes: Includes index.
Description: 1 online resource (xxvii, 307 p.) : ill.
Contents: Chapter 1: Introduction This chapter will introduce you to the OSSEC project, its history, and its goals. --
Chapter 2: Getting Started With OSSEC This chapter provides an overview of the features of OSSEC including commonly used terminology, pre-install preparation, and deployment considerations. --
Chapter 3: Installation This chapter walks through the installation process for the "local" and "server" install types, including the Windows and Unix agent, and techniques to automate multiple agents installations. --
Chapter 4: Configuration This chapter discusses the post-install configuration of OSSEC. Within this chapter you learn how to monitor log files, remote messages, email notification, alerting levels, etc. --
Chapter 5: Working With Log Analysis --
Decoders This chapter shows you how to extract key information from logs using decoders. --
Chapter 6: Working With Log Analysis --
Rule Files This chapter discusses how you can leverage rules for various devices and how to write your own rules. It will include examples on how to parse atomic and composite rules, how to keep state between messages, remove false positives and tune it appropriately. --
Chapter 7: Configuring System Integrity Check This chapter explains the system integrity check features of OSSEC including monitoring of the binary executable files, system configuration files, and even the Windows registry. --
Chapter 8: Rootkit Detection This chapter explains the rootkit detection capabilities of OSSEC on Unix and its configuration. --
Chapter 9: Policy Enforcement This chapter explains the policy enforcement capabilities of OSSEC, explaining how to perform host-based system auditing and application monitoring. --
Chapter 10: Active Response Configuration This chapter explains how to configure the active response actions you want to configure as well as how to bind the actions to specific rules or events. --
Chapter 11: Integration and Advanced Configuration This chapter explains previously undocumented features, advanced configuration topics, and integration with third-party products. --
Chapter 12: Using the Web interface This chapter explains how to install and use the community developed, open source web interface, that is available for OSSEC. --
Appendix A: The Importance of Log Analysis.
Responsibility: Andrew Hay, Daniel Cid, Rory Bray.

Abstract:

A guide on the OSSEC Host-based Intrusion Detection system. It shows how to install and configure OSSEC on the operating system of your choice and provide detailed examples to help prevent and  Read more...

Reviews

User-contributed reviews

WorldCat User Reviews (1)

If you use OSSEC, you need to read this book!

by pubal (WorldCat user published 2012-08-08) Excellent Permalink

OSSEC is an incredible open source tool. It parses system and application logs, generates security alerts, and increases the visibility you have on your network. As the only book dedicated to OSSEC, this is the definitive guide. Even though it was written for an slightly outdated version of OSSEC,...
Read more...  Read more...

  • Was this review helpful to you?
  •   
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

All user tags (5)

View most popular tags as: tag list | tag cloud

Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


<http://www.worldcat.org/oclc/272382225>
library:oclcnum"272382225"
library:placeOfPublication
library:placeOfPublication
owl:sameAs<info:oclcnum/272382225>
rdf:typeschema:Book
schema:about
schema:about
schema:about
schema:about
schema:about
schema:about
schema:about
schema:about
<http://id.worldcat.org/fast/872484>
rdf:typeschema:Intangible
schema:name"Computer networks--Security measures."@en
schema:name"Computer security"@en
schema:bookFormatschema:EBook
schema:contributor
schema:contributor
schema:copyrightYear"2008"
schema:creator
schema:datePublished"2008"
schema:description"Chapter 1: Introduction This chapter will introduce you to the OSSEC project, its history, and its goals. -- Chapter 2: Getting Started With OSSEC This chapter provides an overview of the features of OSSEC including commonly used terminology, pre-install preparation, and deployment considerations. -- Chapter 3: Installation This chapter walks through the installation process for the "local" and "server" install types, including the Windows and Unix agent, and techniques to automate multiple agents installations. -- Chapter 4: Configuration This chapter discusses the post-install configuration of OSSEC. Within this chapter you learn how to monitor log files, remote messages, email notification, alerting levels, etc. -- Chapter 5: Working With Log Analysis -- Decoders This chapter shows you how to extract key information from logs using decoders. -- Chapter 6: Working With Log Analysis -- Rule Files This chapter discusses how you can leverage rules for various devices and how to write your own rules. It will include examples on how to parse atomic and composite rules, how to keep state between messages, remove false positives and tune it appropriately. -- Chapter 7: Configuring System Integrity Check This chapter explains the system integrity check features of OSSEC including monitoring of the binary executable files, system configuration files, and even the Windows registry. -- Chapter 8: Rootkit Detection This chapter explains the rootkit detection capabilities of OSSEC on Unix and its configuration. -- Chapter 9: Policy Enforcement This chapter explains the policy enforcement capabilities of OSSEC, explaining how to perform host-based system auditing and application monitoring. -- Chapter 10: Active Response Configuration This chapter explains how to configure the active response actions you want to configure as well as how to bind the actions to specific rules or events. -- Chapter 11: Integration and Advanced Configuration This chapter explains previously undocumented features, advanced configuration topics, and integration with third-party products. -- Chapter 12: Using the Web interface This chapter explains how to install and use the community developed, open source web interface, that is available for OSSEC. -- Appendix A: The Importance of Log Analysis."@en
schema:description"This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features of the product undocumented ... until now! The book you are holding will show you how to install and configure OSSEC on the operating system of your choice and provide detailed examples to help prevent and mitigate attacks on your systems. -- Stephen Northcutt OSSEC determines if a host has been compromised in this manner by taking the equivalent of a picture of the host machine in its original, unaltered state. This?picture? captures the most relevant information about that machine?s configuration. OSSEC saves this?picture? and then constantly compares it to the current state of that machine to identify anything that may have changed from the original configuration. Now, many of these changes are necessary, harmless, and authorized, such as a system administrator installing a new software upgrade, patch, or application. But, then there are the not-so-harmless changes, like the installation of a rootkit, trojan horse, or virus. Differentiating between the harmless and the not-so-harmless changes determines whether the system administrator or security professional is managing a secure, efficient network or a compromised network which might be funneling credit card numbers out to phishing gangs or storing massive amounts of pornography creating significant liability for that organization. Separating the wheat from the chaff is by no means an easy task. Hence the need for this book. The book is co-authored by Daniel Cid, who is the founder and lead developer of the freely available OSSEC host-based IDS. As such, readers can be certain they are reading the most accurate, timely, and insightful information on OSSEC. .Get Started with OSSEC Get an overview of the features of OSSEC including commonly used terminology, pre-install preparation, and deployment considerations. .Follow Steb-by-Step Installation Instructions Walk through the installation process for the "local", "agent", and "server" install types on some of the most popular operating systems available. .Master Configuration Learn the basic configuration options for your install type and learn how to monitor log files, receive remote messages, configure email notification, and configure alert levels. .Work With Rules Extract key information from logs using decoders and how you can leverage rules to alert you of strange occurrences on your network. .Understand System Integrity Check and Rootkit Detection Monitor binary executable files, system configuration files, and the Microsoft Windows registry. .Configure Active Response Configure the active response actions you want and bind the actions to specific rules and sequence of events. .Use the OSSEC Web User Interface Install, configure, and use the community-developed, open source web interface available for OSSEC. .Play in the OSSEC VMware Environment Sandbox Use the OSSEC HIDS VMware Guest image on the companion DVD to implement what you have learned in a sandbox-style environment. .Dig Deep into Data Log Mining Take the "high art" of log analysis to the next level by breaking the dependence on the lists of strings or patterns to look for in the logs."@en
schema:exampleOfWork<http://worldcat.org/entity/work/id/179828012>
schema:genre"Electronic books."@en
schema:inLanguage"en"
schema:name"OSSEC host-based intrusion detection guide"@en
schema:numberOfPages"307"
schema:publisher
schema:url<http://www.engineeringvillage.com/controller/servlet/OpenURL?genre=book&isbn=9781597492409>
schema:url<http://www.sciencedirect.com/science/book/9781597492409>
schema:url
schema:workExample

Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.