OSSEC [ Open Source Security ]


OSSEC is a full platform to monitor and control your systems.
It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.
OSSEC has a sophisticated analysis engine that performs the following functions:

RootKit Detection
System Integrity Checking
Log File Monitoring
Alert Generation
Active Response




A rootkit is unauthorized software installed into an operating system by an adversary with the dual goals of ensuring continued privileged access to the system and hiding its own existence from other processes and users on the system.

OSSEC reads and parses log messages in real time, looking for suspicious events. Typical log files monitored include:
/var/log/messages
/var/log/secure
/var/log/vsftpd.log
/var/log/maillog
/var/log/httpd/access_log
/var/log/httpd/error_log

OSSEC HIDS performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. In addition to its IDS functionality, it is commonly used as a SEM/SIM solution. Because of its powerful log analysis engine, ISPs, universities and data centers are running OSSEC HIDS to monitor and analyze their firewalls, IDSs, web servers and authentication logs. For downloads and more information
Along with your rating, you can use the comment form to post a review, tutorial, tips and tricks, or anything else others will find useful. If you develop this software (or work for the company), please don't rate it.

OSSEC HIDS performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. In addition to its IDS functionality, it is commonly used as a SEM/SIM solution. Because of its powerful log analysis engine, ISPs, universities and data centers are running OSSEC HIDS to monitor and analyze their firewalls, IDSs, web servers and authentication logs. For downloads and more information, visit the OSSEC HIDS homepage.

OSSEC is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD, OS X, Solaris and Windows. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed.

OSSEC was written by Daniel B. Cid and made public in 2004.

Hi everyone.. I have followed this video step by step and installed apache server.... but until the step of "localhost/ossec-wui", it says "404 page not found", I have try to setup the ossec-wui anywhere else possible, but it just doesn't work. Does anyone know how to solve this?

OSSEC HIDS performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. In addition to its IDS functionality.

host based intrusion detection system or HIDS, easy to setup and configure. OSSEC has far reaching benefits for both security and operations staff.



Vulnerability Scanner (https://www.promisec.com/vulnerability-scanning-detection/)

OSSEC HIDS works log research, reliability verifying, rootkit recognition, time-based notifying and effective reaction. In addition to its IDS performance, it is widely used as a SEM/SIM solution.