본문 바로가기

ids16

OSSEC Server, Client, Web UI and Analogi Dashboard Installation tutorial OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows. It also includes agentless monitoring for use with for example Cisco, HP or Juniper hardware.This tutorial covers.. 2013. 11. 12.
Configuring OSSEC with MySQL and Analogi I have been using OSSEC for a while now but I always used only plain text logs. While this is not bad, it does not scale really well. I started looking into a way to do it right(tm). I knew OSSEC was compatible with MySQL, and since 2.7 has been released, it gave me an excuse to play with it again.You will need to enable MySQL in OSSEC (not enabled by default), grab the source then do the follow.. 2013. 11. 5.
Testing Snort IDS with Metasploit vSploit Modules One of my key objectives for developing the new vSploit modules was to test network devices such as Snort. Snort or Sourcefire enterprise products are widely deployed in enterprises, so Snort can safely be considered the de-facto standard when it comes to intrusion detection systems (IDS). So much that even third-party intrusion detection systems often import Snort rules. Organizations are often.. 2011. 7. 11.
Snort 2.9.0.5 is available for download! This is the changelog for Snort 2.9.0.5: * src/build.h: Increment Snort build number to 134 * src/: decode.h, encode.c: * src/dynamic-plugins/sf_engine/: sf_snort_packet.h: * src/preprocessors/: spp_sfportscan.c, spp_frag3.c: * src/output-plugins/: spo_alert_fast.c: * src/preprocessors/Stream5/: stream5_common.c: Updated portscan to set protocol correctly in raw packet for IPv6 and changed the e.. 2011. 4. 8.
Fwsnort: Application layer IDS/IPS with iptables Fwsnort parses the rules files included in the Snort intrusion detection system and builds an equivalent iptables ruleset for as many rules as possible. Fwsnort utilizes the iptables string match module (together with a custom patch that adds a --hex-string option to the iptables user space code which is now integrated with iptables) to detect application level attacks. Fwsnort 1.5 now is availa.. 2011. 1. 14.
728x90