In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Brief introduction of Ossec
Ossec is a very strong host IDS (hids), which can help us analyze logs, check file integrity, check rootkit and be able to alarm and respond actively in real time. In addition, ossec supports almost all mainstream operating systems, because it is open source, so we can do secondary development on ossec to integrate with some of our existing systems, such as zabbix,cacti. Its working mode is divided into two modes: C _ pact S mode and local mode. Local mode can be installed on a separate machine. This article will introduce the Cramp S model, which is most suitable for production environments.
Advantages of Ossec
Open source
Cross platform
Support clientless mode
Compliance requirement
Real-time and configurable alerts
Centralized management
Wait
Main functions of Ossec
Log analysis
File integrity check (UNIX and Windows)
Rootkit detection
Windows registry monitoring
Rootkit Detection based on UNIX
Real-time alarm and active response
Check disk space and system load
Detect host port changes
Nmap is supported to check port opening and changes.
You can detect domain name changes.
Wait
Installed by default in / var/ossec/
The main configuration file is in / var/ossec/etc/ossec.conf
* * stored in / var/ossec/etc/decoders.xml
Binaries / var/ossec/bin/
All the rules are in / var/ossec/rules/*.xml
Alerts are stored in / var/ossec/logs/alerts.log
Controlled by multiple processes (all controls through ossec-control)
Processes of the Ossec Server server
[root@localhost ~] # ps-ef | grep ossec
Ossecm 5505 1 0 13:21? 00:00:00 / var/ossec/bin/ossec-dbd
Ossecm 5510 10 13:21? 00:00:00 / var/ossec/bin/ossec-maild
Root 5512 1 0 13:21? 00:00:00 / var/ossec/bin/ossec-execd
Ossec 5518 1 0 13:21? 00:00:12 / var/ossec/bin/ossec-analysisd
Root 5522 1 0 13:21? 00:00:00 / var/ossec/bin/ossec-logcollector
Ossecr 5526 1 0 13:21? 00:00:00 / var/ossec/bin/ossec-remoted
Ossecr 5527 1 0 13:21? 00:00:01 / var/ossec/bin/ossec-remoted
Root 5534 1 0 13:21? 00:00:18 / var/ossec/bin/ossec-syscheckd
Ossec 5536 1 0 13:21? 00:00:00 / var/ossec/bin/ossec-monitord
[root@localhost ~] # / var/ossec/bin/ossec-control status
Ossec-monitord is running...
Ossec-logcollector is running...
Ossec-remoted is running...
Ossec-syscheckd is running...
Ossec-analysisd is running...
Ossec-maild is running...
Ossec-execd is running...
Ossec-dbd is running...
Tasks for each process
Analysisd-do all the analysis (main program)
Remoted-receives remote logs from the agent
Logcollector-read log files (syslog, flat files, Windows event logs, IIS, etc.)
Agentd-forward log server
Maild-send email alert
Execd-perform a positive response
Monitord-Monitor agent status, compressed and flagged log files, etc.
Ossec-control manages to start and stop all of them
Ossec local: general log fault analysis process
Log collection is done by ossec-logcollector
Analysis and decoding is done through ossec-analysisd
The alarm is done through ossec-maild.
Positive response is done by ossec-execd
Client/server: a general log analysis process for client / server architecture
Log collection is done by ossec-logcollector
Analysis and decoding is done through ossec-analysisd
The alarm is done through ossec-maild.
Positive response is done by ossec-execd
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.