Free ebook: OSSEC How-To – The Quick And Dirty Way

Author: Nicolas Zin, Systems Engineer & Solutions Architect, Savoir-faire Linux

ossec.cover.small15 years ago, I tried to installed an IDS: snort. After 2 days, I gave up: it was painful to install, docs were not as prevalent as now, and most importantly, it did not come with predefined rules. Before beginning to have something working, I had to spend 2 days, to write regular expression and be lucky to catch something. Days have changed, I guess snort too, but before trying back snort, I found OSSEC.

OSSEC is called an HIDS: a “Host Intrusion Detection System”; because it is mainly a Log Analyzer but not only. OSSEC is mainly useful for 3 things: see what is going on; stop brute-force attacks (ftp, web, ssh…); cover PCI-compliance requirements related to monitoring.






(1.5 MB)



(2,0 Mo)



NB – This how-to book is a quick and dirty guide for OSSEC, it is not a reference book. If you need more, Daniel Cid, the author of OSSEC, wrote a book in 2008 titled OSSEC Host-Based Intrusion Detection Guide. You can buy it on Amazon or download it for free (PDF, 8.4 MB).

One thought on “Free ebook: OSSEC How-To – The Quick And Dirty Way”

  1. You are basically Jesus to me right now.
    I am a day in and I have basically resorted to rocking back and forth under my chair. I got the thing running and was stuck at… um…. now what…..

Leave a Reply

Your email address will not be published. Required fields are marked *