Free ebook: OSSEC How-To – The Quick And Dirty Way

Author: Nicolas Zin, Systems Engineer & Solutions Architect, Savoir-faire Linux

ossec.cover.small15 years ago, I tried to installed an IDS: snort. After 2 days, I gave up: it was painful to install, docs were not as prevalent as now, and most importantly, it did not come with predefined rules. Before beginning to have something working, I had to spend 2 days, to write regular expression and be lucky to catch something. Days have changed, I guess snort too, but before trying back snort, I found OSSEC.

OSSEC is called an HIDS: a “Host Intrusion Detection System”; because it is mainly a Log Analyzer but not only. OSSEC is mainly useful for 3 things: see what is going on; stop brute-force attacks (ftp, web, ssh…); cover PCI-compliance requirements related to monitoring.






(1.5 MB)



(2,0 Mo)



NB – This how-to book is a quick and dirty guide for OSSEC, it is not a reference book. If you need more, Daniel Cid, the author of OSSEC, wrote a book in 2008 titled OSSEC Host-Based Intrusion Detection Guide. You can buy it on Amazon or download it for free (PDF, 8.4 MB).

Leave a Reply

Your email address will not be published. Required fields are marked *