OSSEC is a free and open source host-based intrusion detection system (IDS). It has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response.
It works on most operationg systems, including Linux, Windows, Solaris, FreeBSD and OpenBSD. It also has an easy to setup centralized architecture, allowing multiple servers to be monitored from one central node.
It provides a pretty complete coverage if you are looking for an endpoint (server) security solution.
If you have not used OSSEC before, I recommend reading my guide to get started:
http://dcid.me/texts/my-ossec-setup-manual.html
OSSEC is very easy to install and takes less than 5 minutes if you are doing it on just one server:
1- Download OSSEC:
# wget https://dcid.me/ossec-packages/ossec-hids-latest.tar.gz
2- Install gcc and make. A simple “apt-get install gcc make” on Ubuntu or “yum install gcc make” on CentOS/RedHat will do it for you.
3- Run the script ./install.sh. It will guide you through the installation process.
# cd *ossec*
# ./install.sh
4- The install script will create everything necessary and get you up and running in a few minutes. Once completed, just run ossec-control to start OSSEC:
# /var/ossec/bin/ossec-control start
5- If you are running it on multiple servers, make sure to install the manager first and the agent install on the others. Use the manage_agents tool to create the right encryption keys.
6- Enjoy.
I am keeping both the bitbucket and github repositories of my fork in sync. So you can submit PR’s and issues to either one of them:
https://bitbucket.org/dcid/ossec-hids https://github.com/dcid/ossec-hids
I personally use more bitbucket, but either works.
Looking for old versions of OSSEC? Or just a history of all the versions? Enjoy!
The latest snapshot is here: https://bitbucket.org/dcid/ossec-hids/get/tip.tar.gz
- Apr 2016 http://dcid.me/ossec-packages/ossec-hids-2016-04.tar.gz
- Feb 2016 http://dcid.me/ossec-packages/ossec-hids-2016-02.tar.gz
- Dec 2015 http://dcid.me/ossec-packages/ossec-hids-2015-12.tar.gz
- Jul 11 2011 http://dcid.me/ossec-packages/ossec-hids-2.6.tar.gz
- Oct 12 2010 http://dcid.me/ossec-packages/ossec-hids-2.5.1.tar.gz
- Sep 27 2010 http://dcid.me/ossec-packages/ossec-hids-2.5.tar.gz
- Apr 19 2010 http://dcid.me/ossec-packages/ossec-hids-2.4.1.tar.gz
- Apr 1 2010 http://dcid.me/ossec-packages/ossec-hids-2.4.tar.gz
- Dec 4 2009 http://dcid.me/ossec-packages/ossec-hids-2.3.tar.gz
- Sep 4 2009 http://dcid.me/ossec-packages/ossec-hids-2.2.tar.gz
- Jul 2 2009 http://dcid.me/ossec-packages/ossec-hids-2.1.1.tar.gz
- Jun 29 2009 http://dcid.me/ossec-packages/ossec-hids-2.1.tar.gz
- Feb 27 2009 http://dcid.me/ossec-packages/ossec-hids-2.0.tar.gz
- Oct 8 2008 http://dcid.me/ossec-packages/ossec-hids-1.6.1.tar.gz
- Aug 31 2008 http://dcid.me/ossec-packages/ossec-hids-1.6.tar.gz
- Jun 17 2008 http://dcid.me/ossec-packages/ossec-hids-1.5.1.tar.gz
- Apr 30 2008 http://dcid.me/ossec-packages/ossec-hids-1.5.tar.gz
- Oct 28 2007 http://dcid.me/ossec-packages/ossec-hids-1.4.tar.gz
- Aug 3 2007 http://dcid.me/ossec-packages/ossec-hids-1.3.tar.gz
- May 14 2007 http://dcid.me/ossec-packages/ossec-hids-1.2.tar.gz
- Mar 7 2007 http://dcid.me/ossec-packages/ossec-hids-1.1.tar.gz
- Jan 11 2007 http://dcid.me/ossec-packages/ossec-hids-1.0.tar.gz
- Oct 18 2006 http://dcid.me/ossec-packages/ossec-hids-0.9-3.tar.gz
- Sep 23 2006 http://dcid.me/ossec-packages/ossec-hids-0.9-2.tar.gz
- Sep 4 2006 http://dcid.me/ossec-packages/ossec-hids-0.9-1a.tar.gz
- Aug 14 2006 http://dcid.me/ossec-packages/ossec-hids-0.9-1.tar.gz
- Jul 25 2006 http://dcid.me/ossec-packages/ossec-hids-0.9.tar.gz
- Jul 5 2006 http://dcid.me/ossec-packages/ossec-hids-0.8-6.tar.gz
- Jun 10 2006 http://dcid.me/ossec-packages/ossec-hids-0.8-3.tar.gz
- Jun 6 2006 http://dcid.me/ossec-packages/ossec-hids-0.8-2.tar.gz
- May 26 2006 http://dcid.me/ossec-packages/ossec-hids-0.8-1.tar.gz
- May 10 2006 http://dcid.me/ossec-packages/ossec-hids-0.8.tar.gz
- Mar 30 2006 http://dcid.me/ossec-packages/ossec-hids-0.7p1.tar.gz
- Mar 27 2006 http://dcid.me/ossec-packages/ossec-hids-0.7.tar.gz
- Feb 14 2006 http://dcid.me/ossec-packages/ossec-hids-0.6-1.tar.gz
- Feb 9 2006 http://dcid.me/ossec-packages/ossec-hids-0.6.tar.gz
- Nov 25 2005 http://dcid.me/ossec-packages/ossec-hids-0.5.tar.gz
- Oct 26 2005 http://dcid.me/ossec-packages/ossec-hids-0.4.tar.gz
- Sep 23 2005 http://dcid.me/ossec-packages/ossec-hids-0.3.tar.gz
- Aug 11 2005 http://dcid.me/ossec-packages/ossec-hids-0.2.tar.gz
- Jul 12 2005 http://dcid.me/ossec-packages/ossec-hids-0.1.tar.gz
The OSSEC book is available on Amazon: http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X