OSSEC host-based intrusion detection guide
This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outli...
| Autor principal: | |
|---|---|
| Otros Autores: | , |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Burlington, MA :
Syngress Pub
c2008.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627514006719 |
Tabla de Contenidos:
- Front Cover; OSSEC Host-Based Intrusion Detection Guide; Copyright Page; Lead Authors; Contributors; Contents; About this Book; About the DVD; Foreword; Chapter 1: Getting Started with OSSEC; Introduction; Introducing Intrusion Detection; Network Intrusion Detection; Host-Based Intrusion Detection; File Integrity Checking; Registry Monitoring; Rootkit Detection; Active Response; Introducing OSSEC; Planning Your Deployment; Local Installation; Agent Installation; Server Installation; Which Type Is Right For Me?; Identifying OSSEC Pre-installation Considerations; Supported Operating Systems
- Special ConsiderationsMicrosoft Windows; Sun Solaris; Ubuntu Linux; Mac OS X; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 2: Installation; Introduction; Downloading OSSEC HIDS; Getting the Files; Preparing the System; Building and Installing; Performing Local Installation; Performing Server-Agent Installations; Installing the Server; Managing Agents; Installing Agents; Installing the Unix Agent; Installing the Windows Agent; Streamlining the Installations; Install Once, Copy Everywhere; Unix, Linux, and BSD; Push the Keys; Unix, Linux, and BSD; Summary
- Solutions Fast TrackFrequently Asked Questions; Chapter 3: OSSEC HIDS Configuration; Introduction; Understanding the OSSEC HIDS Configuration File; Configuring Logging/Alerting Options; Alerting with Email; Configuring Email; Basic Email Configuration; Granular Email Configuration; Receiving Remote Events with Syslog; Configuring Database Output; Declaring Rule Files; Reading Log Files; Configuring Integrity Checking; Configuring an Agent; Configuring Advanced Options; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 4: Working with Rules; Introduction; Introducing Rules
- Understanding the OSSEC HIDS Analysis ProcessPredecoding Events; Decoding Events; Decoder Example: sshd Message; Decoder Example: vsftpd Message; Using the Option; Decoder Example: Cisco PIX Message; Decoder Example: Cisco IOS ACL Message; Understanding Rules; Atomic Rules; Writing a Rule; Composite Rules; Working with Real World Examples; Increasing the Severity Level of a Rule; Tuning Rule Frequency; Ignoring Rules; Ignoring IP Addresses; Correlating Multiple Snort Alerts; Ignoring Identity Change Events; Writing Decoders/Rules for Custom Applications
- Deciding What Information to ExtractCreating the Decoders; Creating the Rules; Monitoring the Log File; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 5: System Integrity Check and Rootkit Detection; Introduction; Understanding System Integrity Check (syscheck); Tuning syscheck; Working with syscheck Rules; Ignoring Specific Directories; Increasing the Alert Severity for Important Files; Increasing the Severity for Changes During the Weekend; Configuring Custom Syscheck Monitoring; Detecting Rootkits and Enforcing/Monitoring Policies
- Detecting Rootkits on Linux, Unix, and BSD
