« Previous 1 2 3 4 5
Open Source Security Information and Event Management system
Security Management
Installing OSSEC HID
OSSEC is a robust, cross-platform HID that offers log analysis, system integrity checking, policy monitoring, rootkit detection, and real-time alerting. In this example, I install a HID on an Ubuntu server.
On the example Ubuntu server, enter the following:
apt-get install build-essential
then wget the latest version of OSSEC:
wget http://www.ossec.net/files/ossec-hids-2.7.1.tar.gz tar -zxvf ossec-hids-2.7.1.tar.gz ./install.sh
Install OSSEC in defaults/var/ossec
, specify the IP of your OSSIM server as your OSSEC HID server, and select YES
to run an integrity check and rootkit detection daemons.
After you have OSSEC HID installed, you'll want to return to the OSSIM web interface and go to Environment | Detection | Add Agent (Figure 11) to enter the Agent Name of your choosing and the IP of the agent. Click Save .
Hereafter, you can simply go to the agent record and select the Extract Key icon shown in Figure 12. The agent key will then be displayed, which you can paste into your Ubuntu OSSEC agent. Now, SSH back into the OSSEC agent server on your Ubuntu server and run:
/var/ossec/bin/manage_agents
Enter I to import the key from your server, and then select Q to quit.
Next, you can restart OSSEC on your server using:
sudo service ossec restart
Finally, restart your OSSIM server. Once you are back in the web interface, you will see the new agent in all its glory (Figure 13).
Summary
In this article, I gave you an introductory taste of OSSIM. Although I have only shown you the basic setup, you should have some understanding of its overall capabilities. Now, you should be able to deploy your OSSIM in your existing environment. With patience and some documentation in hand, you can explore this stellar SIEM.
Infos
- OSSIM: http://communities.alienvault.com/
- AV-OTX: http://www.alienvault.com/open-threat-exchange
- USM: http://www.alienvault.com/products-solutions/compare-ossim-to-alienvault-usm
- OSSIM ISO: http://www.alienvault.com/free-downloads-services
- AlienVault appliance: http://www.alienvault.com/docs/AlienVault-Datasheet-Appliances.pdf
- OSSIM documentation: http://www.alienvault.com/resource-center/product-documentation
- AlienVault Repository of Knowledge: https://alienvault.bloomfire.com/
- OSSIM setup tutorial videos: http://www.alienvault.com/open-threat-exchange/learning-center
- OSSIM/AlienVault on YouTube: http://www.youtube.com/user/alienvaulttv
- OSSIM community forum: http://forums.alienvault.com/
- OSSIM source code repository: https://www.assembla.com/code/os-sim/git-2/nodes
- OSSIM installer download: http://downloads.alienvault.com/c/download?version=current_ossim_iso
« Previous 1 2 3 4 5
Buy this article as PDF
(incl. VAT)