Installing OSSEC on Linux Distributions

The last few posts have been about deploying and configuring OSSEC as an important tool in your security suite. In this article I will provide you a script I wrote to help you quickly deploy OSSEC. This script assumes you are deploying on a Linux distribution (e.g., Fedora, Ubuntu, CentOS, or Debian). It will force…

Read More

OSSEC FOR WEBSITE SECURITY: PART III – Optimizing for WordPress

The previous OSSEC articles went through through the process of installing OSSEC and deploying a distributed architecture. This article will focus on configuring OSSEC to make better sense of WordPress activity. WordPress is a powerful open-source Content Management System (CMS). Its biggest security weakness has always been its biggest blessing – its extensibility (e.g., plugin,…

Read More

OSSEC: Stop Agent Email Notifications from Being Grouped

email

This a quick post, for those of you that manage multiple agents under your manager, there might be instances where your email notifications will group different agent notifications together. This has to do with two things: Number of emails sent in an hour Grouping setting is On Default Max Emails By default, OSSEC has a…

Read More

OSSEC – Detecting New Files – Understanding How it Works

Security

I recently saw some discussion in the OSSEC distribution list of someone having an issue with getting OSSEC syscheck to work right in real-time. It reminded me of a similar issue I had with my own configuration and others I have read about, so I figured I’d write something to shed light on how OSSEC’s…

Read More