OSSEC Host-Based Intrusion Detection Guide.

By: Bray, RoryContributor(s): Cid, Daniel | Hay, AndrewMaterial type: TextTextSeries: eBooks on DemandPublisher: : Elsevier Science, 2014Description: 1 online resource (335 p.)ISBN: 9780080558776Subject(s): Computer networks - Security measures | Computer security | OSSEC (Computer file) Computer security. Computer networks --Security measuresGenre/Form: Electronic books.Additional physical formats: Print version:: OSSEC Host-Based Intrusion Detection GuideDDC classification: 005.82 LOC classification: QA76.9.A25 H387 2008Online resources: Click here to view this ebook.
Contents:
Front Cover ; OSSEC Host-Based Intrusion Detection Guide; Copyright Page; Lead Authors; Contributors; Contents; About this Book; About the DVD; Foreword; Chapter 1: Getting Started with OSSEC; Introduction; Introducing Intrusion Detection; Network Intrusion Detection; Host-Based Intrusion Detection; File Integrity Checking; Registry Monitoring; Rootkit Detection; Active Response; Introducing OSSEC; Planning Your Deployment; Local Installation; Agent Installation; Server Installation; Which Type Is Right For Me?; Identifying OSSEC Pre-installation Considerations; Supported Operating Systems
Special ConsiderationsMicrosoft Windows; Sun Solaris; Ubuntu Linux; Mac OS X; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 2: Installation; Introduction; Downloading OSSEC HIDS; Getting the Files; Preparing the System; Building and Installing; Performing Local Installation; Performing Server-Agent Installations; Installing the Server; Managing Agents; Installing Agents; Installing the Unix Agent; Installing the Windows Agent; Streamlining the Installations; Install Once, Copy Everywhere; Unix, Linux, and BSD; Push the Keys; Unix, Linux, and BSD; Summary
Solutions Fast TrackFrequently Asked Questions; Chapter 3: OSSEC HIDS Configuration; Introduction; Understanding the OSSEC HIDS Configuration File; Configuring Logging/Alerting Options; Alerting with Email; Configuring Email; Basic Email Configuration; Granular Email Configuration; Receiving Remote Events with Syslog; Configuring Database Output; Declaring Rule Files; Reading Log Files; Configuring Integrity Checking; Configuring an Agent; Configuring Advanced Options; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 4: Working with Rules; Introduction; Introducing Rules
Understanding the OSSEC HIDS Analysis ProcessPredecoding Events; Decoding Events; Decoder Example: sshd Message; Decoder Example: vsftpd Message; Using the Option; Decoder Example: Cisco PIX Message; Decoder Example: Cisco IOS ACL Message; Understanding Rules; Atomic Rules; Writing a Rule; Composite Rules; Working with Real World Examples; Increasing the Severity Level of a Rule; Tuning Rule Frequency; Ignoring Rules; Ignoring IP Addresses; Correlating Multiple Snort Alerts; Ignoring Identity Change Events; Writing Decoders/Rules for Custom Applications
Deciding What Information to ExtractCreating the Decoders; Creating the Rules; Monitoring the Log File; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 5: System Integrity Check and Rootkit Detection; Introduction; Understanding System Integrity Check (syscheck); Tuning syscheck; Working with syscheck Rules; Ignoring Specific Directories; Increasing the Alert Severity for Important Files; Increasing the Severity for Changes During the Weekend; Configuring Custom Syscheck Monitoring; Detecting Rootkits and Enforcing/Monitoring Policies
Detecting Rootkits on Linux, Unix, and BSD
Summary: This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features of the product undocumented...until now! The book you are holding will show you how to install and configure OSSEC on the operating system of your choice and provide detailed examples to h
Tags from this library: No tags from this library for this title. Log in to add tags.
Item type Current location Call number URL Status Date due Barcode
Electronic Book UT Tyler Online
Online
QA76.9.A25 H387 2008 (Browse shelf) http://uttyler.eblib.com/patron/FullRecord.aspx?p=404904 Available EBL404904

Front Cover ; OSSEC Host-Based Intrusion Detection Guide; Copyright Page; Lead Authors; Contributors; Contents; About this Book; About the DVD; Foreword; Chapter 1: Getting Started with OSSEC; Introduction; Introducing Intrusion Detection; Network Intrusion Detection; Host-Based Intrusion Detection; File Integrity Checking; Registry Monitoring; Rootkit Detection; Active Response; Introducing OSSEC; Planning Your Deployment; Local Installation; Agent Installation; Server Installation; Which Type Is Right For Me?; Identifying OSSEC Pre-installation Considerations; Supported Operating Systems

Special ConsiderationsMicrosoft Windows; Sun Solaris; Ubuntu Linux; Mac OS X; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 2: Installation; Introduction; Downloading OSSEC HIDS; Getting the Files; Preparing the System; Building and Installing; Performing Local Installation; Performing Server-Agent Installations; Installing the Server; Managing Agents; Installing Agents; Installing the Unix Agent; Installing the Windows Agent; Streamlining the Installations; Install Once, Copy Everywhere; Unix, Linux, and BSD; Push the Keys; Unix, Linux, and BSD; Summary

Solutions Fast TrackFrequently Asked Questions; Chapter 3: OSSEC HIDS Configuration; Introduction; Understanding the OSSEC HIDS Configuration File; Configuring Logging/Alerting Options; Alerting with Email; Configuring Email; Basic Email Configuration; Granular Email Configuration; Receiving Remote Events with Syslog; Configuring Database Output; Declaring Rule Files; Reading Log Files; Configuring Integrity Checking; Configuring an Agent; Configuring Advanced Options; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 4: Working with Rules; Introduction; Introducing Rules

Understanding the OSSEC HIDS Analysis ProcessPredecoding Events; Decoding Events; Decoder Example: sshd Message; Decoder Example: vsftpd Message; Using the Option; Decoder Example: Cisco PIX Message; Decoder Example: Cisco IOS ACL Message; Understanding Rules; Atomic Rules; Writing a Rule; Composite Rules; Working with Real World Examples; Increasing the Severity Level of a Rule; Tuning Rule Frequency; Ignoring Rules; Ignoring IP Addresses; Correlating Multiple Snort Alerts; Ignoring Identity Change Events; Writing Decoders/Rules for Custom Applications

Deciding What Information to ExtractCreating the Decoders; Creating the Rules; Monitoring the Log File; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 5: System Integrity Check and Rootkit Detection; Introduction; Understanding System Integrity Check (syscheck); Tuning syscheck; Working with syscheck Rules; Ignoring Specific Directories; Increasing the Alert Severity for Important Files; Increasing the Severity for Changes During the Weekend; Configuring Custom Syscheck Monitoring; Detecting Rootkits and Enforcing/Monitoring Policies

Detecting Rootkits on Linux, Unix, and BSD

This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features of the product undocumented...until now! The book you are holding will show you how to install and configure OSSEC on the operating system of your choice and provide detailed examples to h

Description based upon print version of record.

There are no comments on this title.

to post a comment.