Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: OSSEC HIDS 2.0 (Default branch)
Special Forums News, Links, Events and Announcements Software Releases - RSS News OSSEC HIDS 2.0 (Default branch) Post 302293742 by Linux Bot on Tuesday 3rd of March 2009 05:50:05 PM
Old 03-03-2009
OSSEC HIDS 2.0 (Default branch)
OSSEC HIDS is a host-based intrusion detection system. It performs log analysis, integrity checking, rootkit detection, time-based alerting, and active response. License: GNU General Public License v3 Changes:
This version comes with numerous new features, including support for compiled (C-based) rules, new reporting tools, and agentless monitoring to allow file integrity checking on network devices (including firewalls, routers, etc). It also comes with support for new log formats, including Checkpoint logs, Yum, and a few more. Image

Image

More...
This User Gave Thanks to Linux Bot For This Post:
 

2 More Discussions You Might Find Interesting

1. Cybersecurity

Not being able to run SYSCHEKD in OSSEC local (HIDS)

I am newbee to OSSEC. My objective is to install OSSEC in a ubuntu 10.04 server, configure it and then install rootkits, tamper files and then scan for possible notification and alerts. BUT I tired and then changed few setting in ossec.conf but its nearly similar to default setting. After... (1 Reply)
Discussion started by: metalaarif
1 Replies

2. Red Hat

Regding OSSEC

FYI... Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers installed in chroot environment. Moreover ossec server and apache (web servers are agents) are installed in separate machines. In ossec.conf file, added below configuration in both server and agent. ... (0 Replies)
Discussion started by: vamsi_k
0 Replies

LEARN ABOUT HPUX

audit_track_paths

audit_track_paths(5)						File Formats Manual					      audit_track_paths(5)

NAME

       audit_track_paths - enable/disable tracking of current and root directories for auditing subsystem

VALUES

   Failsafe
   Default
   Allowed values
       or

   Recommended values
       if is turned on or is installed,

       otherwise.

DESCRIPTION

       is a dynamic tunable and replaces specific static tunable

       Setting	the  tunable  to  enables both and to resolve and report absolute pathnames for their accounting purposes.  This also causes addi-
       tional tracking by the kernel, resulting in a small degradation in performance (and increase in kernel memory usage), even if auditing sub-
       system  is not in use.  Although it is not required, but it is highly recommended to reboot the system when setting the tunable to with the
       intention to be able to record the absolute pathnames. Otherwise, or may not be able to resolve and report absolute pathname consistently.

       When is set to will not resolve absolute pathnames, while will be unable to open the device and collect data.  This is because HIDS  always
       expects a complete pathname for its purposes.

       The tunable is set to state when the system is installed without and its value is set to The tunable is set to when is first installed.

   Who Is Expected to Change This Tunable?
       Administrator with proper privileges can change the value of depending on the restrictions stated below.

   Restrictions on Changing
       The tunable is a dynamic tunable so any changes to this will take effect immediately, provided following conditions are satisfied:

       1) If  the  new	tunable  value	is 0 (and not then will not be able to open the IDDS device; and therefore, it will not be able to run any
	  intrusion detection template that requires system call audit records.  This restriction is enforced to avoid HIDS  reporting	incomplete
	  or relative pathnames.

       2) If is opened, then the administrator will not be allowed to change the value of the tunable.

       3) If the tunable is set to will self-tune its value to when the IDDS device is opened by

       4) If the tunable value is set to will self-tune its value to at the time of turning auditing.

       5) If is already the administrator is not allowed to change the tunable value.

       6) If  the administrator changes the tunable value from to a reboot of the system is recommended to avoid reporting of partial pathnames by
	  or

   When Should the Tunable Be Turned On?
       The tunable should be turned if either or is going to be started.

   What Are the Side Effects of Turning the Tunable On?
       The name of the current working directory (and root directory) of every process is tracked, resulting in a change in memory usage and  per-
       formance of the system.

   When Should the Tunable Be Turned Off?
       When both and are

   What Are the Side Effects of Turning the Tunable Off?
       When  the  tunable  is  is  unable  to  use  any  detection  template that requires system call audit records (such as the "Modification of
       Files/Directories Template").  See HP-UX HIDS documentation for more information about templates.  Also in this case will  report  relative
       pathnames in the audit log.

   What Other Tunables Should Be Changed at the Same Time?
       This tunable is independent of other tunables.

WARNINGS

       All  HP-UX kernel tunable parameters are release-specific.  This parameter may be removed or have its meaning changed in future releases of
       HP-UX.

       Installation of optional kernel software, from HP or other vendors, may cause changes to tunable  parameter  values.   After  installation,
       some  tunable  parameters may no longer be at the default or recommended values.  For information about the effects of installation on tun-
       able values, consult the documentation for the kernel software being installed.	For information about optional kernel  software  that  was
       factory installed on your system, see at

AUTHOR

       was developed by HP.

SEE ALSO

       kctune(1M), audit(5), ids.cf(5).

							     Tunable Kernel Parameters					      audit_track_paths(5)
All times are GMT -4. The time now is 12:06 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy