OSSEC + SNORT

Post by **Big-E** » 24 Nov 2007, 13:23

I have recently installed OSSEC which is a HIDS (HOST BASED INTRUSION DETECTION SYSTEM) and Snort which is also an IDS but also a IPS (Intrusion Prevention System), on my local network. Now, I can watch all traffic on my network, monitor suspicious activity and it even detects rootkits on my linux box, and registry changes in Windows..If anyone here is interested in getting into security, which I am sure, some of you are .. then this would be a pretty nifty thing to install and do some packet analysis with. As I learn, I will probably start to write some tutorials on packet analysis on here, as well as my blog I am currently developing. (which will consist of mostly security and sys admin related material but some general blogging as well).

If there is any interest in this, I can post some links to tutorials to install this on a Ubuntu Server 7.10 box.

Note: You do not need good hardware to run it either, mine currently is running on my 2.4ghz Celeron /w 256MB ram and an old EIDE Hard drive.

Lyecdevf · Post by **Lyecdevf** » 26 Nov 2007, 10:30

Damn that sounds good! Yeah, I would love a tutorial on that.

Post by **bad_brain** » 29 Nov 2007, 09:50

yeah, go for it!

I don't know if you are using it, but Oinkmaster is a great script to update the Snort signatures. so I feel free to post the link before you post yours:

http://oinkmaster.sourceforge.net/