OSSEC is an Open Source Host-based Intrusion Detection System (IDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response.
OSSEC is now out with its release v1.5 with more bug fixes and features listed below :
-New log formats (info):
- Solaris BSM auditing logs
- Asterisk logs
- Checkpoint and Smart Defense logs
- Debian package (dpkg) install/status/remove messages
- Shorewall logs
- Postfix SASL error messages
- Localized pure-ftpd messages (for 12 different languages)
- DJB multilog
-Greek translation of the install.
-Added agent_control tool to manage the agents directly from the server (info).
-New options to syscheckd/rootcheckd to better schedule the scans (info).
-Performance improvements to the Windows Agent, specially when dealing with
large event logs.
-Added new options to Rootcheck to look for common web exploits installed
on the system (used to attack others).
Download it from: https://www.ossec.net/main/downloads .
It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. A list with all supported platforms is available here. Haven’t tried it yet? try it now.
