Configuring the firewall is the first step towards security. However, the firewall alone is not sufficient to protect us from cyber threats. If malware somehow manages to bypass or disable the firewall and infects a system, we should be able to stop it. An Intrusion Detection System, or IDS, is a security tool that can help us in that regard.
When malware infects a system, it often changes system files before it starts its malicious activities. Moreover, malware often leaves a trail in system log files. So, if we can use a tool that will monitor system files, system log files, or changes in running services, that would help us a lot in detecting intrusions. OSSEC HIDS is an Intrusion Detection System (IDS) that can be used for that purpose.
When installed and configured properly, OSSEC HIDS does the following:
- It monitors system log files to find trails of malware
- It detects changes in system files or paths that can be because of malware
- It can detect rootkits.
- It can detect unauthorized changes in running services, disk space or password files.
- It can prevent certain attacks by changing firewall rules.
In this article, we would know:
-
How to install OSSEC on Linux?
-
How to configure OSSEC on Linux?
0 Comments