Integrity, logs, and alerts with OSSEC
Founded by the El Cid of HIDS Daniel Cid, OSSEC monitors your system configuration, file integrity, and any logs you throw at it. Its active response blocks badness and, by way of a tidy aside, it routs rootkits. What's more, it reports back to us by e-mail or by parsing data to a GUI, so we can home in on problems with efficiency:
OSSEC – http://ossec.net
Obtaining and verifying the source
You may or may not need some compilation tool or other, like so:
aptitude install build-essentialNow head to the downloads page, http://ossec.net/main/downloads, right-clicking and noting the link location for the latest Unix/Linux version. Take root, change to a suitable download location and, swapping your version for this one, get the file:
sudo –i
cd /usr/local/src
wget http://www.ossec.net/files/ossec-hids-2.5.1.tar.gzCheck the file's integrity as explained in Chapter 9 and, swapping the version again, paste this to unpack the file, change into the expanded folder...
