-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathuser_cases.html
376 lines (338 loc) · 29.9 KB
/
user_cases.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>User Testimonials — OSSEC</title>
<link rel="stylesheet" href="../_static/basic.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../_static/bootstrap-3.2.0/css/bootstrap.min.css" type="text/css" />
<link rel="stylesheet" href="../_static/bootstrap-3.2.0/css/bootstrap-theme.min.css" type="text/css" />
<link rel="stylesheet" href="../_static/bootstrap-sphinx.css" type="text/css" />
<link rel="stylesheet" href="../_static/parallax.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '3.2.0',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/js/jquery-1.11.0.min.js"></script>
<script type="text/javascript" src="../_static/js/jquery-fix.js"></script>
<script type="text/javascript" src="../_static/bootstrap-3.2.0/js/bootstrap.min.js"></script>
<script type="text/javascript" src="../_static/bootstrap-sphinx.js"></script>
<link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
<meta name="apple-mobile-web-app-capable" content="yes">
<link href="https://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.min.css" rel="stylesheet">
<style type="text/css">
ul.ablog-archive {list-style: none; overflow: auto; margin-left: 0px}
ul.ablog-archive li {float: left; margin-right: 5px; font-size: 80%}
</style>
</head>
<body role="document">
<div id="navbar" class="navbar navbar-inverse navbar-default ">
<div class="container">
<div class="navbar-header">
<!-- .btn-navbar is used as the toggle for collapsed navbar content -->
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="../index.html"><img src="../_static/ossec_logo_bare_small.png">
OSSEC</a>
<span class="navbar-text navbar-version pull-left"><b>3.3</b></span>
</div>
<div class="collapse navbar-collapse nav-collapse">
<ul class="nav navbar-nav">
<li><a href="../about.html">About <i class="fa fa-info-circle"></i></a></li>
<li><a href="../blog.html">Blog <i class="fa fa-archive"></i></a></li>
<li><a href="../docs/">Documentation <i class="fa fa-book"></i></a></li>
<li><a href="../downloads.html">Downloads <i class="fa fa-download"></i></a></li>
<li class="dropdown globaltoc-container">
<a role="button"
id="dLabelGlobalToc"
data-toggle="dropdown"
data-target="#"
href="../index.html">Site <b class="caret"></b></a>
<ul class="dropdown-menu globaltoc"
role="menu"
aria-labelledby="dLabelGlobalToc"></ul>
</li>
</ul>
<form class="navbar-form navbar-right" action="../search.html" method="get">
<div class="form-group">
<input type="text" name="q" class="form-control" placeholder="Search" />
</div>
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="section" id="user-testimonials">
<span id="user-cases"></span><h1>User Testimonials<a class="headerlink" href="#user-testimonials" title="Permalink to this headline">¶</a></h1>
<div class="section" id="kurt-r-hinson-at-amazon-com-2008-oct">
<h2>Kurt R. Hinson at Amazon.com (2008 Oct)<a class="headerlink" href="#kurt-r-hinson-at-amazon-com-2008-oct" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Oct</span> <span class="pre">29</span> <span class="pre">2008</span></code></p>
<blockquote>
<div><p><em>“In these days of tight and/or frozen budgets, utilizing open source applications has become a must for many of us in the security realm. ``OSSEC is one such “must have” application that will give you visibility and insight into Windows, Mac and Linux machines on your network through the use of this Host Intrusion Detection application.``</em>
<em>There are many options, architectures and configuration variables and this book is an excellent resource that will guide you whether you are a seasoned professional or just starting to think about deploying host based intrusion detection in your environment. This book is a must have for any security engineer’s bookshelf and a quick way to get you on the road to compliance using powerful and FREE software.”</em></p>
<p>Full post at <a class="reference external" href="http://www.amazon.com/review/R32029DCBX9A4G/ref=cm_cr_rdp_perm">amazon.com</a></p>
</div></blockquote>
</div>
<div class="section" id="aaron-bliss-at-brockport-edu-2008-apr">
<h2>Aaron Bliss at brockport.edu (2008 Apr)<a class="headerlink" href="#aaron-bliss-at-brockport-edu-2008-apr" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Apr</span> <span class="pre">23</span> <span class="pre">2008</span></code></p>
<blockquote>
<div><p><em>“Hi everyone,</em>
<em>I’ve been using ossec for a few months now and everything is working great (a truly excellent, robust application set).”</em></p>
<p>Full post at <a class="reference external" href="http://groups.google.com/group/ossec-list/browse_thread/thread/63c3e258cae1c90f">google groups</a></p>
</div></blockquote>
</div>
<div class="section" id="mike-at-itadmins-org-2008-mar">
<h2>Mike at itadmins.org (2008 Mar)<a class="headerlink" href="#mike-at-itadmins-org-2008-mar" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Mar</span> <span class="pre">28</span> <span class="pre">2008</span></code></p>
<blockquote>
<div><p><em>“After testing it out on several of my machines, I can officially say it.s exactly what I was looking for in an IDS: something lightweight, cross-platform, and well documented. ... This is absolutely what I was looking for in intrusion detection. Go check OSSEC out when you get a chance.”</em></p>
<p>Full article at <a class="reference external" href="http://itadmins.org/?p=58">http://itadmins.org/?p=58</a></p>
</div></blockquote>
</div>
<div class="section" id="joe-bar-at-linux-com-2008-mar">
<h2>Joe Bar at Linux.com (2008 Mar)<a class="headerlink" href="#joe-bar-at-linux-com-2008-mar" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Mar</span> <span class="pre">11</span> <span class="pre">2008</span></code></p>
<blockquote>
<div><p><em>“OSSEC is a <b>complete Host Intrusion Detection System, meant to detect any and all attempts at intrusion</b>. We reviewed OSSEC in 2006, when it was at the 0.9 release. But even though its much larger and more complex than the other two tools, <b>OSSEC installation is a breeze.”</em></p>
<p>Full article at <a class="reference external" href="http://www.linux.com/feature/128450">http://www.linux.com/feature/128450</a></p>
</div></blockquote>
</div>
<div class="section" id="steve-mcmaster-2007-dec">
<h2>Steve McMaster (2007 Dec)<a class="headerlink" href="#steve-mcmaster-2007-dec" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Dec</span> <span class="pre">11</span> <span class="pre">2007</span></code></p>
<blockquote>
<div><p><em>“I heard a talk once where the presenter said the true strength of your network security comes when you take away your firewall; what happens to your network if someone adds an .Any to Any on Any Accept. rule to the top of your rulebase? Does your network fall apart and crumble? Obviously, that.s quite a blow to the defense of your network . but can you fight from one knee until reinforcements arrive? <b>One of the best tools you can get to help you out is software called OSSEC</em>
<em>The idea behind OSSEC is simple . have software that watches your logs, understands what they mean, and reacts as necessary...</em>
<em>Getting OSSEC running is surprisingly simple, considering how powerful it is</b>. All it takes is some knowledge of Linux, and knowing what logs you want to watch. Don.t worry, there is an agent for Windows servers, too; however, the server itself runs only on Linux...”</em></p>
<p>Full article at <a class="reference external" href="http://news.hurricanelabs.com/article.php?story=20071211101538488">http://news.hurricanelabs.com/article.php?story=20071211101538488</a></p>
</div></blockquote>
</div>
<div class="section" id="paul-sebastian-ziegler-at-observed-de-2007-sep">
<h2>Paul Sebastian Ziegler at observed.de (2007 Sep)<a class="headerlink" href="#paul-sebastian-ziegler-at-observed-de-2007-sep" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Sep</span> <span class="pre">05,</span> <span class="pre">2007</span></code></p>
<blockquote>
<div><p><em>“During Defcon15 there was a new kind of contest called the ”?wn the box” competition where anyone who 0wned a box got to take it home. I was over there as a speaker so I thought it might be fun to try defending a box. My box was based on Gentoo-Linux and hardened using various techniques...</em>
<em>So the results were recently published on the DC-Homepage (http://defcon.org/) - and if you look closely there is this line saying “Most evil entry: Tatsumori (Gentoo Hardened with arp poisoning evilness)” The arp-foo was actually done using scapy, but I scripted it as an active response for OSSEC 1.2. So part of my success to survive there (and really make people curse out while hacking) is OSSEC.</em>
<em>It’s great modularity and easy extensibility makes creating kick-ass crazy dedicated solutions so much easier then it was ever before.”</em></p>
<p>Full comment at <a class="reference external" href="http://observed.de/?entnum=83">http://observed.de/?entnum=83</a></p>
</div></blockquote>
</div>
<div class="section" id="anonymous-comment-at-blog-gnist-org-2007-aug">
<h2>Anonymous comment at blog.gnist.org (2007 Aug)<a class="headerlink" href="#anonymous-comment-at-blog-gnist-org-2007-aug" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Aug</span> <span class="pre">18,</span> <span class="pre">2007</span></code></p>
<blockquote>
<div><p><em>“To anyone else reading this who hosts servers and is worried about getting attacked, i use http://www.ossec.net/ which is effectively a self defence program.</em>
<em>If you try and brute force (more than n attempts in p seconds) or portscan my machine, it simply locks you out for 24 hours by denying that IP.</em>
<em>It has other useful features and even lets me know when it’s being attacked - absolutely brilliant program and i have no hesitation in recommending it.”*</em></p>
<p>Full comment at <a class="reference external" href="http://blog.gnist.org/article.php?story=HollidayCrackingblog.gnist.org">http://blog.gnist.org/article.php?story=HollidayCrackingblog.gnist.org</a> blog.gnist.org</p>
</div></blockquote>
</div>
<div class="section" id="jeremy-melanson-at-lists-debian-2007-aug">
<h2>Jeremy Melanson at lists.debian (2007 Aug)<a class="headerlink" href="#jeremy-melanson-at-lists-debian-2007-aug" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Aug</span> <span class="pre">17,</span> <span class="pre">2007</span></code></p>
<blockquote>
<div><p><em>“My company just got PCI certified (we’re on our way to CISP)...</em>
<em>Here’s a run-down of the projects that I’ve implemented to achieve our PCI compliance...</em>
<em>Host Intrusion Detection, File Integrity Monitor (OSSEC): I’m using OSSEC (http://www.ossec.net) to monitor the individual SysLog files for perceived security issues. OSSEC understands Snort, Cisco PIX, IPTables, and a host of others.</em>
<em>Additionally, I have OSSEC agents running on each of my servers (including Windoze), which report back to a central OSSEC Server. The agents are primarily in charge of monitoring important files for changes (nice view during upgrades), and secondarily in charge of scanning for RootKits.</em>
<em>OSSEC can also interface with IPTables and other host-based firewalls, as a means of implementing Real-time greylisting...</em></p>
<p>Full post at <a class="reference external" href="http://lists.debian.org/debian-security/2007/08/msg00114.html">http://lists.debian.org/debian-security/2007/08/msg00114.html</a></p>
</div></blockquote>
</div>
<div class="section" id="chuck-little-at-security-horizon-2007-jul">
<h2>Chuck Little at Security Horizon (2007 Jul)<a class="headerlink" href="#chuck-little-at-security-horizon-2007-jul" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Jul</span> <span class="pre">25,</span> <span class="pre">2007</span></code></p>
<blockquote>
<div><p><em>“Though OSSEC-HIDS is a fairly young project .., it.s approach to intrusion detection is based on commonsense, and extremely extensible. And that is something I think we have been missing from software products these days: common-sense.</em>
<em>Most vendors seem more inclined to add features, and a sparkly/pretty GUI, and less inclined to fix their detection</em>
<em>engine or refine signatures (for signaturebased IDS) to help reduce false positives. Hopefully OSSEC-HIDS will be a trend-setter in that other IDS vendors get back to their roots and use a more common-sense based approach to intrusion detection. <b>Forget the glitz and pretty graphs; just make something that works. OSSEC-HIDS is just that....it works; and has an added bonus of working well.</em></p>
<p>Full article at <a class="reference external" href="http://www.securityhorizon.com/journal/TSJ-2007-03-summer.pdf">Security Horizon Summer 07</a></p>
</div></blockquote>
</div>
<div class="section" id="clayton-dillard-at-ossec-list-2007-jul">
<h2>Clayton Dillard at OSSEC-list (2007 Jul)<a class="headerlink" href="#clayton-dillard-at-ossec-list-2007-jul" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Jul</span> <span class="pre">25,</span> <span class="pre">2007</span></code></p>
<blockquote>
<div><p><em>“Also, I wanted to thank the folks involved with developing and maintaining the OSSEC project. We’ve had OSSEC in production for only a couple of months and it has already helped us identify several attacks and a few agent/host configuration issues.</em>
<em>Thanks for a great product!”</em></p>
<p>Link <a class="reference external" href="http://www.ossec.net/ossec-list/2007-July/msg00070.html">here</a></p>
</div></blockquote>
</div>
<div class="section" id="mraju-at-muraliraju-info-2007-jul">
<h2>Mraju at /muraliraju.info (2007 Jul)<a class="headerlink" href="#mraju-at-muraliraju-info-2007-jul" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Jul</span> <span class="pre">01,</span> <span class="pre">2007</span></code></p>
<blockquote>
<div><p><em>“I am truly impressed with OSSEC when it comes to HIDS (Host intrusion Detection System) functions...</em>
<em>OSSEC is a project from Daniel B. Cid (contact at ossec.net) who is the primary author of this great tool. I run OSSEC from a single box to cluster of machines ranging in the 100s, primarily running *NIX. Although, I primarily use it for HIDS (agent) setups, recently I am starting to see a benefit in using OSSEC for log analysis. This started with OSSEC reporting alerts from mod_security, which I use heavily as a WAF for Web Applications... “</em></p>
<p>Link to the blog post: <a class="reference external" href="http://muraliraju.info/2007/7/1/hids-with-ossec">HIDS with OSSEC</a></p>
</div></blockquote>
</div>
<div class="section" id="matt-groves-at-blog-mattgroves-com-2007-jun">
<h2>Matt Groves at blog.mattgroves.com (2007 Jun)<a class="headerlink" href="#matt-groves-at-blog-mattgroves-com-2007-jun" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Jun</span> <span class="pre">10,</span> <span class="pre">2007</span></code></p>
<blockquote>
<div><p><em>”..</em>
<em>I have several methods by which I achieve this, and I’m not going to advertise them all. One of the ways that I achieve proactive security monitoring and reactive system changes to cease attempts made by nasties on the internet getting access or extended information about the system, is to use a Host Based Intrusion Detection System (HIDS) and of all the packages that I have experienced, have stuck with, <b>and can highly recommend OSSEC - open source, free, regularly updated, virtually bug-free and a very good ruleset.</b> I’m listed as a donor now, too :-)”</em></p>
<p>Read full post at <a class="reference external" href="http://blog.mattgroves.com/2007/06/ossec_host_based_intrusion_det.html">his blog entry</a></p>
</div></blockquote>
</div>
<div class="section" id="christopher-j-buckley-cbuckley-at-redhat-com-2007-may">
<h2>Christopher J. Buckley - cbuckley at redhat.com (2007 May)<a class="headerlink" href="#christopher-j-buckley-cbuckley-at-redhat-com-2007-may" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">May</span> <span class="pre">04,</span> <span class="pre">2007</span></code></p>
<blockquote>
<div><p><em>“OSSEC is a leading Intrusion Detection System for Enterprise UNIX(-like) and Windows platforms. <b>OSSEC is, by quite a way, the most innovative and customisable IDS product I have worked with.</em>
<em>As a result of it.s ease of customisations, the developer Daniel B. Cid, with a little bit of help from myself, have implemented supported rule-sets for my former employers. products: Zeus WebServer and ZXTM. Both products are widely deployed across many enterprise environments; adding specific rulesets for their software is one which I hope assists all fellow sysadmins tasked with running infrastructure using Zeus software.</em></p>
<p>Read full post at <a class="reference external" href="http://www.cjbuckley.net/blog/2007/05/04/ossec-ruleset-for-zeus-webserver-and-zxtm">his blog entry</a></p>
</div></blockquote>
</div>
<div class="section" id="cynthia-harvey-at-esecurity-planet-2007-may">
<h2>Cynthia Harvey at eSecurity Planet (2007 May)<a class="headerlink" href="#cynthia-harvey-at-esecurity-planet-2007-may" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">May</span> <span class="pre">01,</span> <span class="pre">2007</span></code></p>
<blockquote>
<div><p><em>“This host-based intrusion detection system (HIDS) has recently been gaining popularity among enterprise users, in part because of its high scalability. If an attack overcomes your network defenses, Ossec HIDS stops the attack at the host level, and it can be configured to notify the network administrator when an attack occurs. It’s compatible with many firewalls and all the major operating systems.”</em></p>
<p>Read full post at <a class="reference external" href="http://www.esecurityplanet.com/article.php/11162_3678471_3">at the esecurityplanet article</a></p>
</div></blockquote>
</div>
<div class="section" id="eric-hines-at-linuxworld-2007-mar">
<h2>Eric Hines at LinuxWorld (2007 Mar)<a class="headerlink" href="#eric-hines-at-linuxworld-2007-mar" title="Permalink to this headline">¶</a></h2>
<blockquote>
<div><p><em>“I’ve selected OSSEC HIDS as the No. 1 open source tool due to its recent rapid growth in the enterprise. OSSEC HIDS is a rapidly evolving open source project that offers the first ever open source host intrusion detection and prevention system</b>, developed by Daniel Cid. The OSSEC HIDS project has been gaining widespread use and is quickly being deployed within organizations around the world as a method of protecting systems at the host level after attacks have made it past network defenses.</em>
<em>..</em>
<em>Combined with open source Snort, OSSEC gives administrators a 360-degree holistic view of both the network and the endpoint systems they are monitoring.</em>
<em>..</em>
<em>The OSSEC rules language is incredibly flexible and powerful allowing administrators to define their own custom rules to alert on any predefined text or patterns. Its detection capabilities do not stop at rules. It includes checks via syscheck for changes to user-specified directories, integrity checks on files and directories, MD5 checksum changes, file or directory sizes, file or directory ownership, and group, file and directory permissions. More importantly, OSSEC monitors the Windows registry, in which most trojans, spyware and backdoors are traditionally injected on Windows hosts..”</em></p>
<p>Read full post at <a class="reference external" href="http://www.linuxworld.com/news/2007/031207-top-5-security.html">LinuxWorld (ossec #1 security tool in the enterprise)</a></p>
</div></blockquote>
</div>
<div class="section" id="david-bianco-at-computer-world-2007-feb">
<h2>David Bianco at Computer World (2007 Feb)<a class="headerlink" href="#david-bianco-at-computer-world-2007-feb" title="Permalink to this headline">¶</a></h2>
<blockquote>
<div><p><em>“We were able to get a lot of out-of-the-box functionality,” </i>says David Bianco, cybersecurity analyst for Thomas Jefferson National Accelerator Facility in Newport News, Va. <i>”OSSEC immediately started parsing our firewall logs and alerting on Internet scans and probes. It’s also helping track failed logins, system account changes, IDS alerts and a few other things – all with very little work on our part.”</em></p>
<p>Read full post at <a class="reference external" href="http://www.computerworld.com.au/index.php/id;192427681;fp;4194304;fpid;1;pf;1">Computer World</a></p>
</div></blockquote>
</div>
<div class="section" id="sifu-kurt-at-infosec-kwoon-2006-oct">
<h2>Sifu Kurt at InfoSec Kwoon (2006 Oct)<a class="headerlink" href="#sifu-kurt-at-infosec-kwoon-2006-oct" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Oct</span> <span class="pre">12,</span> <span class="pre">2006</span></code></p>
<blockquote>
<div><p><em>“I’ve used a lot of different file integrity monitoring programs (Samhain, Osiris, and Tripwire just to name a few), and I’ve *
*messed with a number of different programs for log parsing and event correlation. <b>Then I found OSSEC, which takes all of these *
*things to an entirely new level</b>. Now instead of having to manage multiple different software packages, I can do it in one. But *
*that’s not the coolest thing. OSSEC will allow you to monitor syslog and Windows event logs as well as Apache, IIS, Snort, and numerous other logs from a single location, and it has a very robust set of rules to do event correlation. If you are so inclined, *
*you can even take advantage of the Active Response option and have OSSEC disable accounts, drop in firewall rules, etc., etc. Plus *
*it does file integrity monitoring on top of it all...”</em></p>
<p>Read full post at <a class="reference external" href="http://kwoon.blogspot.com/2006/10/ossec-host-based-intrusion-detection.html">his blog entry</a></p>
</div></blockquote>
</div>
<div class="section" id="marc-bayerkohler-2006-aug">
<h2>Marc Bayerkohler (2006 Aug)<a class="headerlink" href="#marc-bayerkohler-2006-aug" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Aug</span> <span class="pre">25,</span> <span class="pre">2006</span></code></p>
<blockquote>
<div><p><em>“GREAT SOFTWARE</em></p>
<p><em>First, thanks for publishing this software. the OSSEC HIDS project looks great so far. *
*It fills a serious need. I do PCI (payment card industry) consulting, and every client *
*needs to have a centralized log server and file integrity solution. The windows/unix *
*ability is perfect. This could save people a lot of money and get used.</em></p>
<p><em>Also, the installation was really fast.”</em></p>
<p>Read his message at <a class="reference external" href="http://www.ossec.net/ossec-list/2006-August/msg00317.html">this mailing list archive</a></p>
</div></blockquote>
</div>
<div class="section" id="pilou-2006">
<h2>Pilou (2006)<a class="headerlink" href="#pilou-2006" title="Permalink to this headline">¶</a></h2>
<blockquote>
<div><p><em>“Nice soft.</em></p>
<p><em>I’ve testing this hids on a Debian (kernel 2.6.17) and on a Red Hat Enterprise 3 (kernel 2.4).</em>
<em>It’s works without problems. I’ve use Nessus to testing it, and, it’s wonderful.</em>
<em>Iptables and hosts.deny was use without troubles, and Nessus can’t report some trouble or else.</em></p>
<p><em>Great.</em></p>
<p><em>Best regard Pilou”</em></p>
</div></blockquote>
</div>
<div class="section" id="fak3r-at-osnews-com-sep-2006">
<h2>fak3r at osnews.com (Sep 2006)<a class="headerlink" href="#fak3r-at-osnews-com-sep-2006" title="Permalink to this headline">¶</a></h2>
<p><code class="docutils literal"><span class="pre">Sep</span> <span class="pre">20,</span> <span class="pre">2006</span></code></p>
<blockquote>
<div><p><em>I’ve been running this on my FreeBSD server for 2 months now, and it’s been fantastic. *
*If I so much as modify one file in /etc I get an email telling me about it. It watches *
*a ton of other things, and is very configurable, but don’t be deterred, it runs fine on *
*the default settings while you learn the system, and install is a snap. While the above *
*HOWTO looks good, I installed w/o any problems from the OSSEC install doc:</em></p>
<p><em>http://www.ossec.net/en/manual.html#install</em></p>
<p><em>I would like to see this project get more attention, as computer security should not end at the firewall or snort.</em></p>
<p><em>fak3r</em></p>
<p>Read full post at <a class="reference external" href="http://www.osnews.com/comment.php?news_id=15903">osnews.com</a></p>
<p>His profile <a class="reference external" href="http://www.osnews.com/user.php?uid=6954">here</a>.</p>
</div></blockquote>
</div>
<div class="section" id="marty-hillman-it-director-mcse-gcih">
<h2>Marty Hillman, IT Director - MCSE, GCIH<a class="headerlink" href="#marty-hillman-it-director-mcse-gcih" title="Permalink to this headline">¶</a></h2>
<blockquote>
<div><p><em>“OSSEC is now monitoring traffic from all DC and business critical</em>
<em>servers so that I can monitor file access to specific files and illegal</em>
<em>access attempts such as invalid login attempts and account lockouts. It</em>
<em>is also monitoring all IIS logs so that I can see any potential</em>
<a href="#id4"><span class="problematic" id="id5">*</span></a>intrusion attempt. *</p>
<p><em>It has even come in handy with the departure of an employee in the past week who tried *
*accessing the system using accounts of other users. I was notified immediately of the account used and the</em>
<em>originating IP information so that I could immediately go after the guy.</em>
<em>Though still a reactive solution, it has cut my reaction time to virtually nothing...”</em></p>
</div></blockquote>
</div>
<div class="section" id="anonymous-at-mexico">
<h2>Anonymous at Mexico<a class="headerlink" href="#anonymous-at-mexico" title="Permalink to this headline">¶</a></h2>
<blockquote>
<div><p><em>“I started using ossec after watching the SANS webcast about it. I tried it for</em>
<em>a few days in a demo environment and then decided to deploy it on all my network.</em>
<em>I had a few Linux servers (Redhat), one Solaris system and a dozen Windows desktops.</em>
<em>I am glad I deployed it.. Just after the install, ossec found some rootkits on one of</em>
<em>my linux servers that had an FTP server installed and the presence of a some suspicious</em>
<a href="#id6"><span class="problematic" id="id7">*</span></a>files on the web server. *</p>
<p><em>After some investigation I found that the web server was</em>
<em>running an old version of a CMS software and that it had a bot installed. In addition</em>
<em>to that, it helped me discover some problems on my web server (crashing constantly)</em>
<em>and to control FTP/SSH brute force attacks. Thanks for the software...”</em></p>
</div></blockquote>
</div>
</div>
<div class="section">
</div>
</div>
</div>
</div>
<footer class="footer">
<div class="container">
<p class="pull-right">
<a href="#">Back to top</a>
</p>
<p>
© Copyright 2010-2019, OSSEC Project Team.<br/>
OSSEC <b>ossec.net</b> domain owned and maintained by <a href="https://www.ossec.net" target="_blank">OSSEC Foundation</a><br/>
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.5.2 -
Home page graphics courtesy of <a href="https://pixabay.com" target="_blank">pixabay</a>
</p>
</div>
</footer>
</body>
</html>