- Instant OSSEC Host-based Intrusion Detection System
- Brad Lhotsky
- 124字
- 2021-08-13 16:28:01
How to do it...
Now that the server is ready, we'll have to double-check the remote namespace in the /var/ossec/etc/ossec.conf file:
- To configure the remote daemon and to communicate with them, we just need to make sure that we implement the following configuration:
<remote> <connection>secure</connection> <allowed-ips>192.168.0.0/23</allowed-ips> </remote> - Another key setting in server mode is the whitelist for active response. Set it up now as illustrated in the following configuration, even if you don't plan on utilizing the active response:
<global> <!—Our LAN --> <white_list>192.168.0.0/23</white_list> <!-- MS Exchange Server --> <white_list>1.2.3.4</white_list> </global>
- We will then verify and configure our e-mail settings as follows:
<global> <email_notification>yes</email_notification> <email_to>security.alerts@example.com</email_to> <smtp_server>localhost</smtp_server> <email_from>ossecm@server.example.com</email_from> </global> - We can then establish our basic e-mail and log thresholds as follows:
<alerts> <log_alert_level>1</log_alert_level> <email_alert_level>7</email_alert_level> </alerts> - Don't forget to restart the server for the changes to take effect:
$ sudo /var/ossec/bin/ossec-control restart
推薦閱讀
- 信息安全導論(在線實驗+在線自測)
- Metasploit Penetration Testing Cookbook(Second Edition)
- 信息系統(tǒng)安全檢測與風險評估
- 深入淺出隱私計算:技術解析與應用實踐
- API攻防:Web API安全指南
- 數據安全實踐指南
- ARM匯編與逆向工程:藍狐卷·基礎知識
- 計算機網絡安全技術研究
- 黑客攻防與網絡安全從新手到高手(絕招篇)
- 數據安全領域指南
- 安全防御入門手冊
- 互聯(lián)網企業(yè)安全高級指南
- Bug Bounty Hunting Essentials
- 黑客攻防從入門到精通:實戰(zhàn)篇(第2版)
- BeagleBone for Secret Agents