- Instant OSSEC Host-based Intrusion Detection System
- Brad Lhotsky
- 124字
- 2021-08-13 16:28:01
How to do it...
Now that the server is ready, we'll have to double-check the remote namespace in the /var/ossec/etc/ossec.conf file:
- To configure the remote daemon and to communicate with them, we just need to make sure that we implement the following configuration:
<remote> <connection>secure</connection> <allowed-ips>192.168.0.0/23</allowed-ips> </remote> - Another key setting in server mode is the whitelist for active response. Set it up now as illustrated in the following configuration, even if you don't plan on utilizing the active response:
<global> <!—Our LAN --> <white_list>192.168.0.0/23</white_list> <!-- MS Exchange Server --> <white_list>1.2.3.4</white_list> </global>
- We will then verify and configure our e-mail settings as follows:
<global> <email_notification>yes</email_notification> <email_to>security.alerts@example.com</email_to> <smtp_server>localhost</smtp_server> <email_from>ossecm@server.example.com</email_from> </global> - We can then establish our basic e-mail and log thresholds as follows:
<alerts> <log_alert_level>1</log_alert_level> <email_alert_level>7</email_alert_level> </alerts> - Don't forget to restart the server for the changes to take effect:
$ sudo /var/ossec/bin/ossec-control restart
推薦閱讀
- 攻守道:企業(yè)數(shù)字業(yè)務安全風險與防范
- Metasploit Penetration Testing Cookbook(Third Edition)
- 網(wǎng)絡空間安全:管理者讀物
- 數(shù)字安全藍皮書:本質(zhì)屬性與重要特征
- Mastering Kali Linux for Advanced Penetration Testing
- Getting Started with FortiGate
- Penetration Testing with Perl
- 數(shù)據(jù)安全實踐指南
- 諸神之眼:Nmap網(wǎng)絡安全審計技術(shù)揭秘
- 網(wǎng)絡安全技術(shù)與實訓(第4版)(微課版)
- 從0到1:CTFer成長之路
- 數(shù)據(jù)安全領域指南
- 空間群組密鑰管理研究:基于自主的深空DTN密鑰管理
- 白話零信任
- 網(wǎng)絡空間安全導論