Monitor in Real-Time with OSSEC | See What’s Taking Place in Your Server
HTML-код
- Опубликовано: 4 авг 2024
- In part 6 of this Blue Team training series from @HackerSploit, we'll cover Intrusion detection with OSSEC. OSSEC is an open-source, host-based intrusion detection system (HIDS) that performs log analysis, integrity checking, rootkit detection, time-based alerting, and active response, making it an ideal choice for server monitoring.
Check out the entire Blue Team Series here → • Hackersploit Linux Sec...
Chapters:
0:00 Introduction
0:41 What We’ll Be Covering
1:47 Prerequisites
1:54 Introduction to OSSEC
4:18 OSSEC Features
5:00 How OSSEC Works
5:35 About Our Lab Environment
6:30 Practical Demo
6:42 Where to Download OSSEC
8:36 Install OSSEC
14:00 Install lsystemd
15:37 Install and Connect Agent and Server
16:11 Install the Web UI
19:55 Start the Web UI
23:23 Install OSSEC on Windows
26:18 Running OSSEC For the First Time
29:30 Verify the Windows Agent is Running
30:52 Simulate Malicious Events
38:08 Review the Log Files
39:55 Conclusion
New to Cloud Computing? Get started here with a $100 credit → www.linode.com/linodetube
Watch Hackersploit's Red Team series here → • Adversary Emulation wi...
Learn more about using OSSEC → www.linode.com/products/
Subscribe to get notified of new episodes as they come out → ruclips.net/user/linode?sub_co...
#hackersploit #blueteam #cybersecurity
Product: Blue Team, OSSEC, Intrusion Detection; @HackerSploit - Наука
what os you using? can ubuntu 20.04 run ossec 3.7.0?
You said the command will provided, where they are ?
I have OSSEC installed on two Fedora VMs, they are both running and communicating, but the web UI doesn't seem to be detecting anything. Not the agent, not any events, etc. I followed the instructions you provided here as best I could (some things are a bit different due to using Fedora). Do you have any suggestions or insight as to why this could be happening?
Same Issue , Did you find a solution ?
do you use wui from ossec ? or grafana?
@@salsaamaliaputri-saphire-u7764 ossec-wui, I did find a solution though. Apparently the archaic ossec-wui code is not supported by the latest php version. I installed an older version of php and now the wui works
Same issue 😢
I have an assignment project about osec, can you give me the documents
my ossec server can not block ssh brute force, what should i configure to make the system blocks the attack?
ssh tar? pit
i dont get it, can you explain a bit more please?@@smika710
Where are the commands used in this video??
All the commands are just included in the docs of ossec and nothing else is needed
What password did you entered at 16:04
how are you clearing the screen without typing 'clear'?
Control + L acts as a shortcut for 'clear' (just learned this myself!)
@@AkamaiDeveloperunless he is not using tmux 😂
can someone please tell me how to decide our IP Address for new agent? as shown at 27:22
You will use the IP address of the system being monitored by the agent you have installed. Whereas a client would make requests of a server, the agent sends data back to the server to which it reports. This would be confirmed within your Window's Network & Internet settings
@@AkamaiDeveloper thanks in advance, ive a problem with ossec web interface it doesnt show anything on its page just the header, what should i do to make the web interface shows our log activity like that 19:58?
If the web ui is only showing the headers, it may be because you do not have the agent configured correctly. We suggest double checking your agent configurations.
Additionally, you can ask your question on the OSSEC community forums since the folks there will have more direct experience with the service itself:
forums.atomicorp.com/
@@salsaamaliaputri-saphire-u7764 I'm having the same problem. Was wondering if you found a solution?
I hope you guys don’t change your platform now that you’re owned by akamai…
Cannot connect the server for update - oum update return ERROR: request returned HTTP error code 401 [Username/Password Invalid] - Yes the password and username are correct
This issue was discussed in this OSSEC forum post:
support.atomicorp.com/hc/en-us/articles/1260803840869-OSSEC-ERROR-request-returned-HTTP-error-code-401-Username-Password-Invalid
Does the issue persist after you have attempted to reconfigure your username/password, and are you directly copy-pasting or attempting to manually enter your password?
@@AkamaiDeveloper Is the first thing I've read it doesn't work on my case
Just needed to wait maybe password sync takes a bit on their systems
are you using wui from ossec? is it still working? can you tell me how to install its wui correctly, my ossec wui doesnt shows anything