Latest news
Daniel B. Cid is the founder of the open source OSSEC HIDS and a principal researcher at Trend Micro. He has a special interest in intrusion detection, log analysis and secure development. In this interview he discusses the the open source host-based intrusion detection system in detail.Give our readers some background on the OSSEC project. How did it all start and evolve?
OSSEC is an open source HIDS that merges log analysis, file integrity monitoring, rootkit detection and active responses. It started as a side-project to help me solve some problems that I had on a previous job (6-7 years ago). They had the need to do integrity checking on multiple systems (Linux, Solaris AIX, etc) and Tripwire just didn't scale for us. We were forced to make it scale, and started using it because was the only solution available at the time, but it was a pain to manage individually on 100+ servers.
To minimize my problems, I decided to spend some nights developing a solution that would act like a centralized Tripwire, with all the files, checksums and alerts on one system only. It was meant to be more secure and easy to manage and that's how the Syscheck project was born.
Next, I needed was something like chkrootkit, but centralized and easy to add/remove stuff. A shell script with more than 1,000 lines didn't do it for me. That's how my second project, Rootcheck was born - it did all that chkrootkit did, but in a centralized and more elegant manner, with all the checks specified in configuration files centrally (later it evolved to system auditing and more advanced tests).
Being an open source fan, I released both as open source and created the OSSEC project to host them. My idea was to use OSSEC as my repository of open source security projects. A little while after, I released a centralized log analysis tool, osaudit, with a rule engine to analyze, decode and correlate logs.
Having these three projects separated and constantly installing the three on all my systems, I thought, why not merge them all together in a full HIDS package? That's how the OSSEC HIDS started and we first released it as a full HIDS in 2005. Later we added active responses, Windows support, agentless options to monitor routers and switches a quite a few more.
Last year Third Brigade acquired the project and that helped even more with our development. Since then I can work on OSSEC during the day and have the luxury of sleep during the nights (when before it was the only time available to develop it).
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
