[prelude-devel] Prelude support for Ossec
Sebastien Tricaud
sebastien.tricaud at gmail.com
Sun Oct 7 22:50:11 CEST 2007
Hello people,
I am happy the announce the prelude support in the upcoming Ossec release.
What is it?
======
OSSEC is an Open Source Host-based Intrusion Detection System. It
performs log analysis, integrity checking, Windows registry
monitoring, rootkit detection, real-time alerting and active response.
Download it!
========
The prelude code is currently in CVS, but you can get a nightly snapshot here :
http://www.ossec.net/files/snapshots/ossec-hids-071006.tar.gz
Compile it!
======
You must go into the src/ directory and type "make setprelude". Then
you can go back to the sources root and run the "install.sh" script.
Since this is beta, that's how you should do it, things will be easier
for the official release (simple question such as "do you want to
enable prelude support ?").
Install it!
=====
It is installed just like a regular sensor (intructions ->
https://trac.prelude-ids.org/wiki/RegisteringASensor).
Two *important* things to keep in mind :
* When performing registration, the "Ossec" group and user must be
registered instead of root, since Prelude code runs as part of the
analysis section of the Ossec program. And Ossec runs this code under
both ossec user and group.
* In the configuration file "ossec.conf", you should add the following
line in the <global> section :
<prelude_output>yes</prelude_output>
Issues
====
IDMEF Messages are not as full as I would like them to be, this is
because I live in Paris, which is a very fun city to be in, and there
are a lot outdoors activities that I do here. I promise to reduce my
social activities to have something more exhaustive.
Thanks
====
I would like to thank Yoann Vandoorselaere for his intensive work on
the Prelude project and I would like to thank Daniel B. Cid for his
rapid feedback to my existential questions over is data structure.
More information about the Prelude-devel
mailing list