Monitor in Real-Time with OSSEC | See What’s Taking Place in Your Server

Рет қаралды 21,476

Күн бұрын

In part 6 of this Blue Team training series from ‪@HackerSploit‬, we'll cover Intrusion detection with OSSEC. OSSEC is an open-source, host-based intrusion detection system (HIDS) that performs log analysis, integrity checking, rootkit detection, time-based alerting, and active response, making it an ideal choice for server monitoring.
Check out the entire Blue Team Series here → • Hackersploit Linux Sec...
Chapters:
0:00 Introduction
0:41 What We’ll Be Covering
1:47 Prerequisites
1:54 Introduction to OSSEC
4:18 OSSEC Features
5:00 How OSSEC Works
5:35 About Our Lab Environment
6:30 Practical Demo
6:42 Where to Download OSSEC
8:36 Install OSSEC
14:00 Install lsystemd
15:37 Install and Connect Agent and Server
16:11 Install the Web UI
19:55 Start the Web UI
23:23 Install OSSEC on Windows
26:18 Running OSSEC For the First Time
29:30 Verify the Windows Agent is Running
30:52 Simulate Malicious Events
38:08 Review the Log Files
39:55 Conclusion
New to Cloud Computing? Get started here with a $100 credit → www.linode.com/linodetube
Watch Hackersploit's Red Team series here → • Adversary Emulation wi...
Learn more about using OSSEC → www.linode.com/products/
Subscribe to get notified of new episodes as they come out → kzfaq.info?sub_co...
#hackersploit #blueteam #cybersecurity
Product: Blue Team, OSSEC, Intrusion Detection; @HackerSploit

Пікірлер: 29

@mirzangus76 Жыл бұрын

what os you using? can ubuntu 20.04 run ossec 3.7.0?

@oscpjourney541 Жыл бұрын

You said the command will provided, where they are ?

@multitrackdriftu 9 ай бұрын

I have OSSEC installed on two Fedora VMs, they are both running and communicating, but the web UI doesn't seem to be detecting anything. Not the agent, not any events, etc. I followed the instructions you provided here as best I could (some things are a bit different due to using Fedora). Do you have any suggestions or insight as to why this could be happening?

@aakashtripathi3735 7 ай бұрын

Same Issue , Did you find a solution ?

@salsaamaliaputri-saphire-u7764 7 ай бұрын

do you use wui from ossec ? or grafana?

@aakashtripathi3735 7 ай бұрын

@@salsaamaliaputri-saphire-u7764 ossec-wui, I did find a solution though. Apparently the archaic ossec-wui code is not supported by the latest php version. I installed an older version of php and now the wui works

@mangeshch9848 5 ай бұрын

Same issue 😢

@LeThuHuyen-kx8pc 9 ай бұрын

I have an assignment project about osec, can you give me the documents

@salsaamaliaputri-saphire-u7764 5 ай бұрын

my ossec server can not block ssh brute force, what should i configure to make the system blocks the attack?

@smika710 4 ай бұрын

ssh tar? pit

@salsaamaliaputri-saphire-u7764 3 ай бұрын

i dont get it, can you explain a bit more please?@@smika710

@hanahany3653 9 ай бұрын

Where are the commands used in this video??

@sandeepsinghsethi15 8 ай бұрын

All the commands are just included in the docs of ossec and nothing else is needed

@ShivanshMishra1602 2 ай бұрын

What password did you entered at 16:04

@y2kenh Жыл бұрын

how are you clearing the screen without typing 'clear'?

@AkamaiDeveloper Жыл бұрын

Control + L acts as a shortcut for 'clear' (just learned this myself!)

@sandeepsinghsethi15 8 ай бұрын

@@AkamaiDeveloperunless he is not using tmux 😂

@salsaamaliaputri-saphire-u7764 9 ай бұрын

can someone please tell me how to decide our IP Address for new agent? as shown at 27:22

@AkamaiDeveloper 9 ай бұрын

You will use the IP address of the system being monitored by the agent you have installed. Whereas a client would make requests of a server, the agent sends data back to the server to which it reports. This would be confirmed within your Window's Network & Internet settings

@salsaamaliaputri-saphire-u7764 9 ай бұрын

@@AkamaiDeveloper thanks in advance, ive a problem with ossec web interface it doesnt show anything on its page just the header, what should i do to make the web interface shows our log activity like that 19:58?

@AkamaiDeveloper 9 ай бұрын

If the web ui is only showing the headers, it may be because you do not have the agent configured correctly. We suggest double checking your agent configurations. Additionally, you can ask your question on the OSSEC community forums since the folks there will have more direct experience with the service itself: forums.atomicorp.com/

@ri.n8807 2 ай бұрын

@@salsaamaliaputri-saphire-u7764 I'm having the same problem. Was wondering if you found a solution?

@SimonePGGG 9 ай бұрын

Cannot connect the server for update - oum update return ERROR: request returned HTTP error code 401 [Username/Password Invalid] - Yes the password and username are correct

@AkamaiDeveloper 9 ай бұрын

This issue was discussed in this OSSEC forum post: support.atomicorp.com/hc/en-us/articles/1260803840869-OSSEC-ERROR-request-returned-HTTP-error-code-401-Username-Password-Invalid Does the issue persist after you have attempted to reconfigure your username/password, and are you directly copy-pasting or attempting to manually enter your password?

@SimonePGGG 9 ай бұрын

@@AkamaiDeveloper Is the first thing I've read it doesn't work on my case

@SimonePGGG 9 ай бұрын

Just needed to wait maybe password sync takes a bit on their systems

@salsaamaliaputri-saphire-u7764 7 ай бұрын

are you using wui from ossec? is it still working? can you tell me how to install its wui correctly, my ossec wui doesnt shows anything