- Instant OSSEC Host-based Intrusion Detection System
- Brad Lhotsky
- 124字
- 2021-08-13 16:28:01
How to do it...
Now that the server is ready, we'll have to double-check the remote namespace in the /var/ossec/etc/ossec.conf file:
- To configure the remote daemon and to communicate with them, we just need to make sure that we implement the following configuration:
<remote> <connection>secure</connection> <allowed-ips>192.168.0.0/23</allowed-ips> </remote> - Another key setting in server mode is the whitelist for active response. Set it up now as illustrated in the following configuration, even if you don't plan on utilizing the active response:
<global> <!—Our LAN --> <white_list>192.168.0.0/23</white_list> <!-- MS Exchange Server --> <white_list>1.2.3.4</white_list> </global>
- We will then verify and configure our e-mail settings as follows:
<global> <email_notification>yes</email_notification> <email_to>security.alerts@example.com</email_to> <smtp_server>localhost</smtp_server> <email_from>ossecm@server.example.com</email_from> </global> - We can then establish our basic e-mail and log thresholds as follows:
<alerts> <log_alert_level>1</log_alert_level> <email_alert_level>7</email_alert_level> </alerts> - Don't forget to restart the server for the changes to take effect:
$ sudo /var/ossec/bin/ossec-control restart
推薦閱讀
- 計(jì)算機(jī)網(wǎng)絡(luò)安全技術(shù)(第6版·慕課版)
- 網(wǎng)絡(luò)安全應(yīng)急管理與技術(shù)實(shí)踐
- 大型互聯(lián)網(wǎng)企業(yè)安全架構(gòu)
- 工業(yè)物聯(lián)網(wǎng)安全
- 同態(tài)密碼學(xué)原理及算法
- 局域網(wǎng)交換機(jī)安全
- 學(xué)電腦安全與病毒防范
- Web安全之深度學(xué)習(xí)實(shí)戰(zhàn)
- 網(wǎng)絡(luò)用戶行為的安全可信分析與控制
- INSTANT Apple Configurator How-to
- 網(wǎng)絡(luò)服務(wù)安全與監(jiān)控
- 云計(jì)算安全防護(hù)技術(shù)
- 云計(jì)算安全:關(guān)鍵技術(shù)、原理及應(yīng)用
- Securing Network Infrastructure
- 紅藍(lán)攻防:技術(shù)與策略(原書第3版)