Host Integrity Monitoring Using Osiris and Samhain

Book description

This book will walk the reader through the process of preparing and deploying open source host integrity monitoring software, specifically, Osiris and Samhain. From the configuration and installation to maintenance, testing, and fine-tuning, this book will cover everything needed to correctly deploy a centralized host integrity monitoring solution. The domain includes home networks on up to large-scale enterprise environments.

Throughout the book, realistic and practical configurations will be provided for common server and desktop platforms. By the end of the book, the reader will not only understand the strengths and limitations of host integrity tools, but also understand how to effectively make use of them in order to integrate them into a security policy.

* Brian Wotring is the creator of Osiris. He speaks and writes frequently on Osiris for major magazines, Web sites, and trade shows. And, the book can be prominently marketed from the Osiris Web site

* This is the first book published on host integrity monitoring, despite the widespread deployment of
Osiris and Samhain

* Host Integrity Monitoring is the only way to accurately determine if a malicious attacker has successfully compromised the security measures of your network

Table of contents

  1. Cover
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Syngress Acknowledgments
  6. Author
  7. Technical Editor
  8. Technical Reviewer
  9. Foreword Contributor
  10. Author Acknowledgments
  11. Foreword
  12. Preface
  13. Chapter 1: Host Integrity
    1. Introduction to Host Integrity
    2. Introducing Host Integrity Monitoring
    3. Arguments against Integrity Monitoring
    4. Arguments for Integrity Monitoring
    5. Summary
    6. Solutions Fast Track
  14. Chapter 2: Understanding the Terrain
    1. Introduction
    2. Users and Groups
    3. Files and File Systems
    4. The Kernel
    5. Libraries and Frameworks
    6. Runtime
    7. Networking
    8. Nonvolatile Memory
    9. Summary
    10. Solutions Fast Track
  15. Chapter 3: Understanding Threats
    1. Introduction
    2. Malicious Software
    3. Internal Threats
    4. Rootkits
    5. A Tour of Successful Worms
    6. Circumventing Host Integrity Monitoring
    7. Summary
    8. Solutions Fast Track
  16. Chapter 4: Planning
    1. Introduction
    2. Understanding the Big Picture
    3. Understanding Roles: The Bank Analogy
    4. Planning Principles
    5. Requirements
    6. Planning a Management Console
    7. Summary
    8. Solutions Fast Track
  17. Chapter 5: Host Integrity Monitoring with Open Source Tools
    1. Introduction
    2. Osiris
    3. Samhain
    4. Summary
    5. Solutions Fast Track
  18. Chapter 6: Osiris
    1. Introduction
    2. Configuring and Building Osiris
    3. Additional Deployment Considerations
    4. Establishing a Management Console
    5. Command-Line Interface
    6. Scan Agents
    7. Administering Osiris
    8. Summary
    9. Solutions Fast Track
  19. Chapter 7: Samhain
    1. Introduction
    2. Features and Constraints
    3. Deploying Samhain Stand-Alone
    4. Deploying Samhain with Centralized Management
    5. Using Beltane: The Web-Based Console
    6. Summary
    7. Solutions Fast Track
  20. Chapter 8: Log Monitoring and Response
    1. Introduction
    2. Log Monitoring
    3. Incident Response
    4. Summary
    5. Solutions Fast Track
  21. Chapter 9: Advanced Strategies
    1. Introduction
    2. Performing SUID/SGID Security Audits
    3. Conducting Unscheduled Scans
    4. Looking for Rogue Executables
    5. Testing and Verification
    6. Prebinding and Prelinking
    7. Summary
    8. Solutions Fast Track
  22. Appendix A: Monitoring Linksys Devices
  23. Appendix B: Extending Osiris and Samhain with Modules
  24. Appendix C: Additional Resources
  25. Index

Product information

  • Title: Host Integrity Monitoring Using Osiris and Samhain
  • Author(s): Brian Wotring
  • Release date: July 2005
  • Publisher(s): Syngress
  • ISBN: 9780080488943