O'Reilly logo

Instant OSSEC Host-based Intrusion Detection by Brad Lhotsky

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Introducing active response (Intermediate)

A standout feature of OSSEC is its active response module. Active response allows commands to be executed based on the triggering of a rule. It provides these commands with network, user, and file information from the rules that tripped the active response. With the active response system, you can provide targeted protection to your network. Using this mechanism, it is possible to implement the functionality of the popular Fail2Ban SSH brute-force protection using OSSEC.

Getting ready

In order to implement active response, you will need to know how active response commands are called. The firewall-drop.sh script ships with OSSEC implementing the locking and logging feature, and also works on most Linux/BSD ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required