Author Topic: OSSEC & ebox - Do they play nice together??  (Read 2296 times)

3rods

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
OSSEC & ebox - Do they play nice together??
« on: August 06, 2008, 04:39:32 am »
I was wondering if anyone has installed OSSEC with ebox. I've used OSSEC before and I'd like to install it on the same box as ebox, but since it modifies the iptables in real-time, it might mess up ebox's firewall. I like ebox's firewall, it reminds me a lot of cisco routers, but I like OSSEC's active protection and intrusion detection notifications too. 

http://www.ossec.net/

Check it out if you don't know about it - it's pretty good, open source and free.

OSSEC also is working on a web interface in php, maybe the ebox team could integrate it into the ebox interface and add intrusion detection to the list of features with a small effort..?  :-\

A cut from the front page:
Quote
SSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response.

It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

It runs limited in Windows.

javi

  • Zen Hero
  • *****
  • Posts: 1042
  • Karma: +0/-0
    • View Profile
Re: OSSEC & ebox - Do they play nice together??
« Reply #1 on: August 13, 2008, 04:21:29 pm »
Thanks for letting us know. We had thought about using Snort as a IDS for eBox.