Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: 3rods on August 06, 2008, 04:39:32 am

Title: OSSEC & ebox - Do they play nice together??
Post by: 3rods on August 06, 2008, 04:39:32 am

I was wondering if anyone has installed OSSEC with ebox. I've used OSSEC before and I'd like to install it on the same box as ebox, but since it modifies the iptables in real-time, it might mess up ebox's firewall. I like ebox's firewall, it reminds me a lot of cisco routers, but I like OSSEC's active protection and intrusion detection notifications too. 

http://www.ossec.net/ (http://www.ossec.net/)

Check it out if you don't know about it - it's pretty good, open source and free.

OSSEC also is working on a web interface in php, maybe the ebox team could integrate it into the ebox interface and add intrusion detection to the list of features with a small effort..?  :-\

A cut from the front page:

Quote

SSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response.

It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

It runs limited in Windows.

Title: Re: OSSEC & ebox - Do they play nice together??
Post by: javi on August 13, 2008, 04:21:29 pm

Thanks for letting us know. We had thought about using Snort as a IDS for eBox.