In weniger als einer Minute können Sie mit dem Lesen von Instant OSSEC Host-based Intrusion Detection auf Ihrem Kindle beginnen. Sie haben noch keinen Kindle? Hier kaufen oder mit einer unserer kostenlosen Kindle Lese-Apps sofort zu lesen anfangen.

An Ihren Kindle oder ein anderes Gerät senden


Kostenlos testen

Jetzt kostenlos reinlesen

An Ihren Kindle oder ein anderes Gerät senden

Der Artikel ist in folgender Variante leider nicht verfügbar
Keine Abbildung vorhanden für
Keine Abbildung vorhanden

Instant OSSEC Host-based Intrusion Detection [Kindle Edition]

Brad Lhotsky
4.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)

Kindle-Preis: EUR 17,89 Inkl. MwSt. und kostenloser drahtloser Lieferung über Amazon Whispernet

Kostenlose Kindle-Leseanwendung Jeder kann Kindle Bücher lesen  selbst ohne ein Kindle-Gerät  mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.

Geben Sie Ihre E-Mail-Adresse oder Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.

Weitere Ausgaben

Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 17,89  
Taschenbuch EUR 27,81  



In Detail

Security software is often expensive, restricting, burdensome, and noisy. OSSEC-HIDS was designed to avoid getting in your way and to allow you to take control of and extract real value from industry security requirements. OSSEC-HIDS is a comprehensive, robust solution to many common security problems faced in organizations of all sizes.

"Instant OSSEC-HIDS" is a practical guide to take you from beginner to power user through recipes designed based on real- world experiences. Recipes are designed to provide instant impact while containing enough detail to allow the reader to further explore the possibilities. Using real world examples, this book will take you from installing a simple, local OSSEC-HIDS service to commanding a network of servers running OSSEC-HIDS with customized checks, alerts, and automatic responses.

You will learn how to maximise the accuracy, effectiveness, and performance of OSSEC-HIDS’ analyser, file integrity monitor, and malware detection module. You will flip the table on security software and put OSSEC-HIDS to work validating its own alerts before escalating them. You will also learn how to write your own rules, decoders, and active responses. You will rest easy knowing your servers can protect themselves from most attacks while being intelligent enough to notify you when they need help!

You will learn how to use OSSEC-HIDS to save time, meet security requirements, provide insight into your network, and protect your assets.


Filled with practical, step-by-step instructions and clear explanations for the most important and useful tasks. A fast-paced, practical guide to OSSEC-HIDS that will help you solve host-based security problems.

Who this book is for

This book is great for anyone concerned about the security of their servers-whether you are a system administrator, programmer, or security analyst, this book will provide you with tips to better utilize OSSEC-HIDS. Whether you’re new to OSSEC-HIDS or a seasoned veteran, you’ll find something in this book you can apply today!

This book assumes some knowledge of basic security concepts and rudimentary scripting experience.

Über den Autor und weitere Mitwirkende

Brad Lhotsky

Brad Lhotsky started working with UNIX systems professionally in 1998 as a system administrator, database administrator, network engineer, programmer, and security administrator. He has been an active member of the OSSEC-HIDS community since 2004. He also currently administers one of the largest OSSEC-HIDS deployments in the world!


  • Format: Kindle Edition
  • Dateigröße: 595 KB
  • Seitenzahl der Print-Ausgabe: 62 Seiten
  • Verlag: Packt Publishing (22. August 2013)
  • Verkauf durch: Amazon Media EU S.à r.l.
  • Sprache: Englisch
  • ASIN: B00E7NC9K0
  • Text-to-Speech (Vorlesemodus): Aktiviert
  • X-Ray:
  • Word Wise: Nicht aktiviert
  • Durchschnittliche Kundenbewertung: 4.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)
  • Amazon Bestseller-Rang: #317.427 Bezahlt in Kindle-Shop (Siehe Top 100 Bezahlt in Kindle-Shop)

  •  Ist der Verkauf dieses Produkts für Sie nicht akzeptabel?

Mehr über den Autor

Entdecken Sie Bücher, lesen Sie über Autoren und mehr


5 Sterne
3 Sterne
2 Sterne
1 Sterne
4.0 von 5 Sternen
4.0 von 5 Sternen
Die hilfreichsten Kundenrezensionen
4.0 von 5 Sternen A very helpful quickstart guide and beyond 4. Oktober 2013
First of all I want to say that I'm thankful for the opportunity to review a free copy of this book. I will try to not get biased towards this book by this circumstance.

OSSEC HIDS is a host based intrusion detection system with 2 main differences to similar systems. OSSEC has a simple method of responding to detected intrusions (blocking offending hosts via local firewall or route configuration) and is a simple intrusion prevention system as well. Furthermore OSSEC uses a client-server model which does not only provide easy centralised configuration management but enables ossec to block offending hosts on all clients even when only one of them detects the intrusion attempt. While it is clearly a Linux / Unix tool, OSSECs client can run on Microsoft Windows hosts, too.

Like any IDS/IPS system OSSEC is no easily set up fire-and-forget solution but a complex system which needs know-how to implement and run it. A book of this size can not be a full manual but it is a very good quickstart guide. OSSEC has to be installed and configured before you can dive into creating your own decoders (how to get information out of your logfiles), rules (how to interpret the information you got) and how to deal with other functionality of OSSEC (like FIM, file integrity and file meta data checks like tripwire or aide, rootkit detection, and so on). When you start with OSSEC you don't want to deal with the installer or where to get new binary releases or how to connect clients to the server. This book gives you a way around these important but time consuming tasks and will give you a running OSSEC installation on a server and clients which will provide some security out of the box.
Lesen Sie weiter... ›
War diese Rezension für Sie hilfreich?
Die hilfreichsten Kundenrezensionen auf (beta) 4.4 von 5 Sternen  7 Rezensionen
5.0 von 5 Sternen ighly recommend to people who are starting in the area of information security 30. August 2013
Von Rafael Maita - Veröffentlicht auf
"Instant OSSEC Host-based Intrusion Detection System" is a book that consists of 11 items ranging from the Basic (or simple as the author calls it) to advanced. If this is your first encounter with the system OSSEC this book is for you. It is a super-fast lecture. Contains 62 pages (including front cover, index, credits, etc.). About 49 pages devoted to the system OSSEC.

Purchased your book you can download a compressed file which contains the examples used properly identified for each point of the book.
What I liked about this book is how the author describes the concepts and that goes straight to the key point. For each point the author refers to how technology works and how it should be implemented. Brad Lhotsky makes disclaimer that the book should not be taken as a guide step by step and I agree it should rather be taken as a guide to the world of OSSEC.
While OSSEC is multiplatform the author emphasizes the implementation in Linux distributions.

Some interesting points:
Configuring an OSSEC server
Writing your own rules
Detecting rootkits and anomalies
Introducing active response

At the end is a book I highly recommend to people who are starting in the area of information security or those network administrators who do not have extensive knowledge of security.

"Instant OSSEC Host-based Intrusion Detection System" es un libro que se compone de 11 puntos que van desde lo Básico (o simple como lo llama el autor) hasta lo avanzado.
Si es tu primer encuentro con el sistema OSSEC este libro es para ti, ya que es un libro de lectura súper rápida. Contiene un total de 62 páginas (incluyendo: portada, índice, créditos, etc). En total son unas 49 páginas dedicadas al sistema OSSEC.

Una vez Adquirido su libro usted podrá descargar un archivo comprimido el cual contiene los ejemplos utilizados debidamente identificados para cada punto.
Lo que me gusto de este libro es la forma del autor en que describe los conceptos y que va directo al punto clave. Dentro de cada punto el autor hace referencia en cómo trabaja la tecnología y como debería implementarse. Brad Lhotsky hace la aclaratoria que no debería tomarse el libro como una guía paso a paso y estoy de acuerdo más bien debería tomarse como una guía introductoria al mundo de OSSEC. Aunque el OSSEC es multiplataforma el autor hace hincapié en la implementación en distribuciones Linux.

Algunos puntos interesantes:
Configuring an OSSEC server
Writing your own rules
Detecting rootkits and anomalies
Introducing active response

A la final es un libro que recomiendo altamente a las personas que están empezando en el área de seguridad de la información o aquellos administradores de red que no cuenta con amplio conocimiento de seguridad
5.0 von 5 Sternen Excellent book for learning how to use OSSEC 1. Februar 2014
Von Vic Hargrave - Veröffentlicht auf
Brad's book "Instant OSSEC Host-based Intrusion Detection System" is a great place for new users of OSSEC to start with the process of understanding what OSSEC does and how to configure it. The book consists of a series of what I like to call "recipes" that ranges from basic information such as installing OSSE to advanced concepts like detecting rootkits and configuring active response - the OSSEC mechanism to take user defined actions to handle specific security events. Each recipe follows a consistent format that describes background information you need to know, how to do the particular recipe and even how each works.

I work with Brad on the OSSEC Project development team, so I'm no stranger to using OSSEC. But OSSEC has a lot of capabilities, not all of which I have used, so I found Brad's book very helpful in understanding some of the core functionality with which I had less experience. If you are an OSSEC beginner or like me, someone who is familiar with it but could use some help with more advanced features, then you'll want to have "Instant OSSEC Host-based Intrusion Detection System" right by your side at all times.
4.0 von 5 Sternen Left me wanting more 28. Januar 2014
Von J. Cassel - Veröffentlicht auf
Format:Kindle Edition|Verifizierter Kauf
The content is great. I would suggest anyone that is going to install or use OSSEC to start here. Like my title suggests though. This is just a starting point. There is a lot more to learn that this book will not give you just keep in mind this is a starting point. A really good starting point.
4.0 von 5 Sternen Great starting point to get you going 16. Oktober 2013
Von finux - Veröffentlicht auf
Format:Kindle Edition
This book is a great way to take your first steps into the world of Host-Based Intrusion Detection (HIDS) and OSSEC. It makes no assumptions about your knowledge - takes you through the terminology, reasoning behind the solution and the requirements to deploy it effectively. It also contains useful links to further your reading specific to your solution or operating system. As I had little knowledge of OSSEC or HIDS, it was exactly what I needed.

The book systematically takes the reader through the core offerings from OSSEC. Topics covered include rule writing, alerting, file integrity monitoring, monitoring using Operating System commands and rootkit detection and active response features.
It begins by describing in detail the OSSEC installation and follows with configuration examples for each of the aspects of a deployment; understanding and crafting your own rules; setting and tweaking alert levels; common deployment scenarios; automating the analysis of operating system commands; and bringing it all together.

The book contained some useful information and links for readers to pursue their own agenda including references. There were some areas where some additional background information may have proved helpful. One example was around where or why a user may wish to integrate OSSEC to an enterprise SIEM solution. Additionally, the Monitoring Command Output chapter made no mention of Microsoft OS commands; however, a quick search confirmed that does indeed seem to be supported.

The text identifies the potential pitfalls you may encounter and common mistakes, including those related to security, which people make when deploying HIDS, as well as leading the reader step-by-step through running and improving your deployment. Based on the content of the book, whilst there are a few minor areas which could improve what it offers to the OSSEC novice, it has certainly proved a valuable resource for a HIDS beginner.
4.0 von 5 Sternen For hands-on persons who are comfortable pushing the envelop using XML, regular expression, and shell scripts 15. Oktober 2013
Von JB Cheng - Veröffentlicht auf
Format:Kindle Edition
It tells you how to install OSSEC for both manager and agents, and how to generate agent keys so agents and talk to the manager securely. It uses examples to explain how OSSEC rules work, and illustrates step-by-step how you can write your own custom decoders/rules and test them to verify that they work as expected. It goes further to describe how you can fine tune alert levels so you are not flooded with too many alerts, as well as how you can channel OSSEC output to third party log management systems in several de-facto standard formats.

Another key feature of OSSEC, syscheck, is useful to perform integrity monitoring for files, directories, and Windows registry entries. Syscheck can also be extended to monitor the output of arbitrary commands by treating the output as log entries. A case-in-point is the implementation of OSSEC rootcheck, which utilizes the syscheck framework for rootkits detection. OSSEC ships with a default set of rootcheck rules; user extension is possible so you can be alerted with the newest threats.

Finally, OSSEC active response is one step toward Host-based Intrusion Prevention System by using alerts to trigger defensive actions such as blocking traffic from offending IP addresses automatically. This book concludes by giving a scripting example of verifying alerts with active response. It pulls everything together and unleashes the full potential of OSSEC. With the scripting capability of OSSEC active response feature, the possibilities are endless.
Waren diese Rezensionen hilfreich?   Wir wollen von Ihnen hören.
Kundenrezensionen suchen
Nur in den Rezensionen zu diesem Produkt suchen

Kunden diskutieren

Das Forum zu diesem Produkt
Diskussion Antworten Jüngster Beitrag
Noch keine Diskussionen

Fragen stellen, Meinungen austauschen, Einblicke gewinnen
Neue Diskussion starten
Erster Beitrag:
Eingabe des Log-ins

Kundendiskussionen durchsuchen
Alle Amazon-Diskussionen durchsuchen

Ähnliche Artikel finden