Custom, Free Security for Modern Infrastructure Pipelines: OSSEC HIDS With a Twist

iRonin IT Team - Experts in software development
tutorial, security, infrastructure, ossec, hids

The more cloud services grow in complexity, size and reach, the more security and automation need to be enforced. There are many different approaches to ensuring that systems stay safe from the harm of threats such as DDoS attacks and rootkits, like antivirus software and firewalls. It is also highly beneficial to implement a custom Intrusion Detection System, to monitor your network and systems for malicious activity and policy violations.

Traditionally, Network Intrusion Detection Systems (NIDS) were used for this particular purpose, which analyzed network traffic. However, this approach may not be suitable for current system environments with changing infrastructure and cloud services.

Host Intrusion Detection Systems, or HIDS, monitor within the host machine itself, monitoring things like privilege escalation, rootkits, logs, etc. These systems overcome the shortcomings associated with NIDS.

OSSEC (Open Source Host-Based Intrusion Detection System) is an HIDS that monitors a wide assortment of events types that may indicate an invasion and matches these events to rules that, in turn, generate warnings (which are sent to email, or IM, etc.) and trigger responses (such as denying a specific host, or stopping a given process, etc).

The issue with using OSSEC in its current state is that it has several serious limitations. These include the need for human interaction in answering prompts, manual restarts of processes, and clumsy authentication. However, the software is solid and if we can automate it and ensure its accountability, then it can be an excellent way to implement a free, custom HIDS.

We’ve managed to overcome the pain points of OSSEC, with some authentication help, tweaks to event triggering, and automation of key events like restarts.

We use only upstream OSSEC code, simple and open dependencies, and Ansible for our automation, to provide a workable solution that anyone can implement for their own systems.

If you would like to know how to automate and enhance OSSEC for use in your systems, then please download our eBook, Tutorial: Automating OSSEC HIDS Deployment on Modern Infrastructure Pipelines for Security at a Touch. We can also help to create custom security solutions for your networks - ask us how.

Author's Bio
iRonin IT Team

Experts in software development

We are a 100% remote team of software development experts, providing web & mobile application development and DevOps services for international clients.

Similar articles
Comments

Bulletproof your development with remote team augmentation

Read how
This page is best viewed in portrait mode
Our websites and web services use cookies. We use cookies and collected data to enhance your experience, provide additional communication channels, improve marketing materials and enhance our offer. IRONIN SP. Z O.O. SP. K. is committed to protecting all the data that we collect or process in any way, especially data of personal nature. By accepting these terms you agree to our usage of cookies and processing your data, according to our Privacy Policy, and you declare that your browser settings reflect your preferences. Read more You have the right to revoke this agreement at any time, based on the terms of our Privacy Policy. You can change cookies settings in your browser. If you do not agree with us using cookies and processing your data, please change your cookies settings in your web browser and reject these terms. You can find more information about cookies, your data privacy This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies. data processing, and your rights in our Privacy Policy.