On Tue, Mar 26, 2019 at 9:08 PM <imthenacho...@gmail.com> wrote: > > Fail2ban can monitor application logs, like Apache, for potential intrusion > attempts and block the offending IPs. >
Yeah, and OSSEC can do that too. > So basically keep PSAD, Fail2Ban, rkhunter and chkrootkit and just replace > AIDE with OSSEC. > > An reason you still prefer OSSEC over AIDE if it has more features? > I haven't looked into aide recently enough to remember why I preferred OSSEC. > On Monday, March 25, 2019 at 8:00:39 AM UTC-4, dan (ddpbsd) wrote: >> >> On Sat, Mar 23, 2019 at 8:24 AM <imthen...@gmail.com> wrote: >> > >> > Based on what I am reading, I would replace AIDE, PSAD, Fail2Ban, rkhunter >> > and chkrootkit with OSSEC. Is my understanding correct? >> > >> > And then, if I am using UFW, I would have to update OSSEC to ban IPs >> > through UFW instead of through iptables directly. >> > >> > So then all I would need is UFW, OSSEC, and ClamAV (for AV). >> > >> > Thoughts? >> > >> >> OSSEC does similar things to aide. I prefer OSSEC, but aide does have >> some features OSSEC does not (more hash algorithms). >> OSSEC does not monitor the network, so probably can't replace psad. >> Depending on the logs psad produces, you might be able to read them >> with OSSEC. >> I don't know of any features fail2ban has that OSSEC doesn't, but I >> also haven't looked into it very much. >> rkhunter and chkrootkit probably have newer/more up to date databases >> than OSSEC does. >> >> If you're using ufw, you will have to update the scripts. I don't see >> any ufw mentions in the current scripts with a quick grep. >> Updates to the script to support ufw might be useful for the entire >> project too (possible easy contribution). >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.