Supported systems
OSSEC supports the following operating systems and log formats:
Operating systems
The following operating systems are supported by the OSSEC agent:
* GNU/Linux (all distributions, including RHEL, Ubuntu, Slackware,
Debian, etc)
* Windows XP,2000,2003,Vista,2008
* VMWare ESX 3.0,3.5 (including CIS checks)
* FreeBSD (all versions)
* OpenBSD (all versions)
* NetBSD (all versions)
* Solaris 2.7,2.8,2.9 and 10
* AIX 5.3 and 5.3
* HP-UX 10, 11, 11i
* MacOSX 10
Devices support via Syslog
These systems/devices are also supported via remote syslog:
* Cisco PIX, ASA and FWSM (all versions)
* Cisco IOS routers (all versions)
* Juniper Netscreen (all versions)
* SonicWall firewall (all versions)
* Checkpoint firewall (all versions)
* Cisco IOS IDS/IPS module (all versions)
* Sourcefire (Snort) IDS/IPS (all versions)
* Dragon NIDS (all versions)
* Checkpoint Smart Defense (all versions)
* McAfee VirusScan Enterprise (v8 and v8.5)
* Bluecoat proxy (all versions)
* Cisco VPN concentrators (all versions)
Agentless
Using OSSEC agentless options, the following systems are also supported
(for log analysis and file integrity checking):
* Cisco PIX, ASA and FWSM (all versions)
* Cisco IOS routers (all versions)
* Juniper Netscreen (all versions)
* SonicWall firewall (all versions)
* Checkpoint firewall (all versions)
* All operating systems specified in the "operating systems" section
Database monitoring
Database monitoring is available for the following systems:
* MySQL (all versions)
* PostgreSQL (all versions)
* Oracle, MSSQL (to be available soon)
Individual log formats and application support
* Unix-only:
o Unix Pam
o sshd (OpenSSH)
o Solaris telnetd
o Samba
o Su
o Sudo
o Xinetd
o Adduser/deluser/etc
o Cron/Crontab
o Solaris BSM Auditing
o Dpkg (Debian package) logs
o Yum logs
* FTP servers:
o Proftpd
o Pure-ftpd
o vsftpd
o wu-ftpd
o Microsoft FTP server
o Solaris ftpd
o Mac OS FTP server
* Mail servers:
o Imapd and pop3d
o Postfix
o Sendmail
o vpopmail
o Microsoft Exchange
o Courier imapd/pop3d/pop3-ssl
o vm-pop3d
o SMF-SAV (Sendmail Sender Address Validator)
o Procmail
o Mailscanner
* Web servers:
o Apache web server (access log and error log)
o IIS 5/6 web server (NSCA and W3C extended)
o Zeus web server
* Web applications:
o Horde imp
o Modsecurity
* Firewalls:
o Iptables firewall
o Shorewall (iptables-based) firewall
o Solaris ipfilter firewall
o AIX ipsec/firewall
o Netscreen firewall
o Windows firewall
o Cisco PIX/ASA/FWSM
o SonicWall firewall
o Checkpoint firewall
* Databases:
o MySQL
o PostgreSQL
* NIDS:
o Cisco IOS IDS/IPS module
o Snort IDS (snort full, snort fast and snort syslog)
o Dragon NIDS
o Checkpoint Smart defense
* Security tools:
o Symantec Anti Virus
o Symantec Web Security
o Nmap
o Arpwatch
o McAfee VirusScan Enterprise (v8 and v8.5)
* Others:
o Named (bind)
o Squid proxy
o Bluecoat proxy
o Cisco VPN Concentrator
o Cisco IOS routers
o Asterisk
o Vmware ESX
* Windows event logs (logins, logouts, audit information, etc)
* Windows Routing and Remote Access logs
* Generic unix authentiction (adduser, logins, etc)
--
=======================================
Jenny Cabrera Varona
Informático [Nodo Geominera Camagüey]
JID: jcvgnu...@jb.gmcmg.gms.minbas.cu
E-Mail: jcvgnu...@gmcmg.gms.minbas.cu
OS: GNU/Linux Ubuntu 10.04 Lucid Lynx
Teléfono: (53) (32) 27-21-08
=======================================
--
Este mensaje ha sido analizado por MailScanner del Nodo Geominera Camaguey
en busca de virus y otros contenidos peligrosos y se considera que está limpio.
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL:
<http://listas.jovenclub.cu/pipermail/gutl-l/attachments/20101018/53208088/attachment.htm>
______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
http://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l