They don't really overlap - OSSEC looks at many different system and application log formats, including SELinux.
Adding SELinux to the mix will give you an richer visibility into your systems; but even without SELinux OSSEC is still very powerful. Glad to help... A. ________________________________ From: T price <[email protected]> To: [email protected] Sent: Tue, March 16, 2010 7:19:48 PM Subject: Re: [ossec-list] ossec and selinux On Tue, Mar 16, 2010 at 2:15 PM, Alessandro Di Giuseppe <[email protected]> wrote: Hi Tim, > > >Having dabbled in SELinux configuration, and running OSSEC for several months >now here is my advice: >start with OSSEC first, as it is easier to implement and IMHO provides far >more visibility, and therefore value. So if this is the case, is there overlap between the two? Should I not consider SELinux or some other comparable technology? SELinux requires careful testing to make sure it wont break anything. Start gradually with "Permissive" mode (logging only - unlike the "Enforcing" which blocks stuff ) and carefully analyze your logs before considerring "Enforcing" mode. I also reccomend you use the "Targeted" policy which will only act on daemons it knows, whereas "Strict" will block anything it doesn't know. This might answer my question above but I just wanted to be clear, it seems that ossec will pick up on these logs and alert? And thanks for the URL's __________________________________________________________________ Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
