Actually, I have a very distinct need for an OSSEC server on Windows. I run
my own Iron, but all I have right now is a single Windows 2008 R2 server in
a colo facility. I do NOT have the cash to put a second machine in that
facility. Now, how the bloody hell am I supposed to run OSSEC on my Win2K3R2
machine without an OSSEC server??? How do I obtain an "authentication key"
without ever adding a second machine to that colo facility???
Have you considered running the OSSEC part in a virtual machine? I'm
testing mine in Parallels. If you use the server version of ubuntu, the
load imposed by a VM is relatively small (at least on OSX) if you have
multiple cores and a decent amount of ram. If you're concerned with
performance I'd suggest having the windows system and VM on an SSD, but
those are getting pretty cheap.
I don't care about keeping both versions in sync. Some places are a
windows-only shop, or have needs like mine (no ability to add a Linux server
of any kind). Windows is that other major market share out there, and you
cannot ASSume that everyone will have the wherewithal to add a Linux server
just to run a client app on a single Windows server.
You know, this is open source software, freely provided. Supporting
linux and windows versions of everything is not trivial. They are
providing an agent, and that itself isn't trivial.
I would like to secure my server. I just cannot afford a second server just
to do the authentication key part of it.
Is it the colo fees that are the problem? We're talking about linux
(free), and it can run on cheap hardware. If you're not going to put
much load on it, the hardware would run about $600. The server doesn't
have to be in a colo, either, you could run that pretty much anywhere
using dyndns and port mapping on a router.
Oh, well. The hope of having an effective and useful intrusion detection
system for my Windows server was fun while it lasted.
--
_______________________
bil hays
Infrastructure Manager
Computer Science, UNC CH
www.cs.unc.edu/~hays
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
