I currently use these on my at-home Linux server. - PSAD - http://www.cipherdyne.org/psad/ - iptables IPS - Fail2ban - https://www.fail2ban.org - application IPS - AIDE - https://aide.github.io/ - file integrity monitoring - Logwatch - https://sourceforge.net/projects/logwatch/ - log analysis system - rkhunter - http://rkhunter.sourceforge.net/ - root kit hunter - chkrootkit - http://www.chkrootkit.org/ - root kit hunter
I just discovered OSSEC. Based on its features, it sounds like I can replace all of the above with OSSEC. Is my understanding correct? And then, since I use UFW, I would have to update OSSEC's firewall script to ban/unban an IP through UFW? Then, after OSSEC all I would need is ClamAV for anti-virus? Do I got that right or am I misunderstanding? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
