Automated detection and response to attacks


One of the biggest problems with security is the amount of setup effort and continuous maintenance it often requires. OSSEC provides a degree of assurance and active protection with a minimal setup cost and little maintenance. OSSEC is lacking in a few features I would really love to see (like telling me what changed within a file as opposed to just telling me that the file has changed) and lacks some ease of use features (like mass configuration and change management), but weighed against the simplicity of setup and management I think it's still worth it.


  1. "Dive Deep" by Heike Jurzik, Linux Pro Magazine, April 2008,
  2. OSSEC:
  3. Tripwire:

The Author

Kurt Seifried is an Information Security Consultant specializing in Linux and networks since 1996. He often wonders how it is that technology works on a large scale but often fails on a small scale.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus

Direct Download

Read full article as PDF:

058-059_kurt.pdf  (199.03 kB)