Archive for March, 2011

Ossec HIDS – How cool is it?

Since I have been using Ossec on production systems for the last year or so, I would say it’s pretty good stuff – why is that?

I happen to like that Ossec has some awesome capabilities, some of which I already had solutions for, but since this app is pretty slick and all inclusive, I decided to switch over to using Ossec for said tasks. One thing to like about it, is that the daemon watches the system for file changes, in very similar fashion to tripwire, etc.

It can watch your SSH port and shun violators that try and brute force your system for weak passwords(you shouldn’t allow root to login remotely anyways :P).

It also watches the messages file, and alerts you when bad stuff has happened, like segfaults…..gosh….I wish I had a better example right about now 🙂

Another cool thing, which you probably won’t or shouldn’t see very often, is that it alerts you when the Ossec Daemon has been started – this should only happen if you restart your system, or make changes to the daemon and explicitly tell it to HUP(hang up sucka, minus the sucka part).

Well, that was a quick example of the coolness that Ossec is – for me, I was a little bit hesitant to use Ossec on my systems, just cause it comes from a large company, and isn’t just an open source project. At the end of the day though, it works pretty well and I am happy with its abilities!

Categories: TechBlog

Ubuntu Landscape – First impression

Decided to try out the Landscape service from Ubuntu, as I guess the constant MOTD spam finally caught my eye (thanks marketing folks at Ubuntu). Basically, this service is geared for shops that are interested in a central portal for supporting their Ubuntu systems, as it will graph performance, poll/display system hardware, display processes and users, software updates, scripts that can be run on multiple machines under Landscapes control, etc.

So far, it’s been quick and painless to get the service started and running on a single system, and it’s a 30-day trial, so it will give you a taste of what it’s all about. Essentially, all you need to do is a simple “apt-get update” and then a “apt-get install landscape-client”, and then configure landscape via a “landscape-config” from the command line; of course, you will need to be king of the universe, or sudo to root for these commands to be a success.

I will report back when then trial is over, but for the company that needs management and support for their systems, and has a budget for such items, this maybe a service that would be of value-add. In a month, I will report back on my overall impression of the service.

Thanks for reading, and come back in 30 days for the final review.

Categories: TechBlog