When I first started playing around with OSSEC I downloaded the agent and server source packages then proceeded to install them by hand. This method was fine when I had a server and 1 or 2 agent systems, but for a large network of systems it is tedious and error prone.
The OSSEC Project offers RPM packages that can be installed with yum on RedHat derived Linux distributions. Using these packages and the ossec-authd system, you can script the installation of OSSEC and automatically register agents with the server.
Among the many useful features of OSSEC is its capability to send alerts to any system that can consume syslog data. This makes it easy to combine OSSEC with a number of 3rd party SIEMs to store, search and visualize security events. Splunk for OSSEC is one such system that works on top of the Splunk platform.
Splunk can be expensive though, particularly if you collect a lot of log data. So I’ve been working on a solution for collecting OSSEC security alerts based on Elasticsearch that provides a cost effective alternative to Splunk.
Awhile back I wrote a blog about parsing XML documents with the DOM facilities provided by Java. As it turns out you can use the same API to programmatically create an XML document.
So I’ve dusted off the old XmlDomDocument class and added some methods that make it easy to build an XML document from scratch.
Hadoop has built-in security facilities such as kerberos user authentication, encrypted RPC between system nodes and file encryption. While these are important features, Hadoop clusters can benefit from host intrusion detection to round out the security picture.
That’s where a system like OSSEC comes in. Find out how I’ve applied OSSEC to monitor and detect security events in Hadoop and HBase clusters.
Condition variables are used in conjunction with mutexes by one thread to signal other threads that it has changed the state of a given variable. Synchronizing threads with the standard Pthreads functions is straightforward, but wrapping these calls in C++ classes makes them all the easier to use.
In my last article I showed you how to build a Mutex class in C++. This time around I’ll use that class to develop a C++ wrapper for condition variables.