ossec_rpm-225x225

Installing OSSEC from RPMs

When I first started playing around with OSSEC I downloaded the agent and server source packages then proceeded to install them by hand. This method was fine when I had a server and 1 or 2 agent systems, but for a large network of systems it is tedious and error prone. The OSSEC Project offers…

ossec-does-elasticsearch-225x225

OSSEC Log Management with Elasticsearch

Among the many useful features of OSSEC is its capability to send alerts to any system that can consume syslog data. This makes it easy to combine OSSEC with a number of 3rd party SIEMs to store, search and visualize security events. ¬†Splunk for OSSEC¬†is one such system that works on top of the Splunk…

dom-to-xml-225x225

XML Creation with DOM in Java

Awhile back I wrote a blog about parsing XML documents with the DOM facilities provided by Java. As it turns out you can use the same API to programmatically create an XML document. So I’ve dusted off the old XmlDomDocument class and added some methods that make it easy to build an XML document from…

hadoop-meets-ossec-225x225

Securing Hadoop with OSSEC

Hadoop has built-in security facilities such as kerberos user authentication, encrypted RPC between system nodes and file encryption. While these are important features, Hadoop clusters can benefit from host intrusion detection to round out the security picture. That’s where a system like OSSEC comes in. Find out how I’ve applied OSSEC to monitor and detect…

condition-variable-225x225

Condition Variable Class in C++

Condition variables are used in conjunction with mutexes by one thread to signal other threads that it has changed the state of a given variable. Synchronizing threads with the standard Pthreads functions is straightforward, but wrapping these calls in C++ classes makes them all the easier to use. In my last article I showed you…