OSSEC is an open source HIDS (Host-based Intrusion Detection System), and a pretty darn good one too. It also has a simple web front-end to view what’s going on, search through alerts and stuff like that (called OSSEC Web UI, I’ll just call it “WUI” here). Unfortunately the code is a bit outdated (the last official update was from 2008 as far as I can tell) and it doesn’t support newer features of OSSEC like polling data from a database. Something I’d like to tackle if I find the time 😉
The latest version of OSSEC is 2.6, and due to some small changes to the format of the logs WUI no longer works out-of-the-box. I had a look at the code this weekend and am providing patches and downloads of the files needed to change to get everything running again with OSSEC 2.6.
List of changes:
- Works with the OSSEC 2.6 alert log file format
- Changed Rule ID Link to better work with the new documentation wiki
- Added “user” field to alert output
- Widened the layout by a few pixels (to 1000px) and changed the CSS / alert layout to make the individual alerts better readable
- Moved some of the hardcoded formatting to CSS