What is OSSEC and is it something we should use?

Aug 19, 2008
Please remember that I'm the guy who tries to stay out of the guts of Linux as much as possible, so a lot of you will be more qualified to comment on this than I, but since nobody else has raised this here yet I thought I would.

There is a new distribution out called FonicaPABX, which I will not generally comment on other than to point out that if you look at their FonicaPABX-Install wiki page and scroll all the way to the bottom, they say this:
Install OSSEC

Ossec in the words of their own website http://www.ossec.net/ is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

The install script will ask you a number of questions. Suggested answers are shown below .....
And after that there are some clear installation instructions for this that look like they might also be applicable to other FreePBX-based distributions, though I don't know that for a fact. What I really found interesting was this:
Once installed, there is a module that you can install in FreePBX which will give you an overview of what is going on. It can be found here FreePBX_Module:_OSSEC
The obvious questions:

It this something we could install under Elastix?

Is this something we SHOULD install under Elastix?

Is this more or less secure than using fail2ban?

If you already have fail2ban installed, would there be any conflict if you also installed this? (Can both run concurrently, or should you pick one or the other but not both?)

Just thought I'd throw this out and see what you security-conscious guys think - the fact that there is a FreePBX module for it could potentially be a big plus, if there are no other impediments to using it with Elastix, or reasons not to use it (however the page for the module basically says that it's intended for use with their distribution, so I don't know if there would be any compatibility issues).
Aug 8, 2008
Interesting but I think you will have to use the build system and not a package from them. Just took a very quick look so don't consider it ruled out. This could be a very nice find.


Members online

No members online now.

Latest posts

Forum statistics

Latest member