Archive for the tag 'Source'

Downloading and using kernel source on Ubuntu

There may come a time when you need the kernel source code, usually to build kernel headers, compile a module etc. To work with the kernel source once you have it, you’ll want some development tools installed on your server.

sudo aptitude update
sudo aptitude install build-essential

To check the version right on the server. Just run:

root@laptop:~# uname -r
2.6.28-11-generic

Searching for kernel source.

# apt-cache search linux-source
linux-ports-source-2.6.28 - Linux kernel source for version 2.6.28 with Ubuntu patches
linux-source - Linux kernel source with Ubuntu patches
linux-source-2.6.28 - Linux kernel source for version 2.6.28 with Ubuntu patches

OSSEC Open Source Host-based Intrusion Detection System.

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. A list with all supported platforms is available http://www.ossec.net/main/supported-systems

Download http://www.ossec.net/files/ossec-hids-latest.tar.gz

If you have one system to monitor, you can install the OSSEC HIDS locally on that box and do everything from there.

However, if you are administering a few systems, you can select one to be your OSSEC server and the others to be OSSEC agents, forwarding events to the server for analysis. One of the greatest benefits of the OSSEC HIDS is its scalability, allowing you to monitor multiple systems from a central point.

# wget http://www.ossec.net/files/ossec-hids-latest.tar.gz

The best option is to select one of your machines to be the OSSEC server and perform the “server” installation on it. Then, choose the “agent” installation for the others.

Your IDS and rootkit rules will be just in one box, making it much easier to administer and configure.

Please make sure that you understand the type of installation you are choosing (manager, agent, local, etc) and are also aware of the order (always install the manager first).

Extract the compressed package and run the “./install.sh” script (It will guide you through the installation).

# tar -zxvf ossec-hids-*.tar.gz (or gunzip -d; tar -xvf)
# cd ossec-hids-*
# ./install.sh

Remember to open the port 1514 (UDP) if there is a firewall between the server and the agents (if you didn’t choose the local installation).

Start the OSSEC HIDS.

# /var/ossec/bin/ossec-control start