The Linux Ninja

The OSSEC team has announced the released of OSSEC v2.0. The new features include (quoted from the announcement):

• Compiled Rules – Per popular demand, we are introducing the capability in the product to be able to use pre-compiled rules written in “C”. Customers who felt that the XML format for writing rules was very limiting, can now use the strong programming capabilities of C.
• Agentless Monitoring – Lot of enterprises are faced with the requirement to monitor devices where there are restrictions on Agents to be installed either because of scalability requirements or due to the lack of the native operating system support. In version 2.0, Ossec customers can perform integrity checking and real time logs inspection on remote systems (such as Linux based devices, firewall devices such as PIX and routers etc).
• New Language Support – We added support for the Dutch language in the install
• New Log Rules Support – We added support for Yum logs and fixed/improved many of the other rules for different messages.
• New reporting tool – We added a new tool to create and help generate reports

OSSEC is a multiplatform, open-source Host Intrusion Detection System (HIDS) that I have used before and have been pleased with the results. I’d recommend at least testing it out to see if it meets your needs. The new features definitely make it even more appealing as a solution to help monitor the security of your systems and I’ll definitely be investigating ways to integrate it into my current setup.