Getting started
Install open-source software from source to focus on Zero Trust Network principles, enhancing security for existing applications, and deploying tools for threat detection and prevention.
DISCLAIMER
It is understood that this documentation, and any configurations may contain errors and are provided for education purposes only. The documentation, and any configurations are provided "as is" without warranty of any kind, whether express, implied, statutory, or otherwise.
Introduction
In this project, we'll harness OSSEC's active response feature to execute commands on an agent in response to specific triggers. These triggers include alerts from Snort, PSAD, Fail2ban and ClamAV, effectively broadening OSSEC's active response capabilities. Furthermore, all alerts will be collected by Fluentd and transmitted to OpenSearch, streamlining data analysis. Additionally, the integration of WireGuard will bolster communication security throughout this process. Greenbone Vulnerability Manager will be used to identify any security risks to the process, ensuring comprehensive risk management.
Credits
| Role | Names |
|---|---|
| Authors: | Fredrik Hilmersson @libellux |
| Contributors: | Damir Kucic @dkucic, Scott Shinn @atomicturtle |
| Reviewers: | Scott Shinn @atomicturtle, Cornelius Kölbel @cornelinux, Adam Hilmersson @cnsta, Björn Ricks @bjoernricks |
| Supporters: | HyperQube, Atomi Systems, Mullvad VPN, JetBrains, Better Stack |
Table of contents
PART 1: ZERO TRUST NETWORK
PART 2: INTRUSTION DETECTION AND PREVENTION
- 2.0: Greenbone Vulnerability Manager
- 2.1: OSSEC Host Intrusion Detection
- 2.2: ClamAV Anti-virus Engine
- 2.3: Snort Network Intrusion Detection
- 2.4: PSAD Port Scan Attack Detector
- 2.5: Fail2ban Intrusion Prevention TBA
- 2.6: Suricata Intrusion Detection System TBA
PART 3: MANAGEMENT
- 3.0: OpenSearch TBA
- 3.1: Ansible TBA
- 3.2: Monit System Monitoring TBA
Feedback
Questions, comments, or problems regarding this service? Create an issue here or contact webmaster@libellux.com.
Team
