Speaker
David Crooks
(University of Glasgow (GB))
Description
OSSEC, the popular HIDS (Host Intrusion Detection System), has been widely used for a number of years. More recently, tools like Elasticsearch, Logstash and Kibana (ELK) have become popular in visualising and working with data such as that aggregated by OSSEC. We report on a recent implementation of OSSEC, coupled to an ELK instance, at the Glasgow
site of the UKI-SCOTGRID distributed Tier-2. In particular, we report on our experience of the installation and use of these tools in a puppet deployment context. We cover installation, additional utility scripts deployed as well as the configuration workflow. We broadly cover the specific Grid related rules that have been implemented thus far. This presentation is particularly relevant for sysadmins and security officers interested in a recent view of the installation of this software and our experience with it.
Author
David Crooks
(University of Glasgow (GB))
Co-authors
Prof.
David Britton
(University of Glasgow (GB))
Gang Qin
(University of Glasgow (GB))
Gareth Douglas Roy
(University of Glasgow (GB))
Dr
Gordon Stewart
(University of Glasgow)
Dr
Samuel Cadellin Skipsey
