Mar 23 – 27, 2015
Physics Department, Oxford University
Europe/London timezone

A recent view of OSSEC and Elasticsearch at Scotgrid Glasgow

Mar 24, 2015, 3:15 PM
25m
Martin Wood Lecture Theatre, Parks Road (Physics Department, Oxford University)

Martin Wood Lecture Theatre, Parks Road

Physics Department, Oxford University

Security & Networking Security and Networking

Speaker

David Crooks (University of Glasgow (GB))

Description

OSSEC, the popular HIDS (Host Intrusion Detection System), has been widely used for a number of years. More recently, tools like Elasticsearch, Logstash and Kibana (ELK) have become popular in visualising and working with data such as that aggregated by OSSEC. We report on a recent implementation of OSSEC, coupled to an ELK instance, at the Glasgow site of the UKI-SCOTGRID distributed Tier-2. In particular, we report on our experience of the installation and use of these tools in a puppet deployment context. We cover installation, additional utility scripts deployed as well as the configuration workflow. We broadly cover the specific Grid related rules that have been implemented thus far. This presentation is particularly relevant for sysadmins and security officers interested in a recent view of the installation of this software and our experience with it.

Primary author

David Crooks (University of Glasgow (GB))

Co-authors

Prof. David Britton (University of Glasgow (GB)) Gang Qin (University of Glasgow (GB)) Gareth Douglas Roy (University of Glasgow (GB)) Dr Gordon Stewart (University of Glasgow) Dr Samuel Cadellin Skipsey

Presentation materials