Author Archives

  • SCAP Hardening CentOS 6

    I just finished making my base Ansible role fully SCAP compliant (based on the DISA STIG I think). It doesn’t appear to have broken anything but I will need to test it thoroughly before I put it into production. I… Read More ›

  • Clamav and Centos 6: Part 2

    In part 1 I explained the core clamav subsystems. In this part I will show my clamav configuration for CentOS 6. I choose a simple approach. The clamav applications run via cron jobs at scheduled times, once daily. None run… Read More ›

  • nxlog on CentOS 6.5: A Review

    I want to implement a modern logging architecture using JSON structured data and elasticsearch. Ye Olde Syslog is not good enough. The version of rsyslog that comes as default on CentOS is old and lacks the functionality I need. My… Read More ›

  • Micro-daemons with ØMQ and node.js

    My recent attempt to implement an IT logging architecture was frustrating so I decided to experiment with some ideas of my own.  I want an architecture that is flexible and efficient. It should support the features I want such as… Read More ›

  • A Few Notes on Logstash

    Logstash is a popular logging component so I have been experimenting with it. Its primary role in a logging architecture is message translator. It works like this: it receives a log message from an input source, translates the message from… Read More ›

  • OSSEC and the IT Logging Architecture

    As much as I like the features of OSSEC I am struggling to make it part of my logging architecture. Modern logging tools such logstash and graylog2 are modular. You can combine them with other components in a variety of… Read More ›

  • Initial Thoughts on OSSEC

    OSSEC is a type of security application called a “host based intrusion detection system” (HIDS). It provides the following features: File integrity checking like aide and TripWire rootkit detection log analysis and alerting limited remediation It uses a client/server architecture… Read More ›