• Windows Server Hardware

IntroductionOSSEC is an open-source, host-based intrusion detection system (HIDS) that performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It’s the application to install on your server if you want to keep an eye on what’s happening inside it.OSSEC can be installed to monitor just the server it is installed on, which is a local installation in OSSEC’s parlance, or be installed as a server to monitor one or more agents. In this tutorial, you’ll learn how to install OSSEC to monitor the Fedora 21 or RHEL server it is installed on: a local OSSEC installation. PrerequisitesTo complete this tutorial you’ll need:. Fedora 21 Droplet that you’ve set up by following.This tutorial should be followed as a sudo non-root user. Step 1 — Installing Required PackagesIn this section, you’ll install some required packages.In particular, install bind-utils, gcc, make, and inotify-tools using the following command.

Sudo yum install -y bind-utils gcc make inotify-toolsbind-utils provides Domain Name System (DNS) utilities, gcc and make will be used by the OSSEC installer, and inotify-tools is needed by OSSEC for real-time notifications. Step 2 — Downloading and Verifying OSSECOSSEC is delivered as a compressed tarball. In this step, you’ll download it and its checksum file, which verifies that the tarball has not been tampered with.You can check the for the latest version. At the time of this writing, OSSEC 2.8.1 is the latest stable release.First, download the tarball. Wget -U ossec download the checksum file.

Wget -U ossec downloading both files, verify the md5sum of the compressed tarball. Md5sum -c ossec-hids-2.8.1-checksum.txtThe output should be: ossec-hids-2.8.1.tar.gz: OKmd5sum: WARNING: 1 line is improperly formattedFollow that by verifying the SHA1 checksum. Sha1sum -c ossec-hids-2.8.1-checksum.txtIts output should be: ossec-hids-2.8.1.tar.gz: OKsha1sum: WARNING: 1 line is improperly formattedIn each case, ignore the WARNING line. The OK line is what confirms that the file is good. Step 3 — Finding your SMTP ServerWhen setting up email notifications during OSSEC’s installation, OSSEC will ask for your SMTP server. In this step, we will figure out that information.To determine the correct SMTP server to use for your email service provider, you can use the dig command to query the provider’s mail exchanger (MX) resource records.

Enter the following command, replacing example.com with your email provider’s domain name: dig -t mx example.comThe output is made up of several sections, but we’re only interested in the ANSWER section, which contains one or more lines. At the end of each line is the SMTP server to use.For example, if you run the command using fastmail.com: dig -t mx fastmail.comThe valid SMTP servers for the provider will be at the end of each listing in the ANSWER section, which should read:;; ANSWER SECTION:fastmail.com. 3600 IN MX 10 in1-smtp.messagingengine.com.fastmail.com. 3600 IN MX 20 in2-smtp.messagingengine.com.In this example, you can use either in1-smtp.messagingengine.com. Or in2-smtp.messagingengine.com. As an SMTP server.Copy one of the SMTP servers from your email provider and save it to enter in the next step.

Be sure to include the. (period) at the end, too. Step 4 — Installing OSSECIn this step, we will install OSSEC.Before initiating installation, untar it using: tar xf ossec-hids-2.8.1.tar.gzIt will be unpacked into a directory called ossec-hids-2.8.1. Change into that directory. Cd ossec-hids-2.8.1Then start the installation. Sudo./install.shThroughout the setup process, you’ll be prompted to provide some input.

In most of those cases, all you’ll need to do is press ENTER to accept the default value.You’ll first be prompted to select the installation language. By default, it is English (en), so press ENTER if that’s your preferred language. Otherwise, type in the 2 letters from the list of supported languages.

Then press ENTER again to start the installation.Question 1 will ask what kind of installation you want. Here, enter local. 1- What kind of installation do you want (server, agent, local, hybrid or help)? LocalFor all of the following questions, press ENTER to accept the default.

Question 3.1 will additionally prompt you for your email address and then ask for your SMTP server ip/host. Here, enter your email address and the SMTP server you saved from Step 3.If installation is successful, at the end, you should see this output: - Configuration finished properly.More information can be found at Press ENTER to finish (maybe more information below).Press ENTER to finish the installation. Step 5 — Verifying OSSEC’s Email SettingsHere we are going to verify that the email credentials specified in the previous step and the one that OSSEC auto-configured are correct.The email settings are in OSSEC’s main configuration file, ossec.conf, which is in the /var/ossec/etc directory. To access and modify any OSSEC file, you first need to switch to the root user. Sudo suNow that you’re root, cd into the directory where OSSEC’s configuration file is. Cd /var/ossec/etcFirst, make a backup copy of that file. Cp ossec.conf ossec.conf.00Then open the original file.

Here, we use the nano text editor, but you can use any text editor you like. Nano ossec.confThe email settings are at the top of the file. Here are descriptions of the fields. is the email you gave during installation. Alerts will be sent to that email address. is where OSSEC’s alerts would appear to be coming from. Change that to a valid email address to reduce the odds of your emails being tagged as spam by your email provider’s SMTP server.

is the SMTP server you specified during setup.Note that and can be the same, and if you have your own email server on the same host as the OSSEC server you can change the setting to localhost.Here’s what that section will look like when you’re finished. Yes sammy@example.com mail.example.com. Sammy@example.comAfter modifying the email settings, save and close the file. Then start OSSEC. /var/ossec/bin/ossec-control startCheck your inbox for an email that says that OSSEC has started. If you receive an email from your OSSEC installation, then you know that future alerts will also reach your inbox. If you don’t, check your spam folder.

Step 6 — Adding AlertsBy default, OSSEC will issue alerts on file modifications and other activities on the server, but it will not alert on new file additions and also will not alert in real time — only after the scheduled system scan, which is 79200 seconds (or 22 hours) by default. In this section, we will add alerts on file additions in real time.First, open ossec.conf.

Now, you can truly define your approach with a toolkit more expansive than any previous title.Killstreaks have been redesigned, new game modes are being introduced, and a gun progression system evolves your weapons over time. The world stands on the brink, and Makarov is intent on bringing civilization to its knees.Modern Warfare 3 delivers a multiplayer experience that continues to raise the bar by focusing on fast-paced, gun-on-gun combat, along with innovative features that support and enhance a large variety of play-styles. Prepare yourself for a cinematic thrill-ride as only Call of Duty can deliver. Engage enemy forces in New York, Paris, Berlin and other attack sites across the globe. Iw5sp.exe windows 7. Its reception will ultimately depend on whether you're new to the series or coming back for one last encore.

Nano ossec.confThen scroll down to the section which begins with this text: 79200Just under the tag, add yes. 79200yesWhile you still have ossec.conf open, take a look at the list of system directories that OSSEC monitors, which is just under the last line you just modified. It should read: /etc,/usr/bin,/usr/sbin/bin,/sbinFor each list of directories, add the reportchanges='yes' and realtime='yes' options. After the modifications have been made, the section should read: /etc,/usr/bin,/usr/sbin/bin,/sbinAside from the default list of directories that OSSEC has been configured to monitor, you can also add any that you wish to monitor. For example, you can add monitoring for your home directory, /home/ sammy. To do that, add this new line right under other directory lines, substituting in your username: /home/ sammyNow save and close ossec.conf.The next file to modify is in the /var/ossec/rules directory, so move to that directory. Cd /var/ossec/rulesThe /var/ossec/rules directory contains many XML files, including ossecrules.xml, which contains OSSEC’s default rule definitions, and localrules.xml, which is where you can add custom rules.

Localrules.xml is the only file you should edit in this directory.In ossecrules.xml, the rule that fires when a file is added to a monitored directory is rule 554. By default, OSSEC does not send out alerts when that rule is triggered, so the task here is to change that behavior. Here’s what rule 554 looks like by default: ossecsyschecknewentryFile added to the system.syscheck,OSSEC does not send out an alert if a rule is set to level 0, so we will copy that rule to localrules.xml and modify it to trigger an alert. To do that, open localrules.xml. Nano localrules.xmlAdd the following at the end of the file, before the line with the tag. OssecsyschecknewentryFile added to the system.syscheck,Save and close the file.

Now, restart OSSEC to reload the files we edited. /var/ossec/bin/ossec-control restartYou should now be receiving alerts from OSSEC on monitored directories and log files. ConclusionNow you have a basic local OSSEC installation set up. There is a lot of further customization available, which you can explore in.For an idea on how to install OSSEC in a client-server or server-agent mode (instead of local mode), see.

Hi,Although technet.microsoft.com should be the better forum for server issues below is a guide on how to install a SSL certificate.Hope it helps.To install your newly acquired SSL certificate in IIS 7, first copy the file somewhere on the server and then follow these instructions:. Click on the Start menu, go to Administrative Tools, and click onInternet Information Services (IIS) Manager. Click on the name of the server in the Connections column on the left. Double-click onServer Certificates. In the Actions column on the right, click on Complete Certificate Request. Click the button with the three dots and select the server certificate that you received from the certificate authority.

If the certificate doesn't have a.cer file extension, select to view all types. Enter any friendly name you want so you can keep trackof the certificate on this server.

Windows Server Hardware

Click OK. If successful, you will see your newly installed certificate in the list. If you receive an error stating that the request or private key cannot be found, make sure you are using the correct certificate and that you are installing it to the same serverthat you generated the CSR on. If you are sure of those two things, you may just need to create a new Certificate Request and reissue/replace the certificate. Contact your certificate authority if you have problems with this.Bind the Certificate to a website.

In the Connections column on the left, expand the sites folder and click on the website that you want to bind the certificate to. Click onBindings. In the right column. Click on the Add. Button. Change the Type to https and then select the SSL certificate that you just installed.

ClickOK. You will now see the binding for port 443 listed. Click Close.Install any Intermediate CertificatesMost SSL providers issue server certificates off of an Intermediate certificate so you will need to install this Intermediate certificate to the server as well or your visitors will receive a. You can install each Intermediate certificate (sometimes there is more than one) using these instructions:. Download the intermediate certificate to a folder on the server. Double click the certificate to open the certificate details.

At the bottom of the General tab, click the Install Certificate button to start the certificate import wizard. ClickNext. Select Place all certificates in the following store and clickBrowse.

Check the Show physical stores checkbox, then expand theIntermediate Certification Authorities folder, select the Local Computer folder beneath it. Click Next, then Finish to finish installing the intermediate certificate.You may need to restart IIS so that it starts giving out the new certificate. You can verify that the certificate is installed correctly by visiting the site in your web browser using https instead of http.Links.Kind regards,Joel Xbox Ambassador MCC 2011 - Community Contributor MCTS: Small Business Server 2008 Remember to mark all helpful posts and answers.