LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
Save up to 30% on Elsevier print and eBooks with free shipping. No promo code needed.
Save up to 30% on print and eBooks.
This book will walk the reader through the process of preparing and deploying open source host integrity monitoring software, specifically, Osiris and Samhain. From the… Read more
LIMITED OFFER
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
Syngress Acknowledgments
Author
Technical Editor
Technical Reviewer
Foreword Contributor
Author Acknowledgments
Foreword
Preface
Chapter 1: Host Integrity
Introduction to Host Integrity
Introducing Host Integrity Monitoring
Arguments against Integrity Monitoring
Arguments for Integrity Monitoring
Summary
Solutions Fast Track
Chapter 2: Understanding the Terrain
Introduction
Users and Groups
Files and File Systems
The Kernel
Libraries and Frameworks
Runtime
Networking
Nonvolatile Memory
Summary
Solutions Fast Track
Chapter 3: Understanding Threats
Introduction
Malicious Software
Internal Threats
Rootkits
A Tour of Successful Worms
Circumventing Host Integrity Monitoring
Summary
Solutions Fast Track
Chapter 4: Planning
Introduction
Understanding the Big Picture
Understanding Roles: The Bank Analogy
Planning Principles
Requirements
Planning a Management Console
Summary
Solutions Fast Track
Chapter 5: Host Integrity Monitoring with Open Source Tools
Introduction
Osiris
Samhain
Summary
Solutions Fast Track
Chapter 6: Osiris
Introduction
Configuring and Building Osiris
Additional Deployment Considerations
Establishing a Management Console
Command-Line Interface
Scan Agents
Administering Osiris
Summary
Solutions Fast Track
Chapter 7: Samhain
Introduction
Features and Constraints
Deploying Samhain Stand-Alone
Deploying Samhain with Centralized Management
Using Beltane: The Web-Based Console
Summary
Solutions Fast Track
Chapter 8: Log Monitoring and Response
Introduction
Log Monitoring
Incident Response
Summary
Solutions Fast Track
Chapter 9: Advanced Strategies
Introduction
Performing SUID/SGID Security Audits
Conducting Unscheduled Scans
Looking for Rogue Executables
Testing and Verification
Prebinding and Prelinking
Summary
Solutions Fast Track
Appendix A: Monitoring Linksys Devices
Appendix B: Extending Osiris and Samhain with Modules
Appendix C: Additional Resources
Index