Using OSSEC for HIPS solution

OSSEC is a Host-based Intrusion Detection System (HIDS) however when using it with iptables I have been able to make it work like a Host-based Intrusion Prevention System (HIPS). A foreign address can scan my server and the OSSEC software will detect it and place the ip address into the iptables for a period of time. When no more scan activity is present the iptables will drop the ip address from the table and will allow that foreign host to communicate to the server. I like this method however you have to be careful not to promote your own denial of service with this.

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows. A list with all supported platforms is available here

Download