HIDS
Definition
A Host-based Intrusion Detection System (HIDS) is a security solution that monitors and analyzes the internals of a computing system to detect suspicious activities and potential threats. Unlike network-based intrusion detection systems, HIDS focuses on individual hosts, examining system logs, file integrity, and process activity to identify anomalies. It provides detailed insights into unauthorized access attempts, policy violations, and malicious activities within the host environment.
Secure Settings Example
# Example configuration for OSSEC, a popular HIDS
ossec:
directories:
- path: /etc
frequency: 60
recurse: yes
check_all: yes
syscheck:
frequency: 3600
alert_new_files: yes
alert_modified_files: yes
rootcheck:
frequency: 7200
alert: yes
active-response:
enabled: yes
command: firewall-drop
location: local
Insecure Settings Example
# Example of a misconfigured HIDS setup
ossec:
directories:
- path: /etc
frequency: 0 # No regular checks
recurse: no # Does not check subdirectories
syscheck:
frequency: 0 # No file integrity checks
rootcheck:
frequency: 0 # No rootkit checks
active-response:
enabled: no # No active response to threats