[Get it solved] Install and configure OSSEC HIDS than write a rule to log...

Check Out Our Work & Get Yours Done

Submit Work

Download Sample

Enroll in the complete course for only $250 USD*

Order Now

Submit work Offers

Install and configure OSSEC HIDS than write a rule to log pings using the Internet Control Message Protocol (ICMP) protocol.

computer science

Description

Install and configure OSSEC HIDS than write a rule to log pings using the Internet Control Message Protocol (ICMP) protocol. Take a screenshot of everything associated with the rule you wrote and send it to me. Use Ubuntu 20.04 in VMware or VisualBox. Install the local version of OSSEC, not the agent or the server versions.
In other to understand ICMP, open a terminal and input ping and any IP address or website name. You will begin to see some output. It will not stop until you press ctrl c or z.

Write a rule that will log the pings of anybody, IP address, websites pinging my public IP address. That is the assignment.

Write rules and decoder for log_ip, icmp, ping and ping_flood.
This is what I started with

set log_ip true
set icmp true
set ping true
set ping_flood

I did not use log_ip or ping_flood.

I have done some part of it. Can you take a look at what I have done and correct it if I made any mistake. Also, please finish. It is not completed. I want a fully function rules and decoder that log ping using icmp protocol

This is the decoder I wrote for icmp ping

<program_name>ICMP</program_name>

<prematch>ping detected from</prematch>

<order>srcip</order>

</decoder>

I created a decoder file called icmplog_decoder.xml in /var/ossec/etc/

I tested it in /var/ossec/bin/ossec-logtest

Using: Nov 14 19:09:33 ICMP: ping detected from 10.20.30.1

This was the result:

Nov 14 19:03:25 ICMP: ping detected from 10.10.150.1

**Phase 1: Completed pre-decoding.

full event: 'Nov 14 19:03:25 ICMP: ping detected from 10.10.150.1'

hostname: 'chubbyfellow'

program_name: 'ICMP'

log: 'ping detected from 10.10.150.1'

**Phase 2: Completed decoding.

decoder: 'ICMP-ping'

srcip: '10.10.150.1'

**Phase 3: Completed filtering (rules).

Rule id: '199990'

Level: '6'

Description: 'ping detected from'

**Alert to be generated.

The decoder and rule I wrote worked.

This is my rule

Related Questions in computer science category

Business and IT decision makers are racing to leverage the cloud computing (Saas, Paas, laas) paradigm and delivery model

The "remove" option should actually remove the node. Use sequence numbering to identify the movie to remove, with the valid range of numbers in the prompt.

Cloud computing is a collection of individual technologies assignment help

Build a multiple page website that contain JavaScript features. In addition to these requirements (up to 30% off the grade if this requirement is not met).

Create your own simple Java application to generate X random Integer values between 0 and Y. Use command line arguments for entry of X and Y. Demonstrate your code compiles and runs without issue using screen captures as appropriate.

Game Time You have a little free time on your hands and decide to create a simple game. Utilize the design tools that you have learned this week to design and program a very simple game

ow to create an automated BPM solution. An automated BPM solution is represented by business rules and process elements. This solution integrates internal IT systems and collaborates with external entities as directed by the business rules. When a solutio

Stalk yourself or a family member

Data Gathering and Foot printing

Template This specification document is a companion document to the Assessment Guideline. The Excel template of the expected worksheets are available on the BISM7202 Blackboard site.

Get Higher Grades Now

Tutors Online

Description

Drop Files Here Or Click to Upload

Get Free Quote!

426 Experts Online

Get Instant Help with your Questions &
boost your grades

you can count us with it
Highly Satisfied Students 4.9/5
Based On 19835+ Reviews

Get Help Now

We Provide Services Across The Globe

Disclaimer: The reference papers or solutions provided by Calltutors.com serve as model papers or solutions for students or professionals and are not to be submitted as it is to any institutions. These documents are intended to be used for research and reference purposes only. University and company's logo's are the property of respected owners. We don't have affiliation with the mentioned universities. By using our services means, you agree to our Honor Code , Privacy Policy , Terms & Conditions , Payment , Refund & Cancellation Policy.

Enroll in the complete course for only $250 USD*

Install and configure OSSEC HIDS than write a rule to log pings using the Internet Control Message Protocol (ICMP) protocol.

computer science

Description

Get instant assignment help service

Related Questions in computer science category

Policy

Exploring

Other

Connect With Us

Get Instant Help with your Questions &
boost your grades

you can count us with it
Highly Satisfied Students 4.9/5
Based On 19835+ Reviews

We Provide Services Across The Globe

Enroll in the complete course for only $250 USD*

Install and configure OSSEC HIDS than write a rule to log pings using the Internet Control Message Protocol (ICMP) protocol.

computer science

Description

Get instant assignment help service

Related Questions in computer science category

Policy

Exploring

Other

Connect With Us

Get Instant Help with your Questions & boost your grades

you can count us with it Highly Satisfied Students 4.9/5 Based On 19835+ Reviews

We Provide Services Across The Globe

Get Instant Help with your Questions &
boost your grades

you can count us with it
Highly Satisfied Students 4.9/5
Based On 19835+ Reviews