2

I noticed that the 2.8.1 rules have wordpress and other products listed, but no Drupal rules. Is its safe to assume OSSEC, acting like an IPS in active mode, is just not going to block any Drupal specific attacks? I understand there are generic rules in OSSEC that might stop a generic attack (sql injection I suppose) but I'm really looking for something that'll play nice with Drupal. Is OSSEC the right solution here? After the last major Drupal exploit, I've been thinking of having an IPS on all my LAMP servers. They are all on the cloud as VPS's so they can't sit behind my office's Sonicwall doing IDS/IPS like my other servers do.

  • Where do you find Wordpress Specific things on there site? all I could find (for drupal) was http://ossec-docs.readthedocs.org/en/latest/search.html?q=drupal&check_keywords=yes&area=default – LvB Apr 21 '15 at 15:58

1 Answers1

2

OSSEC is a host intrusion detection system and if you are running just a web server, then is not the best solution.

In my opinion you need a WAF (web application firewall). mod security with OWASP ruleset is a good choice. Of course you need to invest time to configure it, but is less complicated than OSSEC. Also have hundreds of rules for all kind of CMS / blogs etc.

OSSEC is a good choice, if you give access to others to manage the system and you don't have a strict access control for ssh/ftp/sftp/etc.

If you take in consideration to use a WAF, I suggest you to also install fail2ban (fail2ban integration with Drupal: https://www.drupal.org/project/fail2ban).

Sacx
  • 684
  • 5
  • 12