Guide for OSSEC and integration with Slack

Hello fellow Stake Pool Operators,
I was wondering if you were interested in a guide that explains the implementation of OSSEC intrusion detection system on your nodes and integration with Slack push notifications.

For those of you who don’t know OSSEC, it’s the an open source and industry standard Intrusion Detection System, that keeps track of all the events in your system and sends notifications based on an alert level. It comes with a set of rules that can alert on rootkits, file modifications in watch folders, logins, sudo escalation… you name it. These rules can also be easily fine-tuned.

By default OSSEC sends mail notifications, but it can be configured to send push notifications through Slack instead. Among the advantages, there are two that I like: you get push notifications to every device where you installed slack, and you can create a private slack channel for each of your nodes and get separate notifications.

I just finished the setup for my nodes and it works very nicely. Before that I didn’t even notice that a bad guy is trying to attempt ssh logins with random names and ports and this required a change to my fail2ban

Let me know if you would be interested and where you think I should post this guide. I was thinking of my pool’s website, or but I would be happy to take your suggestions!

Happy staking and pool operations!