← Back to blog
bpdubuntu
Advanced Security with a Host-Based Intrusion Detection System (HIDS)
21 January 2026bpd · ubuntu
Detecting Unauthorized Changes on Your Server
Beyond blocking brute-force attacks, you need a way to know if your server’s files have been tampered with. The ‘Ubuntu System Administration Guide’ introduces the concept of a Host-Based Intrusion Detection System (HIDS) and provides a guide for setting up a popular open-source tool called OSSEC.
How a HIDS Works
A HIDS like OSSEC performs several key security functions:
- File Integrity Monitoring: It creates a baseline ‘checksum’ of important system files. It then periodically scans these files and alerts you if any of them have been modified, indicating a potential intrusion.
- Rootkit Detection: It scans the system for known rootkits, which are malicious tools designed to hide the presence of an attacker.
- Log Analysis: It analyzes system and application logs for suspicious activity and security events.
OSSEC operates on a server/agent model, allowing you to monitor a fleet of servers from a central management console.
This post is based from content of the book Ubuntu System adminstration guide. And the book can be found here https://www.amazon.com/stores/Mattias-Hemmingsson/author/B0FF5CQX13