Host-based intrusion detection system comparison: Difference between revisions

Browse history interactively ← Previous edit Next edit →Content deleted Content addedVisual WikitextInline

Revision as of 19:30, 29 September 2017 editIdumont (talk \| contribs)145 edits →Proprietary software ← Previous edit		Revision as of 14:27, 19 October 2017 edit undo98.6.18.132 (talk) OSSEC supports Debian based systemsNext edit →
Line 18:		Line 18:
	\| ]		\| ]
	\| 2017		\| 2017
	\| {{no}}		\| {{yes}}
	\| {{no}}		\| {{no}}
	\| {{yes}}		\| {{yes}}
Line 224:		Line 224:
	*		*
	*		*
			*

Revision as of 14:27, 19 October 2017

Comparison of Host-based intrusion detection system components and systems.

Free software

As per the Unix philosophy a good HIDS is composed of multiple packages each focusing on a specific aspect.

Package	Year	Ubuntu	CentOS	File	Network	Logs	Config	Sane defaults	Notes
OSSEC	2017	Yes	No	Yes	Yes	Yes	Yes
Samhain	2016	Yes	No	Yes	No	Partial		No
Snort	2015	Yes	Yes	No	Yes	No
chkrootkit	2017	Yes	No	Yes	No	Partial
rkhunter	2014	Yes	Yes	Yes	No	No	Yes	Yes
unhide	2012	Yes	Yes	No	No	No			proc ps compare
Sguil	2017	No	No	No	Yes	No
Logwatch	2017	Yes	Yes	No	No	Yes		No
Logcheck	2017	Yes	Yes	No	No	Yes		No
Epylog	2014	Yes	Yes	No	No	Yes
SWATCH	2015	Yes	Yes	No	No	Yes
sagan	2017	Yes	No	No	No	Yes
aide	2016	Yes	Yes	Yes	No	No		No
tripwire	2013	Yes	Yes	Yes	No	No

Proprietary software

Package	Year	Linux	Windows	File	Network	Logs	Config
Lacework	2017	Yes	Yes	Yes	Yes	Yes	Yes
Verisys	2016	Yes	Yes
Nessus	2017	Yes	Yes				Yes

References

Last updated
Repositories
Repositories
"Samhain". Ubuntu. Retrieved 2017-04-19. Samhain in the Ubuntu Repositories
Last
"Snort". Ubuntu. Retrieved 2017-04-19. Snort in the Ubuntu Repositories
"Snort". Cisco Systems. Retrieved 2017-05-31. Snort in the CentOS Repositories
"ChkRootkit". Ubuntu. Retrieved 2017-04-19. ChkRootkit in the Ubuntu Repositories
lastlog, wtmp, utmp, wtmpx
"RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the Ubuntu Repositories
"RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the CentOS Repositories
"unhide". debian. Retrieved 2017-04-17.unhide is notable because it's part of Debian and Fedora
"UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the Ubuntu Repositories
"UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the CentOS Repositories
"Logwatch". debian. Retrieved 2017-04-17. Logwatch is notable because it's part of Debian and Fedora
"LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the Ubuntu Repositories
"LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the CentOS Repositories
"Logcheck". debian. Retrieved 2017-04-17. Logcheck is notable because it's part of Debian and Fedora
"Logcheck". Ubuntu. Retrieved 2017-04-19. Logcheck in the Ubuntu Repositories
"Logcheck". Ubuntu. Retrieved 2017-04-19. Logcheck in the CentOS Repositories
"Epylog". debian. Retrieved 2017-04-17. Epylog is notable because it's part of Debian and Fedora
"Epylog". Ubuntu. Retrieved 2017-04-19. Epylog in the Ubuntu Repositories
"Epylog". Ubuntu. Retrieved 2017-04-19. Epylog in the CentOS Repositories
"SWATCH". debian. Retrieved 2017-04-17. SWATCH is notable because it's part of Debian and Fedora
"SWATCH". Ubuntu. Retrieved 2017-04-19. SWATCH in the Ubuntu Repositories
"SWATCH". Ubuntu. Retrieved 2017-04-19. SWATCH in the CentOS Repositories
"Sagan". Ubuntu. Retrieved 2017-04-19. Sagan in the Ubuntu Repositories
"AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the Ubuntu Repositories
"AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the CentOS Repositories
"Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the Ubuntu Repositories
"Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the CentOS Repositories
Last updated

External links

Category:

Intrusion detection systems