This is an old revision of this page, as edited by Idumont (talk | contribs) at 19:28, 29 September 2017. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Revision as of 19:28, 29 September 2017 by Idumont (talk | contribs)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)Comparison of Host-based intrusion detection system components and systems.
Free software
As per the Unix philosophy a good HIDS is composed of multiple packages each focusing on a specific aspect.
Package | Year | Ubuntu | CentOS | File | Network | Logs | Config | Sane defaults | Notes |
---|---|---|---|---|---|---|---|---|---|
OSSEC | 2017 | No | No | Yes | Yes | Yes | Yes | ||
Samhain | 2016 | Yes | No | Yes | No | Partial | No | ||
Snort | 2015 | Yes | Yes | No | Yes | No | |||
chkrootkit | 2017 | Yes | No | Yes | No | Partial | |||
rkhunter | 2014 | Yes | Yes | Yes | No | No | Yes | Yes | |
unhide | 2012 | Yes | Yes | No | No | No | proc ps compare | ||
Sguil | 2017 | No | No | No | Yes | No | |||
Logwatch | 2017 | Yes | Yes | No | No | Yes | No | ||
Logcheck | 2017 | Yes | Yes | No | No | Yes | No | ||
Epylog | 2014 | Yes | Yes | No | No | Yes | |||
SWATCH | 2015 | Yes | Yes | No | No | Yes | |||
sagan | 2017 | Yes | No | No | No | Yes | |||
aide | 2016 | Yes | Yes | Yes | No | No | No | ||
tripwire | 2013 | Yes | Yes | Yes | No | No |
Proprietary software
Package | Year | Linux | Windows | File | Network | Logs | Config | Notes |
---|---|---|---|---|---|---|---|---|
Verisys | 2016 | Yes | Yes | |||||
Nessus | 2017 | Yes | Yes | Yes | ||||
Lacework | 2017 | Yes | Yes | Yes | Yes | Yes | Yes |
References
- Last updated
- Repositories
- Repositories
- "Samhain". Ubuntu. Retrieved 2017-04-19. Samhain in the Ubuntu Repositories
- Last
- "Snort". Ubuntu. Retrieved 2017-04-19. Snort in the Ubuntu Repositories
- "Snort". Cisco Systems. Retrieved 2017-05-31. Snort in the CentOS Repositories
- "ChkRootkit". Ubuntu. Retrieved 2017-04-19. ChkRootkit in the Ubuntu Repositories
- lastlog, wtmp, utmp, wtmpx
- "RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the Ubuntu Repositories
- "RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the CentOS Repositories
- "unhide". debian. Retrieved 2017-04-17.unhide is notable because it's part of Debian and Fedora
- "UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the Ubuntu Repositories
- "UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the CentOS Repositories
- "Logwatch". debian. Retrieved 2017-04-17. Logwatch is notable because it's part of Debian and Fedora
- "LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the Ubuntu Repositories
- "LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the CentOS Repositories
- "Logcheck". debian. Retrieved 2017-04-17. Logcheck is notable because it's part of Debian and Fedora
- "Logcheck". Ubuntu. Retrieved 2017-04-19. Logcheck in the Ubuntu Repositories
- "Logcheck". Ubuntu. Retrieved 2017-04-19. Logcheck in the CentOS Repositories
- "Epylog". debian. Retrieved 2017-04-17. Epylog is notable because it's part of Debian and Fedora
- "Epylog". Ubuntu. Retrieved 2017-04-19. Epylog in the Ubuntu Repositories
- "Epylog". Ubuntu. Retrieved 2017-04-19. Epylog in the CentOS Repositories
- "SWATCH". debian. Retrieved 2017-04-17. SWATCH is notable because it's part of Debian and Fedora
- "SWATCH". Ubuntu. Retrieved 2017-04-19. SWATCH in the Ubuntu Repositories
- "SWATCH". Ubuntu. Retrieved 2017-04-19. SWATCH in the CentOS Repositories
- "Sagan". Ubuntu. Retrieved 2017-04-19. Sagan in the Ubuntu Repositories
- "AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the Ubuntu Repositories
- "AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the CentOS Repositories
- "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the Ubuntu Repositories
- "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the CentOS Repositories
- Last updated