Host-based intrusion detection system comparison: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 17:17, 20 April 2017 edit Tim@ (talk \| contribs) Extended confirmed users 1,514 edits →Free software: more log checkers ← Previous edit		Latest revision as of 10:41, 23 August 2025 edit undo Tim@ (talk \| contribs) Extended confirmed users 1,514 edits →Free and open-source software: RIP CentOS
(69 intermediate revisions by 41 users not shown)
Line 1: Comparison of [[~~Host~~host-based intrusion detection system]] components and systems. ==[[Free and open-source software]]== As per the [[Unix philosophy]] a good HIDS is composed of ~~multipule~~multiple packages each focusing on a specific aspect. {\| class="wikitable sortable" \|- ! Package ! ~~Year<ref>~~Last ~~updated</ref>~~Update ! ~~Ubuntu~~[[Debian]] <~~ref~~small>Official Repositories</~~ref~~small> ! ~~CentOS~~[[AlmaLinux]] <~~ref~~small>Official Repositories</~~ref~~small> ! [[openSUSE]] <small>Official Repositories</small> ! File ! Network ! Logs ! [[Information_technology_security_audit\|Config]] ~~! Sane defaults~~ ! Notes \|- \| [[OSSEC]] \| ~~2017~~2025 \| {{no}}<ref>{{cite web \|url=https://ossec.github.io/downloads.html#apt-automated-installation-on-ubuntu-and-debian \|title=Downloads OSSEC\|publisher=OSSEC\|accessdate=2017-10-19 }} OSSEC for Debian Based systems</ref> ~~\| {{no}}~~ \| {{no}}<ref>{{cite web \|url=https://ossec.github.io/downloads.html#rhel-centos-fedora-and-others \|title=Downloads OSSEC\|publisher=OSSEC\|accessdate=2017-10-29 }} OSSEC for RHEL/Fedora Based systems</ref> ~~\| {{no}}~~ \| {{yes}}<ref>{{cite web \|url=https://software.opensuse.org/package/ossec-hids \|title=ossec-hids\|publisher=openSUSE OBS\|accessdate=2024-08-11 }} An Open Source Host-based Intrusion Detection System </ref> \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| \| \|- \|Wazuh ~~\| [[Lynis]]~~ \|2025<ref>{{cite web \|url=https://documentation.wazuh.com/current/release-notes/index.html \|title=Wazuh documentation Release notes\|accessdate=2025-07-16 }}</ref> ~~\| 2017~~ ~~\| {{partial}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=lynis \|title=Lynis \|publisher=Ubuntu \|accessdate=2017-04-19 }} Lynis in the Ubuntu Repositories</ref> broken~~ ~~\| {{yes}}<ref>{{cite web \|url=https://pkgs.org/download/lynis \|title=Lynis \|publisher=Ubuntu \|accessdate=2017-04-19 }} Lynis in the CentOS Repositories</ref>~~ ~~\| {{no}}~~ \| {{no}} \| {{no}} \| ? \| {{yes}} \| {{yes}} \| {{yes}} ~~\| Compliance testing only testing only in the commercial version~~ \|- ~~\| [[OpenVAS]]~~ ~~\| 2017~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ \| {{yes}} \| \| \|- \| [[Samhain_(software)\|Samhain]] \| ~~2016~~2023 \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=samhain \|title=Samhain \|publisher=Ubuntu \|accessdate=2017-04-19 }} Samhain in the Ubuntu Repositories</ref> \| {{no}} \| {{yes}}<ref>{{cite web \|url=https://software.opensuse.org/package/samhain?search_term=Samhain \|title=Samhain \|publisher=openSUSE OBS\|accessdate=2024-08-11 }} File integrity and host-based IDS</ref> \| {{yes}} \| {{no}} \| {{partial}}<ref>Last</ref> \| ~~\| {{no}}~~ \| \|- \| [[Snort_(software)\|Snort]] \| 2025<ref>{{cite web \|url=https://github.com/snort3/snort3/releases \|title=snort3/snort3 Releases\|accessdate=2025-07-16 }}</ref> ~~\| 2015~~ \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=snort \|title=Snort \|publisher=Ubuntu \|accessdate=2017-04-19 }} Snort in the Ubuntu Repositories</ref> \| {{no}}<ref>{{cite web \|url=https://pkgs.org/download/snort \|title=Snort \|publisher=Cisco Systems \|accessdate=2017-05-31 }} Snort in the CentOS Repositories</ref> \| {{no}} \| {{no}} Line 68 ⟶ 58: \| {{no}} \| \| \| \|- \| [[chkrootkit]] \| ~~2017~~2023 \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=chkrootkit \|title=ChkRootkit \|publisher=Ubuntu \|accessdate=2017-04-19 }} ChkRootkit in the Ubuntu Repositories</ref> \| {{no}} \| {{yes}} \| {{yes}} \| {{no}} \| {{partial}}<ref>lastlog, wtmp, utmp, wtmpx</ref> \| \| \| \|- \| [[rkhunter]] \| ~~2014~~2018 \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=rkhunter \|title=RKHunter \|publisher=Ubuntu \|accessdate=2017-04-19 }} RKHunter in the Ubuntu Repositories</ref> \| {{yes}}<ref>{{cite web \|url=https://pkgs.org/download/rkhunter \|title=RKHunter \|publisher=Ubuntu \|accessdate=2017-04-19 }} RKHunter in the CentOS Repositories</ref> \| {{yes}} \| {{yes}} \| {{no}} \| {{no}} ~~\| {{yes}}~~ \| {{yes}} \| \|- \| [http://www.unhide-forensics.info unhide]<ref ~~name="unhide"~~>{{cite web \|url=https://packages.debian.org/search?keywords=unhide \|title=unhide \|publisher=debian \|accessdate=2017-04-17 }}unhide is notable because it's part of Debian and Fedora</ref> \| 2012 \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=unhide \|title=UnHide \|publisher=Ubuntu \|accessdate=2017-04-19 }} UnHide in the Ubuntu Repositories</ref> \| {{yes}}<ref>{{cite web \|url=https://pkgs.org/download/unhide \|title=UnHide \|publisher=Ubuntu \|accessdate=2017-04-19 }} UnHide in the CentOS Repositories</ref> \| {{yes}} \| {{no}} \| {{no}} \| {{no}} \| \| \| proc ps compare \|- \| [[Sguil]] \| 2017 \| {{no}} \| {{no}} \| {{no}} Line 112 ⟶ 102: \| {{no}} \| \| \| \|- \| [https://sourceforge.net/p/logwatch/wiki/Home/ Logwatch]<ref ~~name="Logwatch"~~>{{cite web \|url=https://packages.debian.org/search?keywords=logwatch \|title=Logwatch \|publisher=debian \|accessdate=2017-04-17 }} Logwatch is notable because it's part of Debian and Fedora</ref> \| ~~2016~~2017 \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=logwatch \|title=LogWatch \|publisher=Ubuntu \|accessdate=2017-04-19 }} LogWatch in the Ubuntu Repositories</ref> \| {{yes}}<ref>{{cite web \|url=https://pkgs.org/download/logwatch \|title=LogWatch \|publisher=Ubuntu \|accessdate=2017-04-19 }} LogWatch in the CentOS Repositories</ref> \| {{yes}} \| {{no}} \| {{no}} \| {{yes}} \| ~~\| {{no}}~~ \| \|- \| [http://www.logcheck.org/ Logcheck]<ref name="Logcheck">{{cite web \|url=https://packages.debian.org/search?keywords=logcheck \|title=Logcheck \|publisher=debian \|accessdate=2017-04-17 }} Logcheck is notable because it's part of Debian and Fedora</ref> \| 2017 \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=logcheck \|title=Logcheck \|publisher=Ubuntu \|accessdate=2017-04-19 }} Logcheck in the Ubuntu Repositories</ref> \| {{yes}}<ref>{{cite web \|url=https://pkgs.org/download/logcheck \|title=Logcheck \|publisher=Ubuntu \|accessdate=2017-04-19 }} Logcheck in the CentOS Repositories</ref> \| {{yes}} \| {{no}} \| {{no}} \| {{yes}} \| \| \| \|- \| ~~[https://fedorahosted.org/epylog/~~ Epylog]<ref ~~name="Logcheck"~~>{{cite web \|url=https://packages.debian.org/search?keywords=epylog \|title=Epylog \|publisher=debian \|accessdate=2017-04-17 }} Epylog is notable because it's part of Debian and Fedora</ref> \| 2014 \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=epylog \|title=Epylog \|publisher=Ubuntu \|accessdate=2017-04-19 }} Epylog in the Ubuntu Repositories</ref> \| {{yes}}<ref>{{cite web \|url=https://pkgs.org/download/epylog \|title=Epylog \|publisher=Ubuntu \|accessdate=2017-04-19 }} Epylog in the CentOS Repositories</ref> \| {{yes}} \| {{no}} \| {{no}} \| {{yes}} \| \| \| \|- \| [~~http~~https://~~swatch.~~sourceforge.net/projects/swatch/?source=directory SWATCH]<ref ~~name="Logcheck"~~>{{cite web \|url=https://packages.debian.org/search?keywords=swatch \|title=SWATCH \|publisher=debian \|accessdate=2017-04-17 }} SWATCH is notable because it's part of Debian and Fedora</ref> \| 2015 \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=swatch \|title=SWATCH \|publisher=Ubuntu \|accessdate=2017-04-19 }} SWATCH in the Ubuntu Repositories</ref> \| {{yes}}<ref>{{cite web \|url=https://pkgs.org/download/swatch \|title=SWATCH \|publisher=Ubuntu \|accessdate=2017-04-19 }} SWATCH in the CentOS Repositories</ref> \| {{yes}} \| {{no}} \| {{no}} \| {{yes}} \| \| \| \|- \| [[Sagan_(software)\|sagan]] \| ~~2017~~2021 \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=sagan \|title=Sagan \|publisher=Ubuntu \|accessdate=2017-04-19 }} Sagan in the Ubuntu Repositories</ref> \| {{no}} \| {{no}} \| {{no}} Line 167 ⟶ 157: \| {{yes}} \| \| \| \|- \| [[Advanced_Intrusion_Detection_Environment\|aide]] \| ~~2016~~2025 \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=aide \|title=AIDE \|publisher=Ubuntu \|accessdate=2017-04-19 }} AIDE in the Ubuntu Repositories</ref> \| {{yes}}<ref>{{cite web \|url=https://pkgs.org/download/aide \|title=AIDE \|publisher=Ubuntu \|accessdate=2017-04-19 }} AIDE in the CentOS Repositories</ref> \| {{yes}} \| {{yes}} \| {{no}} \| {{no}} \| yes \| uses libs for routines ~~\| {{no}}~~ \| \|- \| [[Open_Source_Tripwire\|tripwire]] \| ~~2013~~2018 \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=tripwire \|title=Tripwire \|publisher=Ubuntu \|accessdate=2017-04-19 }} Tripwire in the Ubuntu Repositories</ref> \| {{yes}}<ref>{{cite web \|url=https://pkgs.org/download/tripwire \|title=Tripwire \|publisher=Ubuntu \|accessdate=2017-04-19 }} Tripwire in the CentOS Repositories</ref> \| {{yes}} \| {{yes}} \| {{no}} \| {{no}} \| \| \| \|- \| [[Tiger_(security_software)\|Tiger]] \| 2018 \| {{yes}}<ref>{{cite web \|url=http://packages.ubuntu.com/search?keywords=tiger \|title=Tripwire \|publisher=Ubuntu \|accessdate=2017-04-19 }} Tripwire in the Ubuntu Repositories</ref> \| {{no}} \| {{no}} \| {{yes}} \| {{no}} \| {{no}} \| {{yes}} \| 3/42 modules are Debian specific. \|- \|} Line 207: ! Notes \|- \| [https://www.lacework.com/ Lacework] ~~\| [[Verisys]]~~ \| ~~2016~~2018 \| {{yes}} \| {{no}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| \|- \| Verisys \| 2018 \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| \| {{yes}} \| \| \|- Line 226 ⟶ 237: \| \|- \|[https://www.atomicorp.com/atomic-enterprise-ossec/ Atomicorp] \|2019 \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \|Commercially enhanced version of OSSEC \|- \|[https://spartan.mobilefx.com/ Spartan] \|2021 \| {{no}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \| {{yes}} \|Websocket API, IP to Country mapping, DynDNS Integration \|} Line 236 ⟶ 266: * [https://wiki.centos.org/HowTos/OS_Protection CentOS security wiki] * [https://wiki.ubuntu.com/BasicSecurity Ubuntu security wiki] [[Category:Intrusion detection systems]]