Revision as of 19:40, 17 April 2017 edit Tim@ (talk \| contribs) Extended confirmed users 1,514 edits Lynis ← Previous edit		Revision as of 19:47, 17 April 2017 edit undo Tim@ (talk \| contribs) Extended confirmed users 1,514 edits No edit summary Next edit →
Line 1: ==[[Free software]]== As per the [[Unix philosophy]] a good HIDS is composed of multipule packages each focusing on a specific aspect. {\| class="wikitable sortable" Line 4 ⟶ 5: ! Package ! Year<ref>Last updated</ref> ! Linux ~~! Ubuntu<ref>Repositories</ref>~~ ! Windows ~~! CentOS<ref>Repositories</ref>~~ ! File ! Network Line 11 ⟶ 12: ! Notes \|- \| . ~~\| [[OSSEC]]~~ ~~\| 2017~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| {{yes}}~~ ~~\| {{yes}}~~ ~~\| {{yes}}~~ \| \|- ~~\| [[Lynis]]~~ ~~\| 2017~~ ~~\| {{yes}}~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| [[Information_technology_security_audit\|Auditing]]~~ \|- ~~\| [[Samhain_(software)\|Samhain]]~~ ~~\| 2016~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ ~~\| {{partial}}<ref>Last</ref>~~ \| \|- ~~\| [[Snort_(software)\|Snort]]~~ ~~\| 2015~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ \| \|- ~~\| [[chkrootkit]]~~ ~~\| 2017~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ ~~\| {{partial}}<ref>lastlog, wtmp, utmp, wtmpx</ref>~~ \| \|- ~~\| [[rkhunter]]~~ ~~\| 2014~~ ~~\| {{yes}}~~ ~~\| {{yes}}~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ \| \|- \| [http://www.unhide-forensics.info unhide]<ref name="unhide">{{cite web \|url=https://packages.debian.org/search?keywords=unhide \|title=unhide \|publisher=debian \|accessdate=2017-04-17 }}unhide is notable because it's part of Debian and Fedora</ref> ~~\| 2012~~ ~~\| {{yes}}~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| proc ps compare~~ \|- ~~\| [[Sguil]]~~ ~~\| 2017~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ \| \|- \| [https://sourceforge.net/p/logwatch/wiki/Home/ Logwatch]<ref name="Logwatch">{{cite web \|url=https://packages.debian.org/search?keywords=logwatch \|title=logwatch \|publisher=debian \|accessdate=2017-04-17 }}logwatch is notable because it's part of Debian and Fedora</ref> ~~\| 2016~~ ~~\| {{yes}}~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| {{yes}}~~ \| \|- ~~\| [[Sagan_(software)\|sagan]]~~ ~~\| 2017~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ ~~\| {{yes}}~~ \| \|- ~~\| [[Advanced_Intrusion_Detection_Environment\|aide]]~~ ~~\| 2016~~ ~~\| {{yes}}~~ ~~\| {{yes}}~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ \| \|- ~~\| [[Open_Source_Tripwire\|tripwire]]~~ ~~\| 2013~~ ~~\| {{yes}}~~ ~~\| {{yes}}~~ ~~\| {{yes}}~~ ~~\| {{no}}~~ ~~\| {{no}}~~ \| \|-

Host-based intrusion detection system comparison: Difference between revisions