This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
|
Comparison of Host-based intrusion detection system components and systems.
As per the Unix philosophy a good HIDS is composed of multipule packages each focusing on a specific aspect.
| Package | Year[1] | Ubuntu[2] | CentOS[3] | File | Network | Logs | Notes |
|---|---|---|---|---|---|---|---|
| OSSEC | 2017 | No | No | Yes | Yes | Yes | |
| Lynis | 2017 | Yes | Yes | No | No | No | Auditing |
| Samhain | 2016 | Yes | No | Yes | No | Partial[4] | |
| Snort | 2015 | Yes | No | No | Yes | No | |
| chkrootkit | 2017 | Yes | No | Yes | No | Partial[5] | |
| rkhunter | 2014 | Yes | Yes | Yes | No | No | |
| unhide[6] | 2012 | Yes | Yes | No | No | No | proc ps compare |
| Sguil | 2017 | No | No | No | Yes | No | |
| Logwatch[7] | 2016 | Yes | Yes | No | No | Yes | |
| sagan | 2017 | Yes | No | No | No | Yes | |
| aide | 2016 | Yes | Yes | Yes | No | No | |
| tripwire | 2013 | Yes | Yes | Yes | No | No |
| Package | Year[8] | Linux | Windows | File | Network | Logs | Notes |
|---|---|---|---|---|---|---|---|
| Verisys | 2016 | Yes | Yes |