Wikipedia

Host-based intrusion detection system comparison

This is an old revision of this page, as edited by Tim@ (talk | contribs) at 16:13, 19 April 2017 (Free software: Config). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Comparison of Host-based intrusion detection system components and systems.

Free software

As per the Unix philosophy a good HIDS is composed of multipule packages each focusing on a specific aspect.

Package Year[1] Ubuntu[2] CentOS[3] File Network Logs Config Notes
OSSEC 2017 No No Yes Yes Yes Yes
Lynis 2017 Yes Yes No No No Yes
OpenVAS 2017 No No No No No Yes
Samhain 2016 Yes No Yes No Partial[4]
Snort 2015 Yes No No Yes No
chkrootkit 2017 Yes No Yes No Partial[5]
rkhunter 2014 Yes Yes Yes No No Yes
unhide[6] 2012 Yes Yes No No No proc ps compare
Sguil 2017 No No No Yes No
Logwatch[7] 2016 Yes Yes No No Yes
sagan 2017 Yes No No No Yes
aide 2016 Yes Yes Yes No No
tripwire 2013 Yes Yes Yes No No

Proprietary software

Package Year[8] Linux Windows File Network Logs Config Notes
Verisys 2016 Yes Yes
Nessus 2017 Yes Yes Auditing

References

  1. ^ Last updated
  2. ^ Repositories
  3. ^ Repositories
  4. ^ Last
  5. ^ lastlog, wtmp, utmp, wtmpx
  6. ^ "unhide". debian. Retrieved 2017-04-17.unhide is notable because it's part of Debian and Fedora
  7. ^ "logwatch". debian. Retrieved 2017-04-17.logwatch is notable because it's part of Debian and Fedora
  8. ^ Last updated
Retrieved from "https://en.wikipedia.org/w/index.php?title=Host-based_intrusion_detection_system_comparison&oldid=776205320"