Host-based intrusion detection system comparison

Comparison of Host-based intrusion detection system components and systems.

Free software

As per the Unix philosophy a good HIDS is composed of multipule packages each focusing on a specific aspect.

Package	Year^[1]	Ubuntu^[2]	CentOS^[3]	File	Network	Logs	Config	Notes
OSSEC	2017	No	No	Yes	Yes	Yes	Yes
Lynis	2017	Yes^[4]	Yes	No	No	No	Yes
OpenVAS	2017	No	No	No	No	No	Yes
Samhain	2016	Yes^[5]	No	Yes	No	Partial^[6]
Snort	2015	Yes^[7]	No	No	Yes	No
chkrootkit	2017	Yes^[8]	No	Yes	No	Partial^[9]
rkhunter	2014	Yes^[10]	Yes	Yes	No	No	Yes
unhide^[11]	2012	Yes^[12]	Yes	No	No	No		proc ps compare
Sguil	2017	No	No	No	Yes	No
Logwatch^[13]	2016	Yes^[14]	Yes	No	No	Yes
sagan	2017	Yes^[15]	No	No	No	Yes
aide	2016	Yes^[16]	Yes	Yes	No	No
tripwire	2013	Yes^[17]	Yes	Yes	No	No

Package	Year^[18]	Linux	Windows	File	Network	Logs	Config	Notes
Verisys	2016	Yes	Yes
Nessus	2017	Yes	Yes				Yes

^ Last updated
^ Repositories
^ Repositories
^ "Lynis". Ubuntu. Retrieved 2017-04-19. Lynis in the Ubuntu Repositories
^ "Samhain". Ubuntu. Retrieved 2017-04-19. Samhain in the Ubuntu Repositories
^ Last
^ "Snort". Ubuntu. Retrieved 2017-04-19. Snort in the Ubuntu Repositories
^ "ChkRootkit". Ubuntu. Retrieved 2017-04-19. ChkRootkit in the Ubuntu Repositories
^ lastlog, wtmp, utmp, wtmpx
^ "RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the Ubuntu Repositories
^ "unhide". debian. Retrieved 2017-04-17.unhide is notable because it's part of Debian and Fedora
^ "UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the Ubuntu Repositories
^ "logwatch". debian. Retrieved 2017-04-17.logwatch is notable because it's part of Debian and Fedora
^ "LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the Ubuntu Repositories
^ "Sagan". Ubuntu. Retrieved 2017-04-19. Sagan in the Ubuntu Repositories
^ "AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the Ubuntu Repositories
^ "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the Ubuntu Repositories
^ Last updated