Wikipedia

Host-based intrusion detection system comparison

This is an old revision of this page, as edited by Tim@ (talk | contribs) at 16:59, 19 April 2017. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Comparison of Host-based intrusion detection system components and systems.

Free software

As per the Unix philosophy a good HIDS is composed of multipule packages each focusing on a specific aspect.

Package Year[1] Ubuntu[2] CentOS[3] File Network Logs Config Notes
OSSEC 2017 No No Yes Yes Yes Yes
Lynis 2017 Yes[4] Yes[5] No No No Yes
OpenVAS 2017 No No No No No Yes
Samhain 2016 Yes[6] No Yes No Partial[7]
Snort 2015 Yes[8] No No Yes No
chkrootkit 2017 Yes[9] No Yes No Partial[10]
rkhunter 2014 Yes[11] Yes[12] Yes No No Yes
unhide[13] 2012 Yes[14] Yes[15] No No No proc ps compare
Sguil 2017 No No No Yes No
Logwatch[16] 2016 Yes[17] Yes[18] No No Yes
sagan 2017 Yes[19] No No No Yes
aide 2016 Yes[20] Yes[21] Yes No No
tripwire 2013 Yes[22] Yes[23] Yes No No

Proprietary software

Package Year[24] Linux Windows File Network Logs Config Notes
Verisys 2016 Yes Yes
Nessus 2017 Yes Yes Yes

References

  1. ^ Last updated
  2. ^ Repositories
  3. ^ Repositories
  4. ^ "Lynis". Ubuntu. Retrieved 2017-04-19. Lynis in the Ubuntu Repositories
  5. ^ "Lynis". Ubuntu. Retrieved 2017-04-19. Lynis in the CentOS Repositories
  6. ^ "Samhain". Ubuntu. Retrieved 2017-04-19. Samhain in the Ubuntu Repositories
  7. ^ Last
  8. ^ "Snort". Ubuntu. Retrieved 2017-04-19. Snort in the Ubuntu Repositories
  9. ^ "ChkRootkit". Ubuntu. Retrieved 2017-04-19. ChkRootkit in the Ubuntu Repositories
  10. ^ lastlog, wtmp, utmp, wtmpx
  11. ^ "RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the Ubuntu Repositories
  12. ^ "RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the CentOS Repositories
  13. ^ "unhide". debian. Retrieved 2017-04-17.unhide is notable because it's part of Debian and Fedora
  14. ^ "UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the Ubuntu Repositories
  15. ^ "UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the CentOS Repositories
  16. ^ "logwatch". debian. Retrieved 2017-04-17.logwatch is notable because it's part of Debian and Fedora
  17. ^ "LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the Ubuntu Repositories
  18. ^ "LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the CentOS Repositories
  19. ^ "Sagan". Ubuntu. Retrieved 2017-04-19. Sagan in the Ubuntu Repositories
  20. ^ "AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the Ubuntu Repositories
  21. ^ "AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the CentOS Repositories
  22. ^ "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the Ubuntu Repositories
  23. ^ "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the CentOS Repositories
  24. ^ Last updated
Retrieved from "https://en.wikipedia.org/w/index.php?title=Host-based_intrusion_detection_system_comparison&oldid=776212254"