Wikipedia

Host-based intrusion detection system comparison

This is an old revision of this page, as edited by Postcard Cathy (talk | contribs) at 08:51, 25 April 2017 (External links). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Comparison of Host-based intrusion detection system components and systems.

Free software

As per the Unix philosophy a good HIDS is composed of multipule packages each focusing on a specific aspect.

Package Year[1] Ubuntu[2] CentOS[3] File Network Logs Config Sane defaults Notes
OSSEC 2017 No No Yes Yes Yes Yes
Lynis 2017 Partial[4] broken Yes[5] No No No Yes Yes Compliance testing only testing only in the commercial version
OpenVAS 2017 No No No No No Yes
Samhain 2016 Yes[6] No Yes No Partial[7] No
Snort 2015 Yes[8] No No Yes No
chkrootkit 2017 Yes[9] No Yes No Partial[10]
rkhunter 2014 Yes[11] Yes[12] Yes No No Yes Yes
unhide[13] 2012 Yes[14] Yes[15] No No No proc ps compare
Sguil 2017 No No No Yes No
Logwatch[16] 2017 Yes[17] Yes[18] No No Yes No
Logcheck[19] 2017 Yes[20] Yes[21] No No Yes No
Epylog[22] 2014 Yes[23] Yes[24] No No Yes
SWATCH[25] 2015 Yes[26] Yes[27] No No Yes
sagan 2017 Yes[28] No No No Yes
aide 2016 Yes[29] Yes[30] Yes No No No
tripwire 2013 Yes[31] Yes[32] Yes No No

Proprietary software

Package Year[33] Linux Windows File Network Logs Config Notes
Verisys 2016 Yes Yes
Nessus 2017 Yes Yes Yes

References

  1. ^ Last updated
  2. ^ Repositories
  3. ^ Repositories
  4. ^ "Lynis". Ubuntu. Retrieved 2017-04-19. Lynis in the Ubuntu Repositories
  5. ^ "Lynis". Ubuntu. Retrieved 2017-04-19. Lynis in the CentOS Repositories
  6. ^ "Samhain". Ubuntu. Retrieved 2017-04-19. Samhain in the Ubuntu Repositories
  7. ^ Last
  8. ^ "Snort". Ubuntu. Retrieved 2017-04-19. Snort in the Ubuntu Repositories
  9. ^ "ChkRootkit". Ubuntu. Retrieved 2017-04-19. ChkRootkit in the Ubuntu Repositories
  10. ^ lastlog, wtmp, utmp, wtmpx
  11. ^ "RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the Ubuntu Repositories
  12. ^ "RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the CentOS Repositories
  13. ^ "unhide". debian. Retrieved 2017-04-17.unhide is notable because it's part of Debian and Fedora
  14. ^ "UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the Ubuntu Repositories
  15. ^ "UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the CentOS Repositories
  16. ^ "Logwatch". debian. Retrieved 2017-04-17. Logwatch is notable because it's part of Debian and Fedora
  17. ^ "LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the Ubuntu Repositories
  18. ^ "LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the CentOS Repositories
  19. ^ "Logcheck". debian. Retrieved 2017-04-17. Logcheck is notable because it's part of Debian and Fedora
  20. ^ "Logcheck". Ubuntu. Retrieved 2017-04-19. Logcheck in the Ubuntu Repositories
  21. ^ "Logcheck". Ubuntu. Retrieved 2017-04-19. Logcheck in the CentOS Repositories
  22. ^ "Epylog". debian. Retrieved 2017-04-17. Epylog is notable because it's part of Debian and Fedora
  23. ^ "Epylog". Ubuntu. Retrieved 2017-04-19. Epylog in the Ubuntu Repositories
  24. ^ "Epylog". Ubuntu. Retrieved 2017-04-19. Epylog in the CentOS Repositories
  25. ^ "SWATCH". debian. Retrieved 2017-04-17. SWATCH is notable because it's part of Debian and Fedora
  26. ^ "SWATCH". Ubuntu. Retrieved 2017-04-19. SWATCH in the Ubuntu Repositories
  27. ^ "SWATCH". Ubuntu. Retrieved 2017-04-19. SWATCH in the CentOS Repositories
  28. ^ "Sagan". Ubuntu. Retrieved 2017-04-19. Sagan in the Ubuntu Repositories
  29. ^ "AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the Ubuntu Repositories
  30. ^ "AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the CentOS Repositories
  31. ^ "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the Ubuntu Repositories
  32. ^ "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the CentOS Repositories
  33. ^ Last updated
Retrieved from "https://en.wikipedia.org/w/index.php?title=Host-based_intrusion_detection_system_comparison&oldid=777112028"