Jump to content

Host-based intrusion detection system comparison

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Tim@ (talk | contribs) at 19:24, 17 April 2017 (Created page with 'As per the Unix philosophy a good HIDS is composed of multipule packages each focusing on a specific aspect. {| class="wikitable sortable" |- ! Package ! Ye...'). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

As per the Unix philosophy a good HIDS is composed of multipule packages each focusing on a specific aspect.

Package Year[1] Ubuntu[2] CentOS[3] File Network Logs Notes
OSSEC 2017 No No Yes Yes Yes
Samhain 2016 Yes No Yes No Partial[4]
Snort 2015 Yes No No Yes No
chkrootkit 2017 Yes No Yes No Partial[5]
rkhunter 2014 Yes Yes Yes No No
unhide[6] 2012 Yes Yes No No No proc ps compare
Sguil 2017 No No No Yes No
Logwatch[7] 2016 Yes Yes No No Yes
aide 2016 Yes Yes Yes No No
tripwire 2013 Yes Yes Yes No No
  1. ^ Last updated
  2. ^ Repositories
  3. ^ Repositories
  4. ^ Last
  5. ^ lastlog, wtmp, utmp, wtmpx
  6. ^ "unhide". debian. Retrieved 2017-04-17.unhide is notable because it's part of Debian and Fedora
  7. ^ "logwatch". debian. Retrieved 2017-04-17.logwatch is notable because it's part of Debian and Fedora
Retrieved from "https://en.wikipedia.org/w/index.php?title=Host-based_intrusion_detection_system_comparison&oldid=775901249"