Comparison of host-based intrusion detection system components and systems.
Free and open-source software
As per the Unix philosophy a good HIDS is composed of multiple packages each focusing on a specific aspect.
Package | Updated | Ubuntu Official Repositories | CentOS Official Repositories | File | Network | Logs | Config | Sane defaults | Notes |
---|---|---|---|---|---|---|---|---|---|
OSSEC | 2022 | No[1] | No[2] | Yes | Yes | Yes | Yes | ||
Wazuh | 2022 | No | No | Yes | Yes | Yes | Yes | ||
Samhain | 2021 | Yes[3] | No | Yes | No | Partial[4] | No | ||
Snort | 2018 | Yes[5] | No[6] | No | Yes | No | |||
chkrootkit | 2023 | Yes[7] | No | Yes | No | Partial[8] | |||
rkhunter | 2018 | Yes[9] | Yes[10] | Yes | No | No | Yes | Yes | |
unhide[11] | 2012 | Yes[12] | Yes[13] | No | No | No | proc ps compare | ||
Sguil | 2017 | No | No | No | Yes | No | |||
Logwatch[14] | 2017 | Yes[15] | Yes[16] | No | No | Yes | No | ||
Logcheck[17] | 2017 | Yes[18] | Yes[19] | No | No | Yes | No | ||
Epylog[20] | 2014 | Yes[21] | Yes[22] | No | No | Yes | |||
SWATCH[23] | 2015 | Yes[24] | Yes[25] | No | No | Yes | |||
sagan | 2021 | Yes[26] | No | No | No | Yes | |||
aide | 2023 | Yes[27] | Yes[28] | Yes | No | No | No | ||
tripwire | 2018 | Yes[29] | Yes[30] | Yes | No | No | |||
Tiger | 2018 | Yes[31] | No | Yes | No | No | Yes | No | 3/42 modules are Debian specific. |
Proprietary software
Package | Year[32] | Linux | Windows | File | Network | Logs | Config | Notes |
---|---|---|---|---|---|---|---|---|
Lacework | 2018 | Yes | No | Yes | Yes | Yes | Yes | |
Verisys | 2018 | Yes | Yes | Yes | Yes | Yes | ||
Nessus | 2017 | Yes | Yes | Yes | ||||
Atomicorp | 2019 | Yes | Yes | Yes | Yes | Yes | Yes | Commercially enhanced version of OSSEC |
Spartan | 2021 | No | Yes | Yes | Yes | Yes | Yes | Websocket API, IP to Country mapping, DynDNS Integration |
References
- ↑ "Downloads OSSEC". OSSEC. Retrieved 2017-10-19. OSSEC for Debian Based systems
- ↑ "Downloads OSSEC". OSSEC. Retrieved 2017-10-29. OSSEC for RHEL/Fedora Based systems
- ↑ "Samhain". Ubuntu. Retrieved 2017-04-19. Samhain in the Ubuntu Repositories
- ↑ Last
- ↑ "Snort". Ubuntu. Retrieved 2017-04-19. Snort in the Ubuntu Repositories
- ↑ "Snort". Cisco Systems. Retrieved 2017-05-31. Snort in the CentOS Repositories
- ↑ "ChkRootkit". Ubuntu. Retrieved 2017-04-19. ChkRootkit in the Ubuntu Repositories
- ↑ lastlog, wtmp, utmp, wtmpx
- ↑ "RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the Ubuntu Repositories
- ↑ "RKHunter". Ubuntu. Retrieved 2017-04-19. RKHunter in the CentOS Repositories
- ↑ "unhide". debian. Retrieved 2017-04-17.unhide is notable because it's part of Debian and Fedora
- ↑ "UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the Ubuntu Repositories
- ↑ "UnHide". Ubuntu. Retrieved 2017-04-19. UnHide in the CentOS Repositories
- ↑ "Logwatch". debian. Retrieved 2017-04-17. Logwatch is notable because it's part of Debian and Fedora
- ↑ "LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the Ubuntu Repositories
- ↑ "LogWatch". Ubuntu. Retrieved 2017-04-19. LogWatch in the CentOS Repositories
- ↑ "Logcheck". debian. Retrieved 2017-04-17. Logcheck is notable because it's part of Debian and Fedora
- ↑ "Logcheck". Ubuntu. Retrieved 2017-04-19. Logcheck in the Ubuntu Repositories
- ↑ "Logcheck". Ubuntu. Retrieved 2017-04-19. Logcheck in the CentOS Repositories
- ↑ "Epylog". debian. Retrieved 2017-04-17. Epylog is notable because it's part of Debian and Fedora
- ↑ "Epylog". Ubuntu. Retrieved 2017-04-19. Epylog in the Ubuntu Repositories
- ↑ "Epylog". Ubuntu. Retrieved 2017-04-19. Epylog in the CentOS Repositories
- ↑ "SWATCH". debian. Retrieved 2017-04-17. SWATCH is notable because it's part of Debian and Fedora
- ↑ "SWATCH". Ubuntu. Retrieved 2017-04-19. SWATCH in the Ubuntu Repositories
- ↑ "SWATCH". Ubuntu. Retrieved 2017-04-19. SWATCH in the CentOS Repositories
- ↑ "Sagan". Ubuntu. Retrieved 2017-04-19. Sagan in the Ubuntu Repositories
- ↑ "AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the Ubuntu Repositories
- ↑ "AIDE". Ubuntu. Retrieved 2017-04-19. AIDE in the CentOS Repositories
- ↑ "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the Ubuntu Repositories
- ↑ "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the CentOS Repositories
- ↑ "Tripwire". Ubuntu. Retrieved 2017-04-19. Tripwire in the Ubuntu Repositories
- ↑ Last updated
External links
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.