Host / Software Based IDS?

Discussion in 'Security' started by pc_user, Sep 25, 2007.

0
  1. #1
    Is there a good host based software IDS tool? Preferably something centralized and that can be placed on linux or windows boxes?
     
    pc_user, Sep 25, 2007 IP
  2. ThreeGuineaWatch

    ThreeGuineaWatch Well-Known Member

    Messages:
    1,489
    Likes Received:
    69
    Best Answers:
    0
    Trophy Points:
    140
    #2
    I have used AIDE before, many moons ago. It worked well. Essentially it creates a hash of all the files you specify checking them periodically for tampering.
     
    ThreeGuineaWatch, Sep 26, 2007 IP
  3. Ladadadada

    Ladadadada Peon

    Messages:
    382
    Likes Received:
    36
    Best Answers:
    0
    Trophy Points:
    0
    #3
    AIDE works well for me with an hourly cron job checking the files against the database and emailing me the results (if any)
     
    Ladadadada, Oct 5, 2007 IP
  4. sysadm

    sysadm Peon

    Messages:
    20
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Go with OSSEC/HIDS, it substitues for using multiple tools like we had to do in the past. Very solid system.
     
    sysadm, Oct 10, 2007 IP
  5. nwilkens

    nwilkens Member

    Messages:
    23
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    36
    #5
    Yea, OSSEC seems to be a very solid system. I would also recommend using this as part of your security solution.
     
    nwilkens, Oct 23, 2007 IP