Hi,
If you run large nuber of hosts, i suggest samhain.
You have many features builtin (monitoring of files, system.map
altering, suid bits, appending only on log files etc.).
It works on client server model (a server who centralize hosts
integrity database).
Communications are secure (AES for ci
I really like OSSEC. It's licensed under GPL V3. The agent runs on
multiple platforms. It's easy to install, relatively easy to configure.
The agent is a self-contained HIDS, rootkit detector, log and file
monitor.
It can also decode Snort, Cisco PIX/ASA, IPTables, and a a whole lot of
other logs.
On Wed, 2009-06-03 at 08:53 -0700, john wrote:
> On Tue, Jun 2, 2009 at 4:45 PM, Josh Lauricha wrote:
> > I'm surprised more people aren't running tripwire or other IDS.
> I'd be interested to hear some recommendations for IDS to run on
> internet facing servers. Especially from the point of view
On Wed, Jun 3, 2009 at 5:53 PM, john wrote:
> I'd be interested to hear some recommendations for IDS to run on
> internet facing servers. Especially from the point of view of ease of
> installation, ease of maintenance, quality of the tool, and ability to
> have it deliver really useful informatio
Quoting Boyd Stephen Smith Jr. (b...@iguanasuicide.net):
> I inherited a tripwire installation at some point. It was one mail message
> per day (and if you didn't get that message you knew something was wrong).
>
> It required a bit of tuning to not report errors regularly, but once I spent
>
Remember, that a HIDS (host IDS) is just a detective control on the
host. It shows that you have been hacked, you will probably want a
good NIDS (network IDS) to see what attacks are being attempted over
the wire.
HIDS is good to quickly detect a compromise...
http://sourceforge.net/proj
In <2be970b50906030853t29dfb90atd60089611f98e...@mail.gmail.com>, john
wrote:
>On Tue, Jun 2, 2009 at 4:45 PM, Josh Lauricha wrote:
>> I'm surprised more people aren't running tripwire or other IDS.
>
>I'd be interested to hear some recommendations for IDS to run on
>internet facing servers.
I i
On Tue, Jun 2, 2009 at 4:45 PM, Josh Lauricha wrote:
> I'm surprised more people aren't running tripwire or other IDS.
I'd be interested to hear some recommendations for IDS to run on
internet facing servers. Especially from the point of view of ease of
installation, ease of maintenance, quality
8 matches
Mail list logo
