Host-based intrusion detection system comparison
From HandWiki
Comparison of host-based intrusion detection system components and systems.
Free and open-source software
As per the Unix philosophy a good HIDS is composed of multiple packages each focusing on a specific aspect.
Package | Updated | Ubuntu Official Repositories | CentOS Official Repositories | File | Network | Logs | Config | Sane defaults | Notes |
---|---|---|---|---|---|---|---|---|---|
OSSEC | 2022 | No[1] | No[2] | Yes | Yes | Yes | Yes | ||
Wazuh | 2022 | No | No | Yes | Yes | Yes | Yes | ||
Samhain | 2021 | Yes[3] | No | Yes | No | Partial[4] | No | ||
Snort | 2018 | Yes[5] | No[6] | No | Yes | No | |||
chkrootkit | 2023 | Yes[7] | No | Yes | No | Partial[8] | |||
rkhunter | 2018 | Yes[9] | Yes[10] | Yes | No | No | Yes | Yes | |
unhide[11] | 2012 | Yes[12] | Yes[13] | No | No | No | proc ps compare | ||
Sguil | 2017 | No | No | No | Yes | No | |||
Logwatch[14] | 2017 | Yes[15] | Yes[16] | No | No | Yes | No | ||
Logcheck[17] | 2017 | Yes[18] | Yes[19] | No | No | Yes | No | ||
Epylog[20] | 2014 | Yes[21] | Yes[22] | No | No | Yes | |||
SWATCH[23] | 2015 | Yes[24] | Yes[25] | No | No | Yes | |||
sagan | 2021 | Yes[26] | No | No | No | Yes | |||
aide | 2023 | Yes[27] | Yes[28] | Yes | No | No | No | ||
tripwire | 2018 | Yes[29] | Yes[30] | Yes | No | No | |||
Tiger | 2018 | Yes[31] | No | Yes | No | No | Yes | No | 3/42 modules are Debian specific. |
Proprietary software
Package | Year[32] | Linux | Windows | File | Network | Logs | Config | Notes |
---|---|---|---|---|---|---|---|---|
Lacework | 2018 | Yes | No | Yes | Yes | Yes | Yes | |
Verisys | 2018 | Yes | Yes | Yes | Yes | Yes | ||
Nessus | 2017 | Yes | Yes | Yes | ||||
Atomicorp | 2019 | Yes | Yes | Yes | Yes | Yes | Yes | Commercially enhanced version of OSSEC |
Spartan | 2021 | No | Yes | Yes | Yes | Yes | Yes | Websocket API, IP to Country mapping, DynDNS Integration |
References
- ↑ "Downloads OSSEC". OSSEC. https://ossec.github.io/downloads.html#apt-automated-installation-on-ubuntu-and-debian. Retrieved 2017-10-19. OSSEC for Debian Based systems
- ↑ "Downloads OSSEC". OSSEC. https://ossec.github.io/downloads.html#rhel-centos-fedora-and-others. Retrieved 2017-10-29. OSSEC for RHEL/Fedora Based systems
- ↑ "Samhain". Ubuntu. http://packages.ubuntu.com/search?keywords=samhain. Retrieved 2017-04-19. Samhain in the Ubuntu Repositories
- ↑ Last
- ↑ "Snort". Ubuntu. http://packages.ubuntu.com/search?keywords=snort. Retrieved 2017-04-19. Snort in the Ubuntu Repositories
- ↑ "Snort". Cisco Systems. https://pkgs.org/download/snort. Retrieved 2017-05-31. Snort in the CentOS Repositories
- ↑ "ChkRootkit". Ubuntu. http://packages.ubuntu.com/search?keywords=chkrootkit. Retrieved 2017-04-19. ChkRootkit in the Ubuntu Repositories
- ↑ lastlog, wtmp, utmp, wtmpx
- ↑ "RKHunter". Ubuntu. http://packages.ubuntu.com/search?keywords=rkhunter. Retrieved 2017-04-19. RKHunter in the Ubuntu Repositories
- ↑ "RKHunter". Ubuntu. https://pkgs.org/download/rkhunter. Retrieved 2017-04-19. RKHunter in the CentOS Repositories
- ↑ "unhide". debian. https://packages.debian.org/search?keywords=unhide. Retrieved 2017-04-17.unhide is notable because it's part of Debian and Fedora
- ↑ "UnHide". Ubuntu. http://packages.ubuntu.com/search?keywords=unhide. Retrieved 2017-04-19. UnHide in the Ubuntu Repositories
- ↑ "UnHide". Ubuntu. https://pkgs.org/download/unhide. Retrieved 2017-04-19. UnHide in the CentOS Repositories
- ↑ "Logwatch". debian. https://packages.debian.org/search?keywords=logwatch. Retrieved 2017-04-17. Logwatch is notable because it's part of Debian and Fedora
- ↑ "LogWatch". Ubuntu. http://packages.ubuntu.com/search?keywords=logwatch. Retrieved 2017-04-19. LogWatch in the Ubuntu Repositories
- ↑ "LogWatch". Ubuntu. https://pkgs.org/download/logwatch. Retrieved 2017-04-19. LogWatch in the CentOS Repositories
- ↑ "Logcheck". debian. https://packages.debian.org/search?keywords=logcheck. Retrieved 2017-04-17. Logcheck is notable because it's part of Debian and Fedora
- ↑ "Logcheck". Ubuntu. http://packages.ubuntu.com/search?keywords=logcheck. Retrieved 2017-04-19. Logcheck in the Ubuntu Repositories
- ↑ "Logcheck". Ubuntu. https://pkgs.org/download/logcheck. Retrieved 2017-04-19. Logcheck in the CentOS Repositories
- ↑ "Epylog". debian. https://packages.debian.org/search?keywords=epylog. Retrieved 2017-04-17. Epylog is notable because it's part of Debian and Fedora
- ↑ "Epylog". Ubuntu. http://packages.ubuntu.com/search?keywords=epylog. Retrieved 2017-04-19. Epylog in the Ubuntu Repositories
- ↑ "Epylog". Ubuntu. https://pkgs.org/download/epylog. Retrieved 2017-04-19. Epylog in the CentOS Repositories
- ↑ "SWATCH". debian. https://packages.debian.org/search?keywords=swatch. Retrieved 2017-04-17. SWATCH is notable because it's part of Debian and Fedora
- ↑ "SWATCH". Ubuntu. http://packages.ubuntu.com/search?keywords=swatch. Retrieved 2017-04-19. SWATCH in the Ubuntu Repositories
- ↑ "SWATCH". Ubuntu. https://pkgs.org/download/swatch. Retrieved 2017-04-19. SWATCH in the CentOS Repositories
- ↑ "Sagan". Ubuntu. http://packages.ubuntu.com/search?keywords=sagan. Retrieved 2017-04-19. Sagan in the Ubuntu Repositories
- ↑ "AIDE". Ubuntu. http://packages.ubuntu.com/search?keywords=aide. Retrieved 2017-04-19. AIDE in the Ubuntu Repositories
- ↑ "AIDE". Ubuntu. https://pkgs.org/download/aide. Retrieved 2017-04-19. AIDE in the CentOS Repositories
- ↑ "Tripwire". Ubuntu. http://packages.ubuntu.com/search?keywords=tripwire. Retrieved 2017-04-19. Tripwire in the Ubuntu Repositories
- ↑ "Tripwire". Ubuntu. https://pkgs.org/download/tripwire. Retrieved 2017-04-19. Tripwire in the CentOS Repositories
- ↑ "Tripwire". Ubuntu. http://packages.ubuntu.com/search?keywords=tiger. Retrieved 2017-04-19. Tripwire in the Ubuntu Repositories
- ↑ Last updated
External links
![]() | Original source: https://en.wikipedia.org/wiki/Host-based intrusion detection system comparison.
Read more |