IDS mailing list archives
Re: Best Host IDS Tools
From: Bryan Strong <bstrong () packetshield net>
Date: Tue, 24 Dec 2002 14:01:20 -0700
frank wrote:
I have just setup my Web server on solaris platform and is planning to deploy a freeware IDS. Now I am evaluating the below IDS tools :- AIDE Snort Tripwire Chkrootkit
Frank, you may also want to check out: *Samhain: File integrity / suid checker (la-samhna.de/samhain/) *Prelude IDS: "hybrid" IDS system with both network and host based components (log monitoring on the host side) (www.prelude-ids.org) *The Honeynet project has several very useful tools worth checking out (http://www.honeynet.org/papers/honeynet/tools/) *Since you are running this on a Solaris box you may want to enable BSM auditing. I don't recall the specific system resource requirements, certainly disk space is a significant issue, but you can get a lot of useful information from this level of auditing, Part of the benefit of checking out Samhain and Prelude is that they both natively support sending gathered information to a backend server running a MySQL or PostgreSQL database and also support a secure communication channel between the reporting and receiving hosts. Hope this helps -Bryan Strong
Current thread:
- Best Host IDS Tools frank (Dec 24)
- Re: Best Host IDS Tools Bryan Strong (Dec 27)
- RE: Best Host IDS Tools Rob Shein (Dec 27)
- Re: Best Host IDS Tools Frank Knobbe (Dec 27)
- Re: Best Host IDS Tools Jerry (Dec 27)
- Re: Best Host IDS Tools Frank Cheong (Dec 27)