IDS mailing list archives

Re: Best Host IDS Tools

From: Bryan Strong <bstrong () packetshield net>
Date: Tue, 24 Dec 2002 14:01:20 -0700

frank wrote:

I have just setup my Web server on solaris platform and is planning to
deploy a freeware IDS. Now I am evaluating the below IDS tools :-
AIDE
Snort
Tripwire
Chkrootkit

Frank, you may also want to check out:
*Samhain: File integrity / suid checker (la-samhna.de/samhain/)
*Prelude IDS: "hybrid" IDS system with both network and host based
components (log monitoring on the host side) (www.prelude-ids.org)
*The Honeynet project has several very useful tools worth checking out
(http://www.honeynet.org/papers/honeynet/tools/)
*Since you are running this on a Solaris box you may want to enable BSM
auditing. I don't recall the specific system resource requirements,
certainly disk space is a significant issue, but you can get a lot of
useful information from this level of auditing,

Part of the benefit of checking out Samhain and Prelude is that they
both natively support sending gathered information to a backend server
running a MySQL or PostgreSQL database and also support a secure
communication channel between the reporting and receiving hosts.

Hope this helps -Bryan Strong

Current thread:

Best Host IDS Tools frank (Dec 24)
- Re: Best Host IDS Tools Bryan Strong (Dec 27)
- RE: Best Host IDS Tools Rob Shein (Dec 27)
- Re: Best Host IDS Tools Frank Knobbe (Dec 27)
- Re: Best Host IDS Tools Jerry (Dec 27)
  - Re: Best Host IDS Tools Frank Cheong (Dec 27)