Re: Linux based HIDS

[Nicolas Delon <delon.nicolas () wanadoo fr>]

Milind Nanal wrote:
> Hi,

Hello,

> I am looking for good , free , open source HIDS for Linux server. The tool
> which detects :-
>
> Attacks on Red Hat Linux OS. 
> Analysis system log
> Carry our file level audit (like tripwire) 
>
> all in one product. 

<disclaimer>
I am a Prelude-IDS developer
</disclaimer>

You can use prelude-lml to analyze log files.
prelude-lml is a component of Prelude-IDS, an open source hybrid and 
distributed IDS under the GPL license.
Prelude-IDS provides two main sensors:
* prelude-lml (syslog files analyze via rulesets)
* prelude-nids (an NIDS which is snort rules compliant)

Despite tripwire is not Prelude-IDS aware for the moment, it could be 
patched to using libprelude (the core library of each Prelude-IDS 
programs) and thus, reports alerts to a prelude manager.

Prelude-IDS: http://www.prelude-ids.org

Best regards.

--
"The only way to stop open source is to make it illegal." - Bruce Perens


---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 
and use priority code SF4.
---------------------------------------------------------------------------