Re: Light weight IDSes and then some
On 2005-07-15 @ 11:58:26 (week 28) George P Boutwell wrote:
> The Security Debian How-To mentions Tripwire. Looking at AIDE and
> Tripwire in the debian packages repositories it's hard to tell the
> difference. I'm sure they both do the job, anyone with experience
> with both these packages can describe some of the pros and cons of
I am gonna make things even more difficult for you... `;-)
I choose samhain over both for my systems because it has some nice
features I preferred to have. Like signing of the config and database
files and elaborate logging facilities. Here's a link to a comparison:
http://www.la-samhna.de/library/scanners.html. This page was written by
the author of samhain, but seems to be reasonably unbiased.
It is in the repository, so a simple "apt-get install" (or nowadays
"wajig install" for me) will let you try it out.
Mind you, if you had to regularly check a lot of systems I might still
choose commercial tripwire because of its good central maintenance
capabilities. The only drawback to that is that those administration
tools were only available for "that other OS" the last time I setup a
large environment with it (which was not too recently).