|
I really like OSSEC. It's licensed under GPL V3. The agent runs on multiple platforms. It's easy to install, relatively easy to configure. The agent is a self-contained HIDS, rootkit detector, log and file monitor. It can also decode Snort, Cisco PIX/ASA, IPTables, and a a whole lot of other logs. This means that it can act as a centralized security monitoring and alerting system. There are tons of other features that I'm not going to mention here. Oh yeah, and you can get commercial support for it if needed. ----- Jeremy Melanson |
Quoting Boyd Stephen Smith Jr. (bss@iguanasuicide.net): > I inherited a tripwire installation at some point. It was one mail message > per day (and if you didn't get that message you knew something was wrong). > > It required a bit of tuning to not report errors regularly, but once I spent > that time it was fairly hands-off. One way to use Tripwire in conjunction with a slightly more modern and lightweight file-based IDS alongside it: http://linuxgazette.net/issue98/moen.html (That article is not, however, a comparative review, which is apparently what the original poster is seeking.) -- Cheers, Notice: The value of your Hofstadter's Constant Rick Moen (the average amount of time you spend each month rick@linuxmafia.com thinking about Hofstadter's Constant) has just McQ! (4x80) been adjusted upwards.