[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What is the best free HIDS for Debian

On Mon, May 2, 2022 at 11:36 AM Sylvain <ssecherre@free.fr> wrote:
> Hello everyone !
> I unsuccessfully tried Tripwire, Aide, Integrit and now OSSEC and OSSEC+.
> All these softs throw errors while running or compiling on my Debian 11.3...
> So can you tell me if there is another free HostBase Intrusion Detection
> System.

Would definitely be good to know more detail on the issues you're
encountering with a pretty broad spectrum of tooling here.

I also recommend you take a look at osquery: https://osquery.io/

I'd also recommend a look at Wazuh as others have mentioned.

Another suggestion in the thread:

> Did you try Suricata?

This isn't HIDS, it's NIDS (network), but it's valuable nonetheless.
It's best deployed on a network perimeter or similar segment level to
protect multiple hosts. Particularly when running larger size
rulesets, memory consumption can be significant, so it may not be
suited for protecting each individual host in a fleet.

Darren Spruell

Reply to: