Re: Best Host IDS Tools

frank wrote:

> I have just setup my Web server on solaris platform and is planning to

You have 4 different intent tools listed..

AIDE is indeed a host ids...I have tested it, but not had the chance to really deploy it. AIDE looks at all aspects of the system,: file space (user induced DOS), password files, etc.

Snort is a NETWORK IDS, not really a host IDS. Snort only alerts/captures based on network traffic.

Tripwire is used to make sure critical files have not changed via checksum processes. This tool knows nothing of
network intrusions, etc.

Chkrootkit is a tool used to scan a system fro KNOWN traces of root kits.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

In truth, you need to deploy ALL of them for a nearly true secure environment.

--
------------------------------------------------------------------
Jerry Litteer
Cyber Security Office             e-mail:  gll@inel.gov
Idaho National Engineering and Environmental Lab. (INEEL)
POB 1625 M.S. 3640                Phone: (208) 526-9117
Idaho Falls, Id. 83415-3640       FAX:   (208) 526-9366