Re: Linux/*nix open source IDS

Snort is my personal favorite. It is capable of both HIDS and NIDS, with signature updates reasonably easily pulled and applied. But it is very different in nature from Tripwire. AFAIK Tripwire is more a "System File IDS" which creates a hash of files and compares to check for differences. Snort watches for bad traffic, and then either alerts or takes other actions, which allows it to act as an IDP solution of sorts. Definitely not as beautiful as a GUI from some vendor like NetScreen, but there are those available as well.

Hello,

I am interested in implementing an open source IDS for a Linux/*nix system and have been looking into various different ones and the sort of critiques they have received. Some of the products I am considering are Tripwire, AIDE, Samhain, Integrit, and Osiris. Because I had not been able to find very much commentary about such packages (except for Tripwire), I would like to ask what sort of experiences anyone has had with them and how they compare with one another. Alternatively, if you can point me to where I can find such information, that would also be much appreciated.

Since the choice of an IDS depends on the system it is used to monitor, I should say I am presently just looking for something to protect my stand-alone Linux box, but I would like to learn what works for larger systems running any sort of *nix.

• Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
• Automatically Control P2P, IM and Spam Traffic
• Ensure Reliable Performance of Mission Critical Applications Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.captusnetworks.com/ads/31.htm