Samhain vs Osiris? Opinions welcome.

Kernels & Hardware, configuring network, installing services

Samhain vs Osiris? Opinions welcome.

Postby Humbletech99 » 2007-01-01 22:04

I am looking at host based intrusion detection systems and have concluded that Samhain and Osiris are ahead of the pack as they have central management features which are a big plus.

I need to monitor quite a lot of linux servers, and ideally a bunch of Windows servers too.

After quite a lot of googling I'm still no wiser, as both seem to have their trade offs. Only Osiris has a proper windows agent (samhain needs cygwin which I am reluctant to go round installing just for this). On the other hand osiris doesn't even sign it's config or baseline.


I'd like to know people's experiences; what have you used and which do you think is better?


Opinions welcome.
The Human Equation:

value(geeks) > value(mundanes)
User avatar
Humbletech99
 
Posts: 365
Joined: 2005-12-29 00:03

Re: Samhain vs Osiris? Opinions welcome.

Postby kruk » 2009-04-03 01:40

Did you get any answer? What have you taken?

Tks
kruk
 
Posts: 10
Joined: 2008-09-12 02:41

Postby Humbletech99 » 2009-04-03 10:33

I used Osiris for a couple of years, but then I got sick of the abandonware and stopped using it.

Seems you can't always get everything you want in open source...
The Human Equation:

value(geeks) > value(mundanes)
User avatar
Humbletech99
 
Posts: 365
Joined: 2005-12-29 00:03

Postby shoof » 2009-04-03 13:58

I used osiris for a few months, the central managment is nice but I didn't like having to open the osiris port on all the machines and I found it difficult to tweak the configs to get rid of the false positives.

I've been trying out ossec.net and so far I like it, easy to tweak and has a good Windows agent.
shoof
 
Posts: 379
Joined: 2006-09-08 20:41
Location: My chair


Return to System configuration

Who is online

Users browsing this forum: No registered users and 4 guests

fashionable