I am looking at host based intrusion detection systems and have concluded that Samhain and Osiris are ahead of the pack as they have central management features which are a big plus.
I need to monitor quite a lot of linux servers, and ideally a bunch of Windows servers too.
After quite a lot of googling I'm still no wiser, as both seem to have their trade offs. Only Osiris has a proper windows agent (samhain needs cygwin which I am reluctant to go round installing just for this). On the other hand osiris doesn't even sign it's config or baseline.
I'd like to know people's experiences; what have you used and which do you think is better?
Opinions welcome.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Samhain vs Osiris? Opinions welcome.
- Humbletech99
- Posts: 365
- Joined: 2005-12-29 00:03
- Humbletech99
- Posts: 365
- Joined: 2005-12-29 00:03
I used osiris for a few months, the central managment is nice but I didn't like having to open the osiris port on all the machines and I found it difficult to tweak the configs to get rid of the false positives.
I've been trying out ossec.net and so far I like it, easy to tweak and has a good Windows agent.
I've been trying out ossec.net and so far I like it, easy to tweak and has a good Windows agent.