LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 06-17-2008, 04:47 AM   #1
kissfreeman
LQ Newbie
 
Registered: Aug 2007
Posts: 8

Rep: Reputation: 0
Question what can or can't OSSEC do compare to samhain?


I would like to know if OSSEC can monitor changes(file integrity)on:
BIND
DNS
HTTPD
SHADOW
PASSWORD
MYSQL

And compare to samhain; which will be good for isp servers?

Thank u much
 
Old 06-17-2008, 07:21 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,671
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
Quote:
Originally Posted by kissfreeman View Post
I would like to know if OSSEC can monitor changes(file integrity)on
Yes it can: see sys_check examples.


Quote:
Originally Posted by kissfreeman View Post
And compare to samhain; which will be good for isp servers?
Care to a) define "good" and b) what the criteria are for "ISP servers"?
 
Old 06-18-2008, 03:39 PM   #3
kissfreeman
LQ Newbie
 
Registered: Aug 2007
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Care to a) define "good" and b) what the criteria are for "ISP servers"?
I work for Internet Service Provider and most of the servers are linux. I want to know which does better jobs as a HIDS application.
I already started testing OSSEC I like what it does.
 
Old 06-19-2008, 08:56 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,671
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
While Samhain and OSSEC HIDS can be compared qualitatively where there is feature overlap, they are two different products. A decision for a product should IMHO not be made "liking" it, which is a subjective criterium, but be based on objective criteria like mandatory features (cross-platform, client-server paradigm, architecture, product maturity and maintenance, community support, scaling, performance, et cetera), usage requirements (tamper recognition and resilience, LKM detection, log anomaly detection, continuous detection coverage, signature to FP ratio, custom rules, SOX/HIPAA/PCI-DSS compliance, et cetera) and restrictions (not Python, not Lua, not Perl, not cronjob, not kernel-specific, not relying on third party tools, no install necessary, et cetera).

With all due respect, but only saying "good" or "does better jobs" leads me to believe you didn't really think about it or didn't do any research. If that's the case you best start with that, else posting what three criteria are most important in your situation is a start for properly determining what you need.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is anyone using Samhain with centralized logging? abefroman Linux - Security 6 04-10-2008 01:40 PM
blocking false ssh users with ossec txm123 Linux - Newbie 2 07-31-2007 03:51 PM
SELinux puts ip into hosts.deny when accessing ossec web interface kav Linux - Software 3 04-21-2007 02:05 PM
Samhain vs Osiris? Opinions welcome. humbletech99 Linux - Security 1 01-02-2007 04:49 AM
OSSEC report - is this OKAy? Old_Fogie Linux - Security 7 10-23-2006 07:03 AM


All times are GMT -5. The time now is 08:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration