LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-29-2008, 01:40 AM   #1
helptonewbie
Member
 
Registered: Aug 2006
Location: England Somewhere
Distribution: Mandriva, PCLinuxOS, Karoshi, Suse, Redhat, Ubuntu
Posts: 518

Rep: Reputation: 39
Question Does anybody/has anybody used Samhain.. a HIDS similar to Tripwire


Hi All,
I've been looking at quite some time for a HIDS like tripwire but also to know if there are better alternatives or if everyone just uses tripwire. I'm not paying out for the enterprise version of tripwire and just wondered what other people have done that use HIDS's, and if you've tried Samhain?

ie what is it like...whats your preferred if any?

Cheers

Last edited by helptonewbie; 08-29-2008 at 02:28 AM.
 
Old 08-30-2008, 12:15 AM   #2
aus9
Guru
 
Registered: Oct 2003
Posts: 5,056

Rep: Reputation: Disabled
you may have better luck searching the security forum?
or the security references sticky at the sec forum?
 
Old 08-30-2008, 04:49 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,293
Blog Entries: 54

Rep: Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855Reputation: 2855
tripwire doesn't compare to *anything* anymore in terms of license, development or whatever other criteria. I'd like to divide this type of filesystem integrity checkers in passive and active applications: Aide could be a replacement in terms of ease of configuration and execution speed but it is passive, meaning you have to schedule runs. For alternatives see Osiris or Integrit. Samhain is a daemon, a continuously running process, and offers features most others don't have like its own LKM for checking kernel structures, a client-server setup, integrity checking and protection of itself using process hiding, encryption and steganography. Which one you choose could depend on 0) the purpose of the machine (who accesses what), 1) what security posture the already machine has (hardening) and 2) auditing requirements and maintenance trade-offs (for instance Samhain's LKM needs to be recompiled for each kernel upgrade).
 
Old 08-31-2008, 02:44 AM   #4
reddazz
Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 73
Moved: This thread is more suitable in Linux Security and has been moved accordingly to help your thread/question get the exposure it deserves.
 
Old 09-12-2008, 12:43 PM   #5
helptonewbie
Member
 
Registered: Aug 2006
Location: England Somewhere
Distribution: Mandriva, PCLinuxOS, Karoshi, Suse, Redhat, Ubuntu
Posts: 518

Original Poster
Rep: Reputation: 39
Hi unspawn, thanks for the info...there's one there (Osiris) that i've not even heard of yet so i'll take a look a that too.

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
what can or can't OSSEC do compare to samhain? kissfreeman Linux - Newbie 3 06-19-2008 07:56 AM
Protecting my HIDS databases PlatinumX Linux - Security 9 05-29-2008 11:25 AM
Is anyone using Samhain with centralized logging? abefroman Linux - Security 6 04-10-2008 12:40 PM
Samhain vs Osiris? Opinions welcome. humbletech99 Linux - Security 1 01-02-2007 03:49 AM
tripwire reports /usr/sbin/tripwire changed alfaalfabeta Linux - Security 5 07-22-2003 05:52 PM


All times are GMT -5. The time now is 07:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration