Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820
Rep:
I have never used prelude, as snort has been very good to me and I haven't found a reason to look elsewhere. Buy the Snort book from syngress and you can set up a mean IDS.
Your poll makes absolutely no sense. X vs Y? What are your grounds for this comparison? What makes one better than another? You can't just ask a question and not give us your own views.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Prelude also does HIDS if my recollection is correct. It has a little bit wider scope of coverage than Snort. On the other hand, Snort detects a lot more type of network attacks than Prelude does. It really depends on what you're trying to accomplish.
Prelude differs from Snort in that it uses a server-client (agent) setup. Prelude can do (or has hooks to) do more than be an (distributed) IDS agent: it can do filesystem integrity checking (like Aide, Samhain, Osiris, Integrit, tripwire) and IIRC rule-based policying (or interaction with) Niels Provos' Systrace. Both are similar in the fact they only do (mainly static) signature or rule-based matching (exaggerating), meaning there's no extensive built-in analysis and no decision logic to for instance automate the next step and (intelligently) correct or actively block traffic. Signature and rule-based also means in this respect that your detection capabilities are as strong as the rulesets and signatures you build. AFAIK products like Forestorm, Prelude etc etc are lagging behind compared to Snort when it comes to active community-based rule development (take a look on the snort-signatures mailinglist).
One of the things typically *NIX is to have one binary perform one task, and perform that task well. For reasons of widespread acceptance, large support community, active development, maturity, performance and the one taks thing I choose Snort anytime.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.