I am new in terms of Host-based Intrusion Detection System. I have done little reading on these Open Source HIDS e.g. Samhain, Osiris, OSSEC, aide and Tripwire. I just want to know which of these application would be best to install in which server for e.g. Mail Server or Web server or Windows server 2003 -2008 etc. I just want to know these days which application give the best performance and which one would be easier to use.

I would appreciate if i could get links or as much information as possible.

I'm new so please don't mind for my mistakes.

Which server would it be best to install Open Source Host-based Application System. I know that answer can be any. I am new to installing HIDS on a server so I want to know in which server it would be easy to install and monitor it's file integrity and others stuffs as well.

You appear to have three threads on more-or-less the same subject (being new to HIDS and wanting to know roughly what/where/how to apply a HIDS). One of those has been commented by a mod for closing for a little time, although it doesn't seem to be actually closed off.

You will have gathered by now that by cross-posting, you reduce your chances of getting an answer, because people see the the multiple threads and wait until some get closed off before deciding which it will be constructive to answer. All that said, let's see whether we can tease out what you are actually asking, so that someone can help (not me, I suspect).

The implication seems to be that you have more than one server (box), and you want someone to choose from that list, or give you information that points you in the direction of which one to select. If this is true, you really want to disclose the list, or this won't happen.

All right, then I'll say 'any'. It is the easiest way out for me, and you've said that it is a possible answer... I don't really know what I am answering though, so that could easily be a stupid answer.

Presumably, you are going in to this because you think there is a threat or there are threats. Can you put the HIDS (or HIDSES?) as close to the threat, or threats, as possible?

What else is there in your system - you may have, eg, a web server, and although it is behind eg a firewall or maybe other networking apparatus, you know that you cannot stop access to that server, so there is a threat local to the web server. You probably need to be a lot more explicit about the system, because everything above is based on guesswork, and that isn't a good basis on which to work.

Note also that this will give your thread (well, this instance, anyway) a 'bump' and if you add some more useful detail, this may get the thread some more attention.

Thanks for reply. Now when I look at my question, I myself feel a bit stupid. Actually I was made confused to think that I needed to install HIDS on a server simultaneously with another server like web server or mail server etc. Maybe it can be install simultaneously but it's better we have a totally new fresh server. I think it would be best make a centralized management server to manage policies across multiple OS. Then agents can be installed in Web server, Windows Server 2003/2008, mail server, dns server etc.
This is what I was searching for. If I am right please do let me know.

I did a bit research and I am planning to test in on Vmware first then only implement it. I am planning to install 4 OS.
Ubuntu server ==> OSSEC server
Ubuntu desktop ==> OSSEC client
Windows XP SP3 ==> OSSEC Client
Windows 7 ==> OSSEC Client.

Then I'm planning to download and install malware, rootkits then try to analyse if OSSEC can easily detect them.

This is what I wanted to ask. But I was made confused and asked something else.

Now I want to know that, which of these HIDS application would be best for monitoring both windows server/host and as well as linux/unix server/host.

I have 2 threads in this forum and 1 thread in other place. From now I will be asking question in a thread and not post it on other threads.

I'm sorry I know my question was really stupid.