Samhain and Wazuh

vuthanhtu · 12-16-2023, 10:32 PM

Hello everyone
I am a student. My thesis is compare samhain and wazuh. my teacher said me to demonstrate an easy attack and detect with samhain and wazuh. but i dont have idea and my knowledge of samhain is very basic. Please hint me and help me to detect this (i will custom this)

rkelsen · 12-16-2023, 11:46 PM

Posting homework questions is against the rules here.

pan64 · 12-19-2023, 09:43 AM

don't forget to read the rules:
Do not post homework assignments verbatim. We're happy to assist if you have specific questions or have hit a stumbling point, however. Let us know what you've already tried and what references you have used (including class notes, books, and searches) and we'll do our best to help. Keep in mind that your instructor might also be an LQ member.

TB0ne · 12-19-2023, 10:09 AM

Quote:

Originally Posted by vuthanhtu

Hello everyone
I am a student. My thesis is compare samhain and wazuh. my teacher said me to demonstrate an easy attack and detect with samhain and wazuh. but i dont have idea and my knowledge of samhain is very basic. Please hint me and help me to detect this (i will custom this)

So if we look things up for you, and write things for you, you'll 'custom' it and turn it in?? When do you actually learn, if this is your 'thesis'???

pan64 · 12-19-2023, 10:17 AM

Quote:

Originally Posted by TB0ne

So if we look things up for you, and write things for you, you'll 'custom' it and turn it in?? When do you actually learn, if this is your 'thesis'???

Don't be so harsh, it is Xmas time here.
As an example, my brother (as a geophysicist) helped his wife write her thesis (that is, he wrote it for her) on an interesting part of Chinese cultural history.

TB0ne · 12-19-2023, 10:24 AM

Quote:

Originally Posted by pan64

Don't be so harsh, it is Xmas time here.
As an example, my brother (as a geophysicist) helped his wife write her thesis (that is, he wrote it for her) on an interesting part of Chinese cultural history.

The OP showed zero effort, and its far different helping ones spouse, rather than asking volunteers on a forum to not only research things, but write it up too. A hand up is different than a hand-out.

business_kid · 12-19-2023, 10:32 AM

Quote:

Originally Posted by TB0ne

So if we look things up for you, and write things for you, you'll 'custom' it and turn it in?? When do you actually learn, if this is your 'thesis'???

In my days as an Electronics techie, I met far too many engineers who had got their degrees and their jobs that way. Then they hired a techie (me) to do their work.

My vote goes to letting him learn now. Otherwise, with no clue about his thesis, and passing his exams by Knowledge Bulimia (cram it for the test, forget it after), we would be complicit in giving him a counterfeit degree.

jkirchner · 12-19-2023, 01:29 PM

Samhain and Wazuh, didn't they go with Bilbo to take down Smaug?

vuthanhtu · 12-19-2023, 11:24 PM

Sorry for my question.
I done my thesis about 80%, Wazuh is can do it, but Samhain is difficult for me. I read Samhain documentation but I have no idea to compare with Wazuh.

GentleThotSeaMonkey · 12-19-2023, 11:43 PM

ChatGPT will not be annoyed by you asking it homework questions!

Quote:

Samhain and Wazuh are both security tools, but they serve different purposes.

1. **Samhain:**
- **Type:** Host-based intrusion detection system (HIDS).
- **Functionality:** Monitors system logs, file integrity, and detects suspicious activity on individual hosts.
- **Use Cases:** Focuses on host-level security, providing alerts for potential intrusions or unauthorized changes on a specific system.
- **Features:** File integrity checking, log analysis, rootkit detection.

2. **Wazuh:**
- **Type:** Integrated security information and event management (SIEM) solution.
- **Functionality:** Offers a broader scope, collecting and analyzing logs from various sources across a network to provide a comprehensive security overview.
- **Use Cases:** Suitable for centralized monitoring and management of security events across multiple systems.
- **Features:** Log analysis, intrusion detection, vulnerability detection, threat intelligence.

In summary, Samhain is more focused on individual host security with an emphasis on file integrity and log analysis, while Wazuh is a comprehensive SIEM solution that covers a wider range of security aspects across a network. The choice between them depends on your specific security needs and the scale of your environment.

vuthanhtu · 12-20-2023, 01:08 AM

I have install Diamorphine rootkit but Samhain can not detect that, only policy ADD FILE
(version 3.0.1 and Ubuntu 18.04).
Link references: https://www.linuxquestions.org/quest...logins-925639/

CRIT : [2023-12-20T13:33:06+0700] msg=<POLICY ADDED>, path=</usr/lib/git-core/mergetools/examdiff>, mode_new=<-rw-r--r-->, attr_new=<------------>, imode_new=<33188>, iattr_new=<0>, hardlinks_new=<1>, idevice_new=<0>, inode_new=<1055470>, owner_new=<root>, iowner_new=<0>, group_new=<root>, igroup_new=<0>, size_old=<0>, size_new=<336>, ctime_new=<[2023-12-20T06:28:00]>, atime_new=<[2023-12-20T06:29:14]>, mtime_new=<[2023-04-26T14:14:45]>, chksum_new=<1F9F0C042946EEBD8A49A62211A8A67F8375244F7AF0D659>
CRIT : [2023-12-20T13:33:06+0700] msg=<POLICY ADDED>, path=</usr/lib/git-core/mergetools/diffuse>, mode_new=<-rw-r--r-->, attr_new=<------------>, imode_new=<33188>, iattr_new=<0>, hardlinks_new=<1>, idevice_new=<0>, inode_new=<1055378>, owner_new=<root>, iowner_new=<0>, group_new=<root>, igroup_new=<0>, size_old=<0>, size_new=<248>, ctime_new=<[2023-12-20T06:28:00]>, atime_new=<[2023-12-20T06:29:14]>, mtime_new=<[2023-04-26T14:14:45]>, chksum_new=<7DFB9224107EA8B6DFBD106FEAD5EB6E03046E3E89A8F668>
CRIT : [2023-12-20T13:33:06+0700] msg=<POLICY ADDED>, path=</usr/lib/git-core/mergetools/ecmerge>, mode_new=<-rw-r--r-->, attr_new=<------------>, imode_new=<33188>, iattr_new=<0>, hardlinks_new=<1>, idevice_new=<0>, inode_new=<1055454>, owner_new=<root>, iowner_new=<0>, group_new=<root>, igroup_new=<0>, size_old=<0>, size_new=<306>, ctime_new=<[2023-12-20T06:28:00]>, atime_new=<[2023-12-20T06:29:14]>, mtime_new=<[2023-04-26T14:14:45]>, chksum_new=<796A3B0C62B28BF63AD39D97EB7FCD951B09532391629736>
CRIT : [2023-12-20T13:33:06+0700] msg=<POLICY ADDED>, path=</usr/lib/git-core/mergetools/gvimdiff3>, mode_new=<-rw-r--r-->, attr_new=<------------>, imode_new=<33188>, iattr_new=<0>, hardlinks_new=<1>, idevice_new=<0>, inode_new=<1055523>, owner_new=<root>, iowner_new=<0>, group_new=<root>, igroup_new=<0>, size_old=<0>, size_new=<29>, ctime_new=<[2023-12-20T06:28:00]>, atime_new=<[2023-12-20T06:29:14]>, mtime_new=<[2023-04-26T14:14:45]>, chksum_new=<7C99D84D63A772586BA0174BB87A7F0720C5B1EEEDB58D4A>