Does anybody/has anybody used Samhain.. a HIDS similar to Tripwire
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does anybody/has anybody used Samhain.. a HIDS similar to Tripwire
Hi All,
I've been looking at quite some time for a HIDS like tripwire but also to know if there are better alternatives or if everyone just uses tripwire. I'm not paying out for the enterprise version of tripwire and just wondered what other people have done that use HIDS's, and if you've tried Samhain?
ie what is it like...whats your preferred if any?
Cheers
Last edited by helptonewbie; 08-29-2008 at 02:28 AM.
tripwire doesn't compare to *anything* anymore in terms of license, development or whatever other criteria. I'd like to divide this type of filesystem integrity checkers in passive and active applications: Aide could be a replacement in terms of ease of configuration and execution speed but it is passive, meaning you have to schedule runs. For alternatives see Osiris or Integrit. Samhain is a daemon, a continuously running process, and offers features most others don't have like its own LKM for checking kernel structures, a client-server setup, integrity checking and protection of itself using process hiding, encryption and steganography. Which one you choose could depend on 0) the purpose of the machine (who accesses what), 1) what security posture the already machine has (hardening) and 2) auditing requirements and maintenance trade-offs (for instance Samhain's LKM needs to be recompiled for each kernel upgrade).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.