AIDE or OSSEC on CentOS 5.4 x86_64?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Starting with a fresh load and after I finish hardening the load
following the Center for Internet Security (CIS) guidance, I'm wondering
whether AIDE or OSSEC would be a better intrusion detection system.

I installed AIDE and did a quick test of AIDE and after initializing the
db and applying the recent cups update, I found that 1700+ files had
changed.  Those are a lot of changes to wade through to determine if
they are legit or not. If that is all that AIDE can do, then it is not
"manageable."

Seems to me that any IDS must be tied to the yum update process so that
one is not dealing with hundreds/thousands of changes that were brought
in by a yum update that I choose to apply.

Is OSSEC any less noisy?

DaveM


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux