Starting with a fresh load and after I finish hardening the load following the Center for Internet Security (CIS) guidance, I'm wondering whether AIDE or OSSEC would be a better intrusion detection system. I installed AIDE and did a quick test of AIDE and after initializing the db and applying the recent cups update, I found that 1700+ files had changed. Those are a lot of changes to wade through to determine if they are legit or not. If that is all that AIDE can do, then it is not "manageable." Seems to me that any IDS must be tied to the yum update process so that one is not dealing with hundreds/thousands of changes that were brought in by a yum update that I choose to apply. Is OSSEC any less noisy? DaveM _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
AIDE or OSSEC on CentOS 5.4 x86_64?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: AIDE or OSSEC on CentOS 5.4 x86_64?
- From: David McGuffey <davidmcguffey@xxxxxxxxxxx>
- Date: Sat, 28 Nov 2009 18:57:22 -0500
- Delivered-to: centos@xxxxxxxxxx
- Follow-Ups:
- Re: AIDE or OSSEC on CentOS 5.4 x86_64?
- From: John Horne
- Re: AIDE or OSSEC on CentOS 5.4 x86_64?
- From: Rob Kampen
- Re: AIDE or OSSEC on CentOS 5.4 x86_64?
- From: Brian Mathis
- Re: AIDE or OSSEC on CentOS 5.4 x86_64?
- From: mark
- Re: AIDE or OSSEC on CentOS 5.4 x86_64?
- From: Alan Sparks
- Re: AIDE or OSSEC on CentOS 5.4 x86_64?
- Prev by Date: Re: Fedora 11 i386 Evolution address book --> CentOS 5.4 x86_64
- Next by Date: Re: Fedora 11 i386 Evolution address book --> CentOS 5.4 x86_64
- Previous by thread: CentOS-announce Digest, Vol 57, Issue 12
- Next by thread: Re: AIDE or OSSEC on CentOS 5.4 x86_64?
- Index(es):
 |