Re: Linux based HIDS

From: Nicolas Delon (delon.nicolas_at_wanadoo.fr)
Date: 10/25/03

  • Next message: Michael Stone: "Re: Announcement: Alert Verification for Snort" 
    Date: Sat, 25 Oct 2003 09:05:37 +0200
To: Milind Nanal <milindyn@rolta.com>

    Milind Nanal wrote:
    > Hi,

    Hello,

    > I am looking for good , free , open source HIDS for Linux server. The tool
    > which detects :-
    >
    > Attacks on Red Hat Linux OS.
    > Analysis system log
    > Carry our file level audit (like tripwire)
    >
    > all in one product.

    <disclaimer>
    I am a Prelude-IDS developer
    </disclaimer>

    You can use prelude-lml to analyze log files.
    prelude-lml is a component of Prelude-IDS, an open source hybrid and
    distributed IDS under the GPL license.
    Prelude-IDS provides two main sensors:
    * prelude-lml (syslog files analyze via rulesets)
    * prelude-nids (an NIDS which is snort rules compliant)

    Despite tripwire is not Prelude-IDS aware for the moment, it could be
    patched to using libprelude (the core library of each Prelude-IDS
    programs) and thus, reports alerts to a prelude manager.

    Prelude-IDS: http://www.prelude-ids.org

    Best regards. 

    -- 
"The only way to stop open source is to make it illegal." - Bruce Perens
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 
and use priority code SF4.
---------------------------------------------------------------------------
  • Next message: Michael Stone: "Re: Announcement: Alert Verification for Snort"