Investigating HIDS Options
Posted by Stuart Herbert @ 12:32 AM, Sat 14 Oct 06
Filed under: LAMP Server
3 Comments
One of the things that we need in the LAMP Server seed is a host-based intrusion detection system. It’s not the sort of tool that I’ve played with before; it’s nice to get to learn something new for a change 
One of the packages I’m evaluating is ossec-hids. I’ve put together a basic package for this in my overlay (layman -a stuart-server). If I decide to take on the responsibility of maintaining this package longer term, I’ll move it across to the main Portage tree.
Samhain is also on the list, as is rkhunter. Any other packages I should be looking at?
3 comments »