[CentOS] AIDE or OSSEC on CentOS 5.4 x86_64?

David McGuffey davidmcguffey at verizon.net
Sat Nov 28 23:57:22 UTC 2009


Starting with a fresh load and after I finish hardening the load
following the Center for Internet Security (CIS) guidance, I'm wondering
whether AIDE or OSSEC would be a better intrusion detection system.

I installed AIDE and did a quick test of AIDE and after initializing the
db and applying the recent cups update, I found that 1700+ files had
changed.  Those are a lot of changes to wade through to determine if
they are legit or not. If that is all that AIDE can do, then it is not
"manageable."

Seems to me that any IDS must be tied to the yum update process so that
one is not dealing with hundreds/thousands of changes that were brought
in by a yum update that I choose to apply.

Is OSSEC any less noisy?

DaveM




More information about the CentOS mailing list