[CentOS] AIDE or OSSEC on CentOS 5.4 x86_64?
David McGuffey
davidmcguffey at verizon.netSat Nov 28 23:57:22 UTC 2009
- Previous message: [CentOS] CentOS-announce Digest, Vol 57, Issue 12
- Next message: [CentOS] AIDE or OSSEC on CentOS 5.4 x86_64?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Starting with a fresh load and after I finish hardening the load following the Center for Internet Security (CIS) guidance, I'm wondering whether AIDE or OSSEC would be a better intrusion detection system. I installed AIDE and did a quick test of AIDE and after initializing the db and applying the recent cups update, I found that 1700+ files had changed. Those are a lot of changes to wade through to determine if they are legit or not. If that is all that AIDE can do, then it is not "manageable." Seems to me that any IDS must be tied to the yum update process so that one is not dealing with hundreds/thousands of changes that were brought in by a yum update that I choose to apply. Is OSSEC any less noisy? DaveM
- Previous message: [CentOS] CentOS-announce Digest, Vol 57, Issue 12
- Next message: [CentOS] AIDE or OSSEC on CentOS 5.4 x86_64?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list