Host Intrusion Detection System in FreeBSD

Host Intrusion Detection System in FreeBSD
Also called Host IDS or just HIDS
Lars Sommer, lasg@lasg.dk, 2009-01-07
DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining.

In ports in security, there are several HIDS utilities:
aide
integrit
osiris
ossec-hids-local
samhain

But which should I use, and why?

——

aide

Aide aims to be a Tripwire ripoff, and a bit more.
It is _very_ easy to install and configure.

Installation:
pkg_add -r aide
or build the port security/aide

Configuration:
cd /var/db/aide
aide –init
mv databases/aide.db.new databases/aide.db
Take a look in the config file /usr/local/etc/aide.conf

Usage:
Run with “aide”
Should be a cronjob
e.g.:
10 20 * * 2 root /usr/local/bin/aide > /var/log/aide.log

Further help:
aide -h
or the website http://www.cs.tut.fi/~rammer/aide/manual.html

——

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>