Also called Host IDS or just HIDS
Lars Sommer, [email protected], 2009-01-07
DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining.
In ports in security, there are several HIDS utilities: aide integrit osiris ossec-hids-local samhain But which should I use, and why? ------ aide Aide aims to be a Tripwire ripoff, and a bit more. It is _very_ easy to install and configure. Installation: pkg_add -r aide or build the port security/aide Configuration: cd /var/db/aide aide --init mv databases/aide.db.new databases/aide.db Take a look in the config file /usr/local/etc/aide.conf Usage: Run with "aide" Should be a cronjob e.g.: 10 20 * * 2 root /usr/local/bin/aide > /var/log/aide.log Further help: aide -h or the website http://www.cs.tut.fi/~rammer/aide/manual.html
