To all: Now that an executive for a respected System Security auditing system for linux replied to me that the best bet was to look for intrusion detection software, I am soliciting comments upon a "free" or reasonably priced (< $100) package.
I just came across this now from Comparitech : Here’s our list of the Best Intrusion Detection System Software and Tools: 1. SolarWinds Security Event Manager EDITOR’S CHOICE Analyzes logs from Windows, Unix, Linux, and Mac OS systems. It manages data collected by Snort, including real-time data. SEM is also an intrusion prevention system, shipping with over 700 rules to shut down malicious activity. An essential tool for improving security, responding to events and achieving compliance. ( I checked $2613 to start) 2. CrowdStrike Falcon (FREE TRIAL) A cloud-based endpoint protection platform that includes threat hunting. 3. ManageEngine EventLog Analyzer (FREE TRIAL) A log file analyzer that searches for evidence of intrusion. 4. Snort Provided by Cisco Systems and free to use, leading network-based intrusion detection system software. 5. OSSEC Excellent host-based intrusion detection system that is free to use. 6. Suricata Network-based intrusion detection system software that operates at the application layer for greater visibility. 7. Zeek Network monitor and network-based intrusion prevention system. 8. Sagan Log analysis tool that can integrate reports generated on snort data, so it is a HIDS with a bit of NIDS. 9. Security Onion Network monitoring and security tool made up of elements pulled in from other free tools. 10. AIDE The Advanced Intrusion Detection Environment is a HIDS for Unix, Linux, and Mac OS OpenWIPS-NG Wireless NIDS and intrusion prevention system from the makers of Aircrack-NG. 11. Samhain Straightforward host-based intrusion detection system for Unix, Linux, and Mac OS. 12. Fail2Ban Lightweight host-based intrusion detection software system for Unix, Linux, and Mac OS. Any comments on the above? Is OSSEC a good choice? I have 2 linux systems which need intrusion detection (and probably network intrusion detection) Randall
