On Sat, Mar 23, 2019 at 8:24 AM <[email protected]> wrote: > > Based on what I am reading, I would replace AIDE, PSAD, Fail2Ban, rkhunter > and chkrootkit with OSSEC. Is my understanding correct? > > And then, if I am using UFW, I would have to update OSSEC to ban IPs through > UFW instead of through iptables directly. > > So then all I would need is UFW, OSSEC, and ClamAV (for AV). > > Thoughts? >
OSSEC does similar things to aide. I prefer OSSEC, but aide does have some features OSSEC does not (more hash algorithms). OSSEC does not monitor the network, so probably can't replace psad. Depending on the logs psad produces, you might be able to read them with OSSEC. I don't know of any features fail2ban has that OSSEC doesn't, but I also haven't looked into it very much. rkhunter and chkrootkit probably have newer/more up to date databases than OSSEC does. If you're using ufw, you will have to update the scripts. I don't see any ufw mentions in the current scripts with a quick grep. Updates to the script to support ufw might be useful for the entire project too (possible easy contribution). > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
