Host-based intrusion detection system comparison

Comparison of host-based intrusion detection system components and systems.

Free and open-source software

As per the Unix philosophy a good HIDS is composed of multiple packages each focusing on a specific aspect.

Package	Last Update	Debian Official Repositories	AlmaLinux Official Repositories	openSUSE Official Repositories	File	Network	Logs	Config	Notes
OSSEC	2025	No^[1]	No^[2]	Yes^[3]	Yes	Yes	Yes	Yes
Wazuh	2025^[4]	No	No	?	Yes	Yes	Yes	Yes
Samhain	2023	Yes^[5]	No	Yes^[6]	Yes	No	Partial^[7]
Snort	2025^[8]	Yes^[9]	No^[10]	No	No	Yes	No
chkrootkit	2023	Yes^[11]	No	Yes	Yes	No	Partial^[12]
rkhunter	2018	Yes^[13]	Yes^[14]	Yes	Yes	No	No	Yes
unhide^[15]	2012	Yes^[16]	Yes^[17]	Yes	No	No	No		proc ps compare
Sguil	2017	No	No	No	No	Yes	No
Logwatch^[18]	2017	Yes^[19]	Yes^[20]	Yes	No	No	Yes
Logcheck^[21]	2017	Yes^[22]	Yes^[23]	Yes	No	No	Yes
Epylog^[24]	2014	Yes^[25]	Yes^[26]	Yes	No	No	Yes
SWATCH^[27]	2015	Yes^[28]	Yes^[29]	Yes	No	No	Yes
sagan	2021	Yes^[30]	No	No	No	No	Yes
aide	2025	Yes^[31]	Yes^[32]	Yes	Yes	No	No	yes	uses libs for routines
tripwire	2018	Yes^[33]	Yes^[34]	Yes	Yes	No	No
Tiger	2018	Yes^[35]	No	No	Yes	No	No	Yes	3/42 modules are Debian specific.

Proprietary software

Package	Year^[36]	Linux	Windows	File	Network	Logs	Config	Notes
Lacework	2018	Yes	No	Yes	Yes	Yes	Yes
Verisys	2018	Yes	Yes	Yes	Yes		Yes
Nessus	2017	Yes	Yes				Yes
Atomicorp	2019	Yes	Yes	Yes	Yes	Yes	Yes	Commercially enhanced version of OSSEC
Spartan	2021	No	Yes	Yes	Yes	Yes	Yes	Websocket API, IP to Country mapping, DynDNS Integration

References

^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). OSSEC for Debian Based systems
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). OSSEC for RHEL/Fedora Based systems
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). An Open Source Host-based Intrusion Detection System
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Samhain in the Ubuntu Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). File integrity and host-based IDS
^ Last
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Snort in the Ubuntu Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Snort in the CentOS Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). ChkRootkit in the Ubuntu Repositories
^ lastlog, wtmp, utmp, wtmpx
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). RKHunter in the Ubuntu Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). RKHunter in the CentOS Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).unhide is notable because it's part of Debian and Fedora
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). UnHide in the Ubuntu Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). UnHide in the CentOS Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Logwatch is notable because it's part of Debian and Fedora
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). LogWatch in the Ubuntu Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). LogWatch in the CentOS Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Logcheck is notable because it's part of Debian and Fedora
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Logcheck in the Ubuntu Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Logcheck in the CentOS Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Epylog is notable because it's part of Debian and Fedora
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Epylog in the Ubuntu Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Epylog in the CentOS Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). SWATCH is notable because it's part of Debian and Fedora
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). SWATCH in the Ubuntu Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). SWATCH in the CentOS Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Sagan in the Ubuntu Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). AIDE in the Ubuntu Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). AIDE in the CentOS Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Tripwire in the Ubuntu Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Tripwire in the CentOS Repositories
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Tripwire in the Ubuntu Repositories
^ Last updated

External links

[1] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). OSSEC for Debian Based systems

[2] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). OSSEC for RHEL/Fedora Based systems

[3] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). An Open Source Host-based Intrusion Detection System

[4] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[5] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Samhain in the Ubuntu Repositories

[6] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). File integrity and host-based IDS

[7] Last

[8] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[9] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Snort in the Ubuntu Repositories

[10] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Snort in the CentOS Repositories

[11] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). ChkRootkit in the Ubuntu Repositories

[12] stlog, wtmp, utmp, wtmpx

[13] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). RKHunter in the Ubuntu Repositories

[14] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). RKHunter in the CentOS Repositories

[15] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).unhide is notable because it's part of Debian and Fedora

[16] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). UnHide in the Ubuntu Repositories

[17] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). UnHide in the CentOS Repositories

[18] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Logwatch is notable because it's part of Debian and Fedora

[19] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). LogWatch in the Ubuntu Repositories

[20] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). LogWatch in the CentOS Repositories

[Logcheck-21] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Logcheck is notable because it's part of Debian and Fedora

[22] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Logcheck in the Ubuntu Repositories

[23] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Logcheck in the CentOS Repositories

[24] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Epylog is notable because it's part of Debian and Fedora

[25] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Epylog in the Ubuntu Repositories

[26] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Epylog in the CentOS Repositories

[27] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). SWATCH is notable because it's part of Debian and Fedora

[28] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). SWATCH in the Ubuntu Repositories

[29] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). SWATCH in the CentOS Repositories

[30] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Sagan in the Ubuntu Repositories

[31] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). AIDE in the Ubuntu Repositories

[32] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). AIDE in the CentOS Repositories

[33] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Tripwire in the Ubuntu Repositories

[34] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Tripwire in the CentOS Repositories

[35] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Tripwire in the Ubuntu Repositories

[36] Last updated

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

[28]

[29]

[30]

[31]

[32]

[33]

[34]

[35]

[36]

Host-based intrusion detection system comparison

Contents

Free and open-source software

Proprietary software

References

External links

Navigation menu

Host-based intrusion detection system comparison

Free and open-source software

Proprietary software

References

External links

Navigation menu

Search