Hi, I am looking for some advice/ recommendations regarding a Intrusion Detection System which is FOSS. I have found and lookd through these: Snort ,Zeek,OSSEC, Kismet,Snare,Security Onion. Now I am looking for a user-friendly option which does not require much work.
On linux you will likely find nothing which can be managed without a lot of work for the initial setup. Once set up the work stabilizes.
There are actually 2 different IDS levels.
Network monitoring (NIDS) to detect attempted break ins is one level. The second level is to monitor the system files for changes (HIDS) which could indicate an intrusion that was not otherwise detected.
Every software monitoring system (HIDS) I know of builds a database of monitored system files at the time it is configured and compares the current files against the entries in that database. Since fedora is a rolling release and has updates weekly (and some more often) there are monitored files that are changed with every update. This means you would have to verify the updates and update the IDS database with every time you updated fedora. Thus, “not much work” at this level is unattainable with a rolling release.
It is, however, possible when using a stable release such as RHEL, Ubuntu LTS, etc. If your criteria is “not much work” then fedora is out. If you are willing to put in the effort to keep up with the updates, and do the updates on your own schedule, then fedora is a good platform to work with.
You may want to look at https://www.softwaretestinghelp.com/intrusion-detection-systems/ to see what the types of IDS systems there are and get more help on deciding what meets your needs instead of just grasping at straws.
3 Likes