Host IDS

Here are some popular open source host filtering and IDS solutions that have been recommended by the Science DMZ community:

  • IPTables: interface to install packet filtering rulesets
  • OSSec: log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response
  • Rkhunter: rootkit detection
  • chkrootkit: rootkit detection
  • Logcheck: log analysis
  • Fail2ban: log analysis
  • denyhosts: Blocks ssh attacks (tho you can also block ssh using router ACLs to all but trusted subnets)