4

I'm looking for options to be compliant with PCI-DSS section 11.5 for some servers I manage at the datacenter. There are several servers (less than 20) and they are mostly CentOS5, but there are some RHEL4 and Solaris9 Sparc. I believe Tripwire, Inc. is the leader in this area, but I am looking for additional options, both commercial and FOSS. Please include your experience reasons for using the software you recommend.

dialt0ne
  • 3,065
  • 20
  • 27

4 Answers4

2

As a commercial option (i.e. typically better supported and easier to use, but obviously more expensive :), I'd suggest Verisys, a commercial file integrity monitoring system.

My main reason for suggesting it is that it's a lot cheaper than Tripwire. It doesn't provide all the 'change management' kind of features that Tripwire does, but not everyone needs that. Verisys is a lot easier to use too.

Cocowalla
  • 623
  • 1
  • 5
  • 17
2

You can take a look at Samhain for an Open Source solution.

When I used it in my last job, it was only a file integrity checking solution, but it seems it has since evolved in a more complete solution...

sebthebert
  • 1,234
  • 8
  • 21
1

Additional options:

http://www.la-samhna.de/library/scanners.html

Make your own educated choice. Depending on the number of hosts you have, having a centralized reporting server or mechanism is going to be important. Take that into consideration.

sinping
  • 2,070
  • 14
  • 13
1

OSSEC will also do integrity monitoring and is dead simple to use. It integrates very well with SIEMs such as Prelude if you are using that. Has a web interface available that will make checking the integrity information really easy.

Antoine Benkemoun
  • 7,314
  • 3
  • 42
  • 60