Hi there folks!
Just wanted to check with you all and see if any of you are doing server or client side HIDS. We are slowly deploying OSSEC. I was always a big Tripwire fan and have been really impressed with OSSEC and how much it has expanded. The LIDS piece as well as the active blocking(We aren't bold enough to do this yet. on servers...) really turns this into a great tool.
Of course my opinion of the tool is based on past tripwire exposure and on limited test implementations of OSSEC. I have not run it for an extended period of time on a large group of servers/clients. Because of this I would just like to see what peoples experiences have been with this tool or other similar tools.
We really appreciate all your opinions and any information you can give us. The more the better.
Side note. On our clients several years ago we...