Intrusion Detection

9 Best Free and Open Source Host-Based Intrusion Detection Systems

An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations.

IDS types range in scope from single computers to large networks. The most common classifications are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). A system that monitors important operating system files is an example of an HIDS, while a system that detects malicious traffic on a network is an example of an NIDS.

Here’s our verdict on the finest HIDS. We only feature open source software here.

Ratings chart

Let’s explore the 9 HIDS. For each application we have compiled its own portal page, a full description with an in-depth analysis of its features, together with links to relevant resources.

Host-Based Intrusion Detection Systems
WazuhPlatform used for threat prevention, detection, and response
OSSECFull platform to monitor and control your systems.
AIDEAdvanced Intrusion Detection Environment
LogwatchPowerful and versatile log parser and analyzer
SamhainFile integrity checking and log file monitoring/analysis and more
SaganMulti-threads, high performance log analysis engine
chkrootkitLocally checks for signs of a rootkit
TripwireSecurity and data integrity tool
rkhunterScans for rootkits, backdoors and possible local exploits

This article has been revamped in line with our recent announcement.

If you’re looking for software-based NIDS, we recommend the best free and open source solutions in this separate article. NIDS can protect hundreds of computer systems from one network location. This helps make them a cost effective solution and easier to deploy than a HID.

Best Free and Open Source SoftwareRead our complete collection of recommended free and open source software. Our curated compilation covers all categories of software.

The software collection forms part of our series of informative articles for Linux enthusiasts. There are hundreds of in-depth reviews, open source alternatives to proprietary software from large corporations like Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk.

There are also fun things to try, hardware, free programming books and tutorials, and much more.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Newest Most Voted
Inline Feedbacks
View all comments
Anon User
Anon User
7 months ago

While Samhain is difficult to install, it’s technically superior to Tripwire OSS, AIDE, and OSSEC. (Tripwire went closed source.) Fail2ban is NOT a HIDS solution, it’s an application firewall. If you’re exposing ssh and internal network infrastructure to the outside world, then you have bigger security attack surface problems that cannot be solved by rate-limiting ssh.

1 month ago
Reply to  Anon User

Fail2ban is best described as intrusion prevention software. While technically not a HIDS, I don’t have a problem with it being covered here. Both monitor a network for malicious activity and/or policy violations.