It seems both Cisofy's Lynis and Wazuh's OSSEC share a lot of functionalities. I'm completely newbie on both tools and yet I need to pick one (or both) to help achieve PCI DSS Compliance. Any thoughts?
Asked
Active
Viewed 619 times
0
-
1You will have to look this up in the respective documentation. This question is off-topic here. – Tom K. Apr 27 '18 at 08:29
-
Those are very different tools... – multithr3at3d Apr 27 '18 at 15:07
1 Answers
2
As the author of Lynis, I suggest using both as they both focus on a different aspect of information security.
OSSEC and Wazuh are focused on monitoring files and the status of the system. Lynis helps you with understanding what can be done on a system to improve/increase its security defenses. OSSEC or Wazuh would be run continuously, where you would Lynis daily (cronjob) and ad-hoc while doing system hardening.
If you are interested in learning more about security tools (who doesn't?), I suggest using the Linux Security Expert project. It is a project I founded to review and explain tools and security concepts. See Lynis (Wazuh is to be reviewed).
Michael Boelen
- 116
- 3