Re: Looking for Host Based IDS
From: Chris Ess (azarin@tokimi.net)Date: 12/17/01
- Previous message: Greg Shipley: "Re: Looking for Host Based IDS"
- In reply to: Greg Shipley: "Re: Looking for Host Based IDS"
- Next in thread: Mark Crosbie: "Re: Looking for Host Based IDS"
- Next in thread: Matt.Carpenter@alticor.com: "RE: Looking for Host Based IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Dec 2001 16:39:07 -0500 (EST) From: Chris Ess <azarin@tokimi.net> To: Greg Shipley <gshipley@neohapsis.com>
> But do either of these watch processes, which I believe was Guy's orignal
> question/requirement? I was under the impression that these are just log
> parsing (swatch) and binary integrity checkers (tripwire) - not HIDS that
> watch processes for violations. But then maybe I'm behind on my info
> again....
Spong (http://spong.sourceforge.net) could possibly be modified to do
this, as could any Big Brother-like monitor. I know we use Spong at work
to monitor the processes on our servers and let us know when something
dies... I imagine there would be a way to instead warn if there's a
process there that shouldn't be.
--CAE Kujikenaikara!
Sub caelo noctis sto quod stellae mihi spem dant.
"But in the night, the darkness breathes, if he wills it to be."
--Trans-Siberian Orchestra, "The Dark"
- Previous message: Greg Shipley: "Re: Looking for Host Based IDS"
- In reply to: Greg Shipley: "Re: Looking for Host Based IDS"
- Next in thread: Mark Crosbie: "Re: Looking for Host Based IDS"
- Next in thread: Matt.Carpenter@alticor.com: "RE: Looking for Host Based IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
