Re: Looking for Host Based IDS

From: anedvedicky@tinysoftware.cz
Date: 12/19/01


Date: Wed, 19 Dec 2001 10:01:14 +0100 (CET)
From: <anedvedicky@tinysoftware.cz>
To: Guy Fighel <GuyF@xpert.com>

On Mon, 17 Dec 2001, Guy Fighel wrote:

> Hello,
>
> Can someone recommend about a good Host Based IDS that looks for suspicious
> operating system processes?
> I need the ability to write a specific policy for specific system processes
> and need that the IDS will report about any modifications.
>
> I would appreciate your help,
>
> Guy.
>
the best I can recommend is medusa DS9. it's configurable and makes
machine secure. the computer with medusa using old bind (ver 8) and old
sendmail (ver 8.10??) with no patches. it runs linux 2.2.5. machine was
not rooted for nearly two years...
medusa homepage:
        http://medusa.terminus.sk
        http://medusa.fornax.sk
sasha