RE: Looking for AIX-Friendly HIDS

From: Rainer Duffner (rainer@ultra-secure.de)
Date: 05/02/02


From: "Rainer Duffner" <rainer@ultra-secure.de>
To: dwaddle@charter.net
Date: Thu, 02 May 2002 11:17:34 GMT


> -----Original Message-----
> From: Duane Waddle [mailto:dwaddle@charter.net]
> Sent: Wednesday, May 01, 2002 4:14 PM
> To: focus-ids@securityfocus.com
> Subject: Looking for AIX-Friendly HIDS
> Hi,
>
> My group is starting to look for HIDS solutions. We've not
> nailed down all
> of the requirements yet, but the wish list would be something
> as follows:
> -- syslog watcher
> -- file integrity verification
> -- kernel module / system call hooks
>
> Our shop is about 90% AIX, with the other 10% being WinNT/2000 and
> Linux. Any advice on whom/what to look at?

I thought your only real contender was the commercial version of Tripwire.
AIX-4.3 only, according to their datasheet.
But I see that NFR bought Centrax and now (OK, it was already in 12/2001)
also has a HIDS.
Runs on AIX, too.

I don't know if Centrax^H^H^H^H^H^H^H NFR-HIDS does the syscall-hook thing,
but if it does, it seems like the best solution.

If you buy enough licences, they'll port it to AIX5, I guess ;-)

 

cheers,
Rainer

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer@ultra-secure.de          Germany
http://www.i-duffner.de        Freising
========================================
    When shall we three meet again
  In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~