RE: Looking for AIX-Friendly HIDS

From: Rainer Duffner (
Date: 05/02/02

From: "Rainer Duffner" <>
Date: Thu, 02 May 2002 11:17:34 GMT

> -----Original Message-----
> From: Duane Waddle []
> Sent: Wednesday, May 01, 2002 4:14 PM
> To:
> Subject: Looking for AIX-Friendly HIDS
> Hi,
> My group is starting to look for HIDS solutions. We've not
> nailed down all
> of the requirements yet, but the wish list would be something
> as follows:
> -- syslog watcher
> -- file integrity verification
> -- kernel module / system call hooks
> Our shop is about 90% AIX, with the other 10% being WinNT/2000 and
> Linux. Any advice on whom/what to look at?

I thought your only real contender was the commercial version of Tripwire.
AIX-4.3 only, according to their datasheet.
But I see that NFR bought Centrax and now (OK, it was already in 12/2001)
also has a HIDS.
Runs on AIX, too.

I don't know if Centrax^H^H^H^H^H^H^H NFR-HIDS does the syscall-hook thing,
but if it does, it seems like the best solution.

If you buy enough licences, they'll port it to AIX5, I guess ;-)



Rainer Duffner                   Munich          Germany        Freising
    When shall we three meet again
  In thunder, lightning, or in rain?