RE: Looking for AIX-Friendly HIDSFrom: Rainer Duffner (firstname.lastname@example.org)
- Previous message: Vitaly Osipov: "Re: IDS, where the bits meet the bytes"
- Maybe in reply to: Duane Waddle: "Looking for AIX-Friendly HIDS"
- Next in thread: Alex Smith: "Re: Looking for AIX-Friendly HIDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Rainer Duffner" <email@example.com> To: firstname.lastname@example.org Date: Thu, 02 May 2002 11:17:34 GMT
> -----Original Message-----
> From: Duane Waddle [mailto:email@example.com]
> Sent: Wednesday, May 01, 2002 4:14 PM
> To: firstname.lastname@example.org
> Subject: Looking for AIX-Friendly HIDS
> My group is starting to look for HIDS solutions. We've not
> nailed down all
> of the requirements yet, but the wish list would be something
> as follows:
> -- syslog watcher
> -- file integrity verification
> -- kernel module / system call hooks
> Our shop is about 90% AIX, with the other 10% being WinNT/2000 and
> Linux. Any advice on whom/what to look at?
I thought your only real contender was the commercial version of Tripwire.
AIX-4.3 only, according to their datasheet.
But I see that NFR bought Centrax and now (OK, it was already in 12/2001)
also has a HIDS.
Runs on AIX, too.
I don't know if Centrax^H^H^H^H^H^H^H NFR-HIDS does the syscall-hook thing,
but if it does, it seems like the best solution.
If you buy enough licences, they'll port it to AIX5, I guess ;-)
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Rainer Duffner Munich email@example.com Germany http://www.i-duffner.de Freising ======================================== When shall we three meet again In thunder, lightning, or in rain? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~