Re: Looking for AIX-Friendly HIDS

From: Alex Smith (alex@securesmith.net)
Date: 05/05/02

Previous message: Gangadhar NPK: "RE: IDS, where the bits meet the bytes"
In reply to: Duane Waddle: "Looking for AIX-Friendly HIDS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Alex Smith" <alex@securesmith.net>
To: <focus-ids@securityfocus.com>, "Duane Waddle" <dwaddle@charter.net>
Date: Sun, 5 May 2002 12:20:38 -0600

Disclaimer:
I work for Symantec and I was a developer on Intruder Alert.

Putting that aside for the moment I defiantly think you should look at
Symantec's Intruder Alert. Among other OS's it support AIX, WinNT/2000 and
Linux. It is policy driven and supports custom policies. I have had it
running on my home server for
over 2 years. I currently have it installed on my linux box watching my web
server logs, firewall logs, snort logs and X10 logs (turns on security
cameras when motion is detected).
At work I have run it on many versions of AIX including 4.3.

I apologize if I have sounded like I am trying to sell some thing. Please
don't confuse my enthusiasm in sharing something with which I have had a
great deal of success with an attempt to sell you something.

Good Luck,
Alex

----- Original Message -----
From: "Duane Waddle" <dwaddle@charter.net>
To: <focus-ids@securityfocus.com>
Sent: Wednesday, May 01, 2002 8:13 AM
Subject: Looking for AIX-Friendly HIDS

>
> Hi,
>
> My group is starting to look for HIDS solutions. We've not nailed down
all
> of the requirements yet, but the wish list would be something as follows:
> -- syslog watcher
> -- file integrity verification
> -- kernel module / system call hooks
>
> Our shop is about 90% AIX, with the other 10% being WinNT/2000 and
> Linux. Any advice on whom/what to look at?
>
> Thanks much in advance
>
> --Duane
>
>

Previous message: Gangadhar NPK: "RE: IDS, where the bits meet the bytes"
In reply to: Duane Waddle: "Looking for AIX-Friendly HIDS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: mpd- no ng_l2tp coming up
... Using xl2tpd (apparently- linux only) ... Android fails here- it will connect if I remove the ... Android logs in as peer "anonymous". ...
(freebsd-net)
Re: mpd- no ng_l2tp coming up
... If I run mpd on the FBSD system as a client with a secret then it connects. ... Android fails here- it will connect if I remove the secret from the server config. ... Android logs in as peer "anonymous". ... On linux apparently there's a l2tp-secrets file ...
(freebsd-net)
Re: Why is troubleshooting Linux so hard?
... can't we create troubleshooting database?? ... in Linux or maybe I'm approaching these problems the wrong way. ... Is there a way to apply debugging symbols retroactively to a dump? ... I find that the logs contain lots of facts but not a whole lot of useful ...
(Debian-User)
Why is troubleshooting Linux so hard?
... troubleshooting Linux's quirks, crashes and problems in hopes that someone may ... in Linux or maybe I'm approaching these problems the wrong way. ... Is there a way to apply debugging symbols retroactively to a dump? ... I find that the logs contain lots of facts but not a whole lot of useful ...
(Debian-User)
Mysteriously hacked?
... Something strange happened recently on my Linux box. ... I checked the various logs in /var/log and I ... The router is configured not to allow configuration from outside ...
(comp.os.linux.security)