Re: Looking for AIX-Friendly HIDSFrom: Alex Smith (email@example.com)
- Previous message: Gangadhar NPK: "RE: IDS, where the bits meet the bytes"
- In reply to: Duane Waddle: "Looking for AIX-Friendly HIDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Alex Smith" <firstname.lastname@example.org> To: <email@example.com>, "Duane Waddle" <firstname.lastname@example.org> Date: Sun, 5 May 2002 12:20:38 -0600
I work for Symantec and I was a developer on Intruder Alert.
Putting that aside for the moment I defiantly think you should look at
Symantec's Intruder Alert. Among other OS's it support AIX, WinNT/2000 and
Linux. It is policy driven and supports custom policies. I have had it
running on my home server for
over 2 years. I currently have it installed on my linux box watching my web
server logs, firewall logs, snort logs and X10 logs (turns on security
cameras when motion is detected).
At work I have run it on many versions of AIX including 4.3.
I apologize if I have sounded like I am trying to sell some thing. Please
don't confuse my enthusiasm in sharing something with which I have had a
great deal of success with an attempt to sell you something.
> My group is starting to look for HIDS solutions. We've not nailed down
> of the requirements yet, but the wish list would be something as follows:
> -- syslog watcher
> -- file integrity verification
> -- kernel module / system call hooks
> Our shop is about 90% AIX, with the other 10% being WinNT/2000 and
> Linux. Any advice on whom/what to look at?
> Thanks much in advance