Re: Looking for AIX-Friendly HIDS

From: Alex Smith (
Date: 05/05/02

From: "Alex Smith" <>
To: <>, "Duane Waddle" <>
Date: Sun, 5 May 2002 12:20:38 -0600

I work for Symantec and I was a developer on Intruder Alert.

Putting that aside for the moment I defiantly think you should look at
Symantec's Intruder Alert. Among other OS's it support AIX, WinNT/2000 and
Linux. It is policy driven and supports custom policies. I have had it
running on my home server for
over 2 years. I currently have it installed on my linux box watching my web
server logs, firewall logs, snort logs and X10 logs (turns on security
cameras when motion is detected).
At work I have run it on many versions of AIX including 4.3.

I apologize if I have sounded like I am trying to sell some thing. Please
don't confuse my enthusiasm in sharing something with which I have had a
great deal of success with an attempt to sell you something.

Good Luck,

----- Original Message -----
From: "Duane Waddle" <>
To: <>
Sent: Wednesday, May 01, 2002 8:13 AM
Subject: Looking for AIX-Friendly HIDS

> Hi,
> My group is starting to look for HIDS solutions. We've not nailed down
> of the requirements yet, but the wish list would be something as follows:
> -- syslog watcher
> -- file integrity verification
> -- kernel module / system call hooks
> Our shop is about 90% AIX, with the other 10% being WinNT/2000 and
> Linux. Any advice on whom/what to look at?
> Thanks much in advance
> --Duane