Re: Looking for AIX-Friendly HIDS

From: Alex Smith (alex@securesmith.net)
Date: 05/05/02


From: "Alex Smith" <alex@securesmith.net>
To: <focus-ids@securityfocus.com>, "Duane Waddle" <dwaddle@charter.net>
Date: Sun, 5 May 2002 12:20:38 -0600

Disclaimer:
I work for Symantec and I was a developer on Intruder Alert.

Putting that aside for the moment I defiantly think you should look at
Symantec's Intruder Alert. Among other OS's it support AIX, WinNT/2000 and
Linux. It is policy driven and supports custom policies. I have had it
running on my home server for
over 2 years. I currently have it installed on my linux box watching my web
server logs, firewall logs, snort logs and X10 logs (turns on security
cameras when motion is detected).
At work I have run it on many versions of AIX including 4.3.

I apologize if I have sounded like I am trying to sell some thing. Please
don't confuse my enthusiasm in sharing something with which I have had a
great deal of success with an attempt to sell you something.

Good Luck,
Alex

----- Original Message -----
From: "Duane Waddle" <dwaddle@charter.net>
To: <focus-ids@securityfocus.com>
Sent: Wednesday, May 01, 2002 8:13 AM
Subject: Looking for AIX-Friendly HIDS

>
> Hi,
>
> My group is starting to look for HIDS solutions. We've not nailed down
all
> of the requirements yet, but the wish list would be something as follows:
> -- syslog watcher
> -- file integrity verification
> -- kernel module / system call hooks
>
> Our shop is about 90% AIX, with the other 10% being WinNT/2000 and
> Linux. Any advice on whom/what to look at?
>
> Thanks much in advance
>
> --Duane
>
>