Re: Looking for AIX-Friendly HIDS

From: Alex Smith (alex@securesmith.net)
Date: 05/05/02


From: "Alex Smith" <alex@securesmith.net>
To: <focus-ids@securityfocus.com>, "Duane Waddle" <dwaddle@charter.net>
Date: Sun, 5 May 2002 12:20:38 -0600

Disclaimer:
I work for Symantec and I was a developer on Intruder Alert.

Putting that aside for the moment I defiantly think you should look at
Symantec's Intruder Alert. Among other OS's it support AIX, WinNT/2000 and
Linux. It is policy driven and supports custom policies. I have had it
running on my home server for
over 2 years. I currently have it installed on my linux box watching my web
server logs, firewall logs, snort logs and X10 logs (turns on security
cameras when motion is detected).
At work I have run it on many versions of AIX including 4.3.

I apologize if I have sounded like I am trying to sell some thing. Please
don't confuse my enthusiasm in sharing something with which I have had a
great deal of success with an attempt to sell you something.

Good Luck,
Alex

----- Original Message -----
From: "Duane Waddle" <dwaddle@charter.net>
To: <focus-ids@securityfocus.com>
Sent: Wednesday, May 01, 2002 8:13 AM
Subject: Looking for AIX-Friendly HIDS

>
> Hi,
>
> My group is starting to look for HIDS solutions. We've not nailed down
all
> of the requirements yet, but the wish list would be something as follows:
> -- syslog watcher
> -- file integrity verification
> -- kernel module / system call hooks
>
> Our shop is about 90% AIX, with the other 10% being WinNT/2000 and
> Linux. Any advice on whom/what to look at?
>
> Thanks much in advance
>
> --Duane
>
>



Relevant Pages

  • Re: mpd- no ng_l2tp coming up
    ... Using xl2tpd (apparently- linux only) ... Android fails here- it will connect if I remove the ... Android logs in as peer "anonymous". ...
    (freebsd-net)
  • Re: Systemd
    ... file binary indeed is the most worse the systemd developers could ... affair with complexity that the Linux community is beginning to have? ... Kinda seems like the evolution of cars, ... occur exactly the time you need to view the logs most. ...
    (Debian-User)
  • Re: mpd- no ng_l2tp coming up
    ... If I run mpd on the FBSD system as a client with a secret then it connects. ... Android fails here- it will connect if I remove the secret from the server config. ... Android logs in as peer "anonymous". ... On linux apparently there's a l2tp-secrets file ...
    (freebsd-net)
  • Re: Why is troubleshooting Linux so hard?
    ... can't we create troubleshooting database?? ... in Linux or maybe I'm approaching these problems the wrong way. ... Is there a way to apply debugging symbols retroactively to a dump? ... I find that the logs contain lots of facts but not a whole lot of useful ...
    (Debian-User)
  • Why is troubleshooting Linux so hard?
    ... troubleshooting Linux's quirks, crashes and problems in hopes that someone may ... in Linux or maybe I'm approaching these problems the wrong way. ... Is there a way to apply debugging symbols retroactively to a dump? ... I find that the logs contain lots of facts but not a whole lot of useful ...
    (Debian-User)