snort and samhain - opinions please

From: Daniel Berg (
Date: 06/30/03

  • Next message: Richard Bejtlich: "Anyone else using Argus for monitoring?"
    Date: 30 Jun 2003 13:19:30 +0200

    Hi all,

    this is my first post to this list, so hello to all of you interested in
    this fantastic kind of technology =) Thanks for all the input I received
    from the list so far!

    I am currently setting up snort-based sensors for our DMZ, and I am
    researching on the best possibilities to make those boxes secure.

    The boxes run Solaris 9 on Sun Netra T1/105 machines, which made me
    sweat a little, being new to Solaris and being familiar only with *BSD
    systems. The C compiler was a real pain, but now all works smoothly.

    I am considering setting up snort for the network intrusion detection,
    with an ACID console in the background, and Samhain for
    security/integrity on the box itself.
    Samhain seems to be best choice for me since it has some nice features
    like stealth mode and such.
    Unfortunately I only have the possibility to log to MSSQL Server
    (corporate policies never fit your real needs), which is not yet
    supported by Samhain afaik.
    Has anyone here made any effort yet to port Samhain with MSSQL support,
    or does anyone know of any other good file integrity check utilities
    with similar functionality that would work with MSSQL?

    I would be glad to get some opinions on my idea, I am always happy about
    new ideas =)


    Daniel Berg
    +EDS Germany
    +Security & Privacy
    +cell: +491792287327
    Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
    world's premier technical IT security event! 10 tracks, 15 training sessions, 
    1,800 delegates from 30 nations including all of the top experts, from CSO's to 
    "underground" security specialists.  See for yourself what the buzz is about!  
    Early-bird registration ends July 3.  This event will sell out.

  • Next message: Richard Bejtlich: "Anyone else using Argus for monitoring?"