RE: using HIDS for change control
From: Daniel Cid (danielcid_at_yahoo.com.br)
Date: 08/25/05
- Previous message: Sanjay Rawat: "Re: IDS with Case-Based Reasoning"
- In reply to: Rivera,Angel L.: "RE: using HIDS for change control"
- Next in thread: Ron Gula: "RE: using HIDS for change control"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Aug 2005 02:46:48 -0300 (ART) To: "Rivera,Angel L." <ARIVERA@mitre.org>, focus-ids@lists.securityfocus.com
You seems to be looking for a integrity checking,
right? I use the OSSEC HIDS to monitor any
modification on the binaries and configuration files
on my systems.
I install the agent on my servers and they forward any
modification information to the analysis server for
e-mail alerting (it also analyze the logs) ...
However, it is only tested on Unix (although it should
work with Cygwin on Windows).
*I know samhain runs on both Unix and Windows (using
Cygwin too) and it is probably on a much stable state
than the ossec hids (still on v0.2)
http://www.ossec.net/hids/
http://la-samhna.de/samhain/index.html
Hope it helps..
-- Daniel B. Cid, CISSP daniel.cid @ ( at ) gmail. com --- "Rivera,Angel L." <ARIVERA@mitre.org> escreveu: > Does anyone on this list know of a sponsor that is > using HIDS to monitor > changes to a system's (Unix & Windows) > configuration? > > The goal is to build a server according to specs > (this would include > hardening of the OS + agency specific security > settings) then use a HIDS > to detect and alert on any changes. > > Theoretically speaking, I know this can be done, but > is anyone doing > this? > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ > > _______________________________________________________ Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! http://br.acesso.yahoo.com/ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
- Previous message: Sanjay Rawat: "Re: IDS with Case-Based Reasoning"
- In reply to: Rivera,Angel L.: "RE: using HIDS for change control"
- Next in thread: Ron Gula: "RE: using HIDS for change control"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
