Hosting Provided By

Re: Best Host IDS Tools

From: Bryan Strong <bstrong(at)packetshield.net>
Date: Tue Dec 24 2002 - 16:01:20 EST

>I have just setup my Web server on solaris platform and is planning to
Frank, you may also want to check out:
*Samhain: File integrity / suid checker (la-samhna.de/samhain/) *Prelude IDS: "hybrid" IDS system with both network and host based components (log monitoring on the host side) (www.prelude-ids.org) *The Honeynet project has several very useful tools worth checking out (http://www.honeynet.org/papers/honeynet/tools/) *Since you are running this on a Solaris box you may want to enable BSM auditing. I don't recall the specific system resource requirements, certainly disk space is a significant issue, but you can get a lot of useful information from this level of auditing,

Part of the benefit of checking out Samhain and Prelude is that they both natively support sending gathered information to a backend server running a MySQL or PostgreSQL database and also support a secure communication channel between the reporting and receiving hosts.

Hope this helps -Bryan Strong Received on Fri Dec 27 11:37:59 2002

This message: [ Message body ]
Next message: Rob Shein: "RE: Best Host IDS Tools"
Previous message: Gene: "Re: Snort 2.0 - Any Idea when ? ?"
In reply to frank: "Best Host IDS Tools"
Next in thread: Rob Shein: "RE: Best Host IDS Tools"
Reply: Frank Cheong: "Re: Best Host IDS Tools"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:05 EDT