Educause Security Discussion mailing list archives
Re: HIDS/File integrity checker
From: "Spransy, Derek" <DSPRANS () EMORY EDU>
Date: Tue, 9 Sep 2008 16:51:05 -0400
I've been very impressed by OSSEC. We have it monitoring eight servers (Linux, Mac & Windows). It is a client/server based system (agents on devices report back to the central server) and is highly customizable. It performs file integrity checking similar to tripwire and can be configured to monitor default and custom directories. I won't go over the feature list since they're on the website, but I highly recommend it. http://www.ossec.net/ -Derek =========================== Derek Spransy IT Security Lead Emory College of Arts & Sciences 404-712-8798 derek.spransy () emory edu =========================== -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Aaron Cayard-Roberts Sent: Tuesday, September 09, 2008 4:42 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] HIDS/File integrity checker Hello all, We're looking at ways to secure our *unix servers (mostly FreeBSD and Solaris) and I was wondering what others use for detecting a compromise. We've installed tripwire here and there but its not really a breeze to keep updated across a bunch of servers. One alternative that we're looking at is Samhain because of its client/host based nature with centralized administration: http://la-samhna.de/samhain/ It sounds very nice (almost like a client server version of tripwire) but I haven't found a huge amount of comments about it in my searches. So I'm wondering if anyone here has used it and has anything to share about it. Comments about other similar applications are of course welcome too. Thanks, Aaron -- Aaron Cayard-Roberts Applications and Security Administrator Earlham College Computing Services 801 National Road West Richmond, IN 47374 Phone: 765-983-1851 This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments).
Current thread:
- HIDS/File integrity checker Aaron Cayard-Roberts (Sep 09)
- <Possible follow-ups>
- Re: HIDS/File integrity checker Adam Garside (Sep 09)
- Re: HIDS/File integrity checker Spransy, Derek (Sep 09)