IDS mailing list archives
RE: using HIDS for change control
From: Daniel Cid <danielcid () yahoo com br>
Date: Thu, 25 Aug 2005 02:46:48 -0300 (ART)
You seems to be looking for a integrity checking, right? I use the OSSEC HIDS to monitor any modification on the binaries and configuration files on my systems. I install the agent on my servers and they forward any modification information to the analysis server for e-mail alerting (it also analyze the logs) ... However, it is only tested on Unix (although it should work with Cygwin on Windows). *I know samhain runs on both Unix and Windows (using Cygwin too) and it is probably on a much stable state than the ossec hids (still on v0.2) http://www.ossec.net/hids/ http://la-samhna.de/samhain/index.html Hope it helps.. -- Daniel B. Cid, CISSP daniel.cid @ ( at ) gmail. com --- "Rivera,Angel L." <ARIVERA () mitre org> escreveu:
Does anyone on this list know of a sponsor that is using HIDS to monitor changes to a system's (Unix & Windows) configuration? The goal is to build a server according to specs (this would include hardening of the OS + agency specific security settings) then use a HIDS to detect and alert on any changes. Theoretically speaking, I know this can be done, but is anyone doing this?
------------------------------------------------------------------------
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
_______________________________________________________ Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! http://br.acesso.yahoo.com/ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- RE: using HIDS for change control Rivera,Angel L. (Aug 24)
- RE: using HIDS for change control Daniel Cid (Aug 25)
- RE: using HIDS for change control Ron Gula (Aug 25)
- <Possible follow-ups>
- RE: using HIDS for change control Evans, Arian (Aug 25)
- RE: using HIDS for change control Andrew Plato (Aug 27)
- RE: using HIDS for change control Rivera,Angel L. (Aug 27)