IDS mailing list archives

RE: using HIDS for change control

From: Daniel Cid <danielcid () yahoo com br>
Date: Thu, 25 Aug 2005 02:46:48 -0300 (ART)

You seems to be looking for a integrity checking,
right? I use the OSSEC HIDS to monitor any
modification  on the binaries and configuration files
on my systems.
I install the agent on my servers and they forward any
modification information to the analysis server for
e-mail alerting (it also analyze the logs) ...
However, it is only tested on Unix (although it should
work with Cygwin on Windows).  

*I know samhain runs on both Unix and Windows (using
Cygwin too) and it is probably on a much stable state
than the ossec hids (still on v0.2)

http://www.ossec.net/hids/
http://la-samhna.de/samhain/index.html

Hope it helps..

--
Daniel B. Cid, CISSP
daniel.cid @ ( at ) gmail. com

--- "Rivera,Angel L." <ARIVERA () mitre org> escreveu:

Does anyone on this list know of a sponsor that is
using HIDS to monitor
changes to a system's (Unix & Windows)
configuration?
 
The goal is to build a server according to specs
(this would include
hardening of the OS + agency specific security
settings) then use a HIDS
to detect and alert on any changes.
 
Theoretically speaking, I know this can be done, but
is anyone doing
this?

------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to

http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.

------------------------------------------------------------------------




        
        
                
_______________________________________________________ 
Yahoo! Acesso Grátis - Internet rápida e grátis. 
Instale o discador agora! http://br.acesso.yahoo.com/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------

Current thread:

RE: using HIDS for change control Rivera,Angel L. (Aug 24)
- RE: using HIDS for change control Daniel Cid (Aug 25)
- RE: using HIDS for change control Ron Gula (Aug 25)
- <Possible follow-ups>
- RE: using HIDS for change control Evans, Arian (Aug 25)
- RE: using HIDS for change control Andrew Plato (Aug 27)
- RE: using HIDS for change control Rivera,Angel L. (Aug 27)