IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Prelude/OSSIM/OpenSIMS/OSSEC

From: "Warner Moore" <wmoore () 2co com>
Date: Fri, 1 Sep 2006 08:41:43 -0400
-----Original Message-----
From: Pat [mailto:securityfocus.20.patgourmet () spamgourmet com] 
Sent: Tuesday, August 29, 2006 12:37 PM
To: focus-ids () securityfocus com
Subject: Prelude/OSSIM/OpenSIMS/OSSEC


<snip>

1- I want to begin by implementing an integrity checker. I am looking 
at Samhain and Osiris. Samhain seems better, but since it does not 
support Windows, I will probably use Osiris. Maybe OSSEC also would 
do the job ?


        I am big on AIDE lately.  If you want to spend money, Tripwire.  Our
solution was to hack out a centralized solution around AIDE.  There's some
neat hacks out there like ViperDB for smaller solutions.
 

2- I want to run Nagios on my servers for monitoring


        Good.


3- I want to setup my UNIX and Windows servers with remote logging. 
For the UNIX/Linux servers, I would do remote syslogging to a syslog 
server such as Syslog-ng or Rsyslog. For the Windows servers, I would 
also setup a remote logging to that same syslog server, with a client 
tool such as Winsyslog.


        Event to syslog is kind of cool.  It's irritating to audit Windows
event logs in a flat form, definitely clutters stuff up.  I have yet to see
an ideal cross platform central logging solution.

<snip> 

So my question again: does anyone here know the best way to implement 
all of these (Integrity Checks, Servers Monitoring and remote 
Logging) in a mixed environment (UNIX/Windows), everything 
being open-source ?


        Sounds like you want a consultant.  =)  You have a pretty good idea
going on.  You might want to throw some network IDS in there too.

Best regards,

   Warner.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: