New Solaris Honeypot Tool - RemoteBSM

[Ryan Barnett <RCBarnett () hushmail com>]

I have finished the initial Whitepaper/Tool for a Solaris Honeypot 
replacement for the auditd daemon called RemoteBSM. RemoteBSM is 
essentially a modified version of BackLog 
(http://www.intersectalliance.com/projects/BackLogSolaris/Download/BackLogS
ol.tar.gz)  I have updated the code to make it more stealty - 1) Rename 
the RemoteBSM binary to a less conspicuous name, 2) The process will 
declare a bogus name for the running praudit tool in PS listings and, 3) 
It will forward all BSM audit data to a remote host to a specified UDP 
port.  The remote logging host simply runs the RemoteBSM_listener.pl 
script to capture data. 

I have uploaded the webpage onto my Sourceforge Honeypots website and 
wanted to let you all start using/testing it. 

http://honeypots.sourceforge.net/Honeypotting_With_RemoteBSM.html 

I know that editing the RemoteBSM.c file directly and compiling works 
fine, but I am looking for feedback on issues with regards to the 
install.sh script, any problems with the RemoteBSM_listener.pl, etc... 

Any feedback would be appreciated :) 

#################################
Ryan C. Barnett
Senior Security Engineer
SANS: GCFA, GCIH, GCUX, GSEC
http://honeypots.sourceforge.net
#################################