Educause Security Discussion mailing list archives

Re: HIDS/File integrity checker

From: "Spransy, Derek" <DSPRANS () EMORY EDU>
Date: Tue, 9 Sep 2008 16:51:05 -0400

I've been very impressed by OSSEC.  We have it monitoring eight servers (Linux, Mac & Windows).  It is a client/server 
based system (agents on devices report back to the central server) and is highly customizable.  It performs file 
integrity checking similar to tripwire and can be configured to monitor default and custom directories.  I won't go 
over the feature list since they're on the website, but I highly recommend it.
http://www.ossec.net/

-Derek

===========================
Derek Spransy
IT Security Lead
Emory College of Arts & Sciences
404-712-8798
derek.spransy () emory edu
===========================



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Aaron 
Cayard-Roberts
Sent: Tuesday, September 09, 2008 4:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] HIDS/File integrity checker

Hello all,

We're looking at ways to secure our *unix servers (mostly FreeBSD and
Solaris) and I was wondering what others use for detecting a compromise.
  We've installed tripwire here and there but its not really a breeze to
   keep updated across a bunch of servers.  One alternative that we're
looking at is Samhain because of its client/host based nature with
centralized administration:  http://la-samhna.de/samhain/

It sounds very nice (almost like a client server version of tripwire)
but I haven't found a huge amount of comments about it in my searches.
So I'm wondering if anyone here has used it and has anything to share
about it.  Comments about other similar applications are of course
welcome too.


Thanks,
Aaron


--
Aaron Cayard-Roberts
Applications and Security Administrator
Earlham College Computing Services
801 National Road West
Richmond, IN 47374
Phone: 765-983-1851

This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information.  If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).

Current thread:

HIDS/File integrity checker Aaron Cayard-Roberts (Sep 09)
- <Possible follow-ups>
- Re: HIDS/File integrity checker Adam Garside (Sep 09)
- Re: HIDS/File integrity checker Spransy, Derek (Sep 09)