IDS mailing list archives
RE: Prelude/OSSIM/OpenSIMS/OSSEC
From: "Warner Moore" <wmoore () 2co com>
Date: Fri, 1 Sep 2006 08:41:43 -0400
-----Original Message----- From: Pat [mailto:securityfocus.20.patgourmet () spamgourmet com] Sent: Tuesday, August 29, 2006 12:37 PM To: focus-ids () securityfocus com Subject: Prelude/OSSIM/OpenSIMS/OSSEC
<snip>
1- I want to begin by implementing an integrity checker. I am looking at Samhain and Osiris. Samhain seems better, but since it does not support Windows, I will probably use Osiris. Maybe OSSEC also would do the job ?
I am big on AIDE lately. If you want to spend money, Tripwire. Our solution was to hack out a centralized solution around AIDE. There's some neat hacks out there like ViperDB for smaller solutions.
2- I want to run Nagios on my servers for monitoring
Good.
3- I want to setup my UNIX and Windows servers with remote logging. For the UNIX/Linux servers, I would do remote syslogging to a syslog server such as Syslog-ng or Rsyslog. For the Windows servers, I would also setup a remote logging to that same syslog server, with a client tool such as Winsyslog.
Event to syslog is kind of cool. It's irritating to audit Windows event logs in a flat form, definitely clutters stuff up. I have yet to see an ideal cross platform central logging solution. <snip>
So my question again: does anyone here know the best way to implement all of these (Integrity Checks, Servers Monitoring and remote Logging) in a mixed environment (UNIX/Windows), everything being open-source ?
Sounds like you want a consultant. =) You have a pretty good idea going on. You might want to throw some network IDS in there too. Best regards, Warner. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- RE: Prelude/OSSIM/OpenSIMS/OSSEC Warner Moore (Sep 02)
- <Possible follow-ups>
- Re: Prelude/OSSIM/OpenSIMS/OSSEC Daniel Cid (Sep 02)
- Re: Prelude/OSSIM/OpenSIMS/OSSEC Angel Alonso Párrizas (Sep 02)