frank wrote:
>I have just setup my Web server on solaris platform and is planning to
>deploy a freeware IDS. Now I am evaluating the below IDS tools :-
>AIDE
>Snort
>Tripwire
>Chkrootkit
>
>
Frank, you may also want to check out:
*Samhain: File integrity / suid checker (la-samhna.de/samhain/)
*Prelude IDS: "hybrid" IDS system with both network and host based
components (log monitoring on the host side) (www.prelude-ids.org)
*The Honeynet project has several very useful tools worth checking out
(http://www.honeynet.org/papers/honeynet/tools/)
*Since you are running this on a Solaris box you may want to enable BSM
auditing. I don't recall the specific system resource requirements,
certainly disk space is a significant issue, but you can get a lot of
useful information from this level of auditing,
Part of the benefit of checking out Samhain and Prelude is that they
both natively support sending gathered information to a backend server
running a MySQL or PostgreSQL database and also support a secure
communication channel between the reporting and receiving hosts.
Hope this helps -Bryan Strong
Received on Dec 27 2002
Intro
