> -----Original Message-----
> From: Pat [mailto:securityfocus.20.patgourmet_at_spamgourmet.com]
> Sent: Tuesday, August 29, 2006 12:37 PM
> To: focus-ids_at_securityfocus.com
> Subject: Prelude/OSSIM/OpenSIMS/OSSEC
>
<snip>
> 1- I want to begin by implementing an integrity checker. I am looking
> at Samhain and Osiris. Samhain seems better, but since it does not
> support Windows, I will probably use Osiris. Maybe OSSEC also would
> do the job ?
I am big on AIDE lately. If you want to spend money, Tripwire. Our
solution was to hack out a centralized solution around AIDE. There's some
neat hacks out there like ViperDB for smaller solutions.
> 2- I want to run Nagios on my servers for monitoring
Good.
> 3- I want to setup my UNIX and Windows servers with remote logging.
> For the UNIX/Linux servers, I would do remote syslogging to a syslog
> server such as Syslog-ng or Rsyslog. For the Windows servers, I would
> also setup a remote logging to that same syslog server, with a client
> tool such as Winsyslog.
Event to syslog is kind of cool. It's irritating to audit Windows
event logs in a flat form, definitely clutters stuff up. I have yet to see
an ideal cross platform central logging solution.
<snip>
> So my question again: does anyone here know the best way to implement
> all of these (Integrity Checks, Servers Monitoring and remote
> Logging) in a mixed environment (UNIX/Windows), everything
> being open-source ?
Sounds like you want a consultant. =) You have a pretty good idea
going on. You might want to throw some network IDS in there too.
Best regards,
Warner.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Sep 02 2006
Intro
