Hi Pat,
I am replying in here, but be aware that I am an
ossec developer (so my opnion is biased).
What I like about ossec is that you could do integrity
checking, log analysis and rootkit detection on
a simple client/server architecture and on
multiple platforms (windows, Linux, BSD , AIX, etc).
For example, you can install the ossec-agent on a
Windows server and it will do integrity checking
and also forward your logs (from event log, IIS, etc)
to the ossec server for analysis. In addition to that,
it encrypts and compress all the data in transit,
saving some bandwidth. You can also install the
agent on Linux, BSD, AIX, Solaris ,etc...
So, with ossec you can do #1 (integrity checking),
#3 (remote logging -- with the benefit of encryption
and compression that syslog does not offer) and #4
(log analysis and correlation).
Hope it helps..
--
Daniel B. Cid
dcid ( at ) ossec.net
--- Pat <securityfocus.20.patgourmet@spamgourmet.com>
escreveu:
Hi,
Briefly, my question: does anyone here know the best
way to implement
all of these (Integrity Checks, Servers Monitoring
and Remote
Logging) in a mixed environment (UNIX/Windows),
everything being open-source ?
Details of the question:
I am looking for open-source products to secure our
network and
servers, which are a mix of Windows/Linux/AIX. I am
looknig for some
help in deciding what products to implement.
1- I want to begin by implementing an integrity
checker. I am looking
at Samhain and Osiris. Samhain seems better, but
since it does not
support Windows, I will probably use Osiris. Maybe
OSSEC also would
do the job ?
2- I want to run Nagios on my servers for monitoring
3- I want to setup my UNIX and Windows servers with
remote logging.
For the UNIX/Linux servers, I would do remote
syslogging to a syslog
server such as Syslog-ng or Rsyslog. For the Windows
servers, I would
also setup a remote logging to that same syslog
server, with a client
tool such as Winsyslog.
4- On top of that, I would like to implement a SIMS.
I know of 3
open-source SIMS: Prelude, OSSIM and OpenSIMS. Is
one better than the
other with my mixed environment?
5- Would a Change Management Solution like Radmind
on top of all that
be compatible worthwile, or it would mainly be
redundant ?
So my question again: does anyone here know the best
way to implement
all of these (Integrity Checks, Servers Monitoring
and remote
Logging) in a mixed environment (UNIX/Windows),
everything being open-source ?
Thank you.
Pat
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
_______________________________________________________
Você quer respostas para suas perguntas? Ou você sabe muito e quer compartilhar
seu conhecimento? Experimente o Yahoo! Respostas !
http://br.answers.yahoo.com/
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
