Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ISSForum] AIX Server Sensor Not Working

from [Kwan Chee Kin] Network Security [Permanent Link]
Subject: Re: [ISSForum] AIX Server Sensor Not Working
Date: Sat, 12 Mar 2005 01:24:21 -0800 (PST) 
Hi,

Yes, I did try with another policy. It still won't
work. I did not install the network monitoring
component so I don't think that will work, will it?
I'm trying to get the auditting part work.

Thanks.

Best regards,
Kwan Chee Kin

--- Andres Riancho <andresit@fibertel.com.ar> wrote:

Have you tried with another policy ? Maybe you could
try to enable the event
HTTP_GET for testing.

Cheers ,

Andres Riancho

----- Original Message ----- 
From: "Kwan Chee Kin" <kck3180@yahoo.com>
To: <issforum@iss.net>
Sent: Thursday, March 10, 2005 7:32 AM
Subject: [ISSForum] AIX Server Sensor Not Working



Hi,
I installed RS Server Sensor 7 on both AIX and
Windows. I got the Sensors on both platforms
communicating to the Site Protector 5. I applied

the

default Attack_And_Audit_Policy into the Sensors.

Then

I tried to test on the audit part of this policy

by

trying a brute force login to the Sensors.

The Windows platform sensors shows me the events

like

I expected but the AIX did not even show anything.
There is not even an event showing 'root' access

to

the system.

I verified the Sensors is Active. Then I verified

that

the enforce audit policy is turned on in each AIX
sensors and the Auditing in OS for the policy is
checked.

What could be the problem? Anyone bump into such
problem before?
Will AIX sensors show me anything in the events

like

telnet login?
Anyone knows any diagnostic tool I can check

whether

the AIX sensor is working or not?

Appreciate any comment.
Thank you.

Best regards,
Kwan CK

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam

protection around

http://mail.yahoo.com
_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to

https://atla-mm1.iss.net/mailman/listinfo/issforum


To contact the ISSForum Moderator, send email to

mod-issforum@iss.net


The ISSForum mailing list is hosted and managed by

Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA
30328.







__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ISSForum] RSDP and Safenet, MATT PIERCE
Next by Date:  RE: [ISSForum] Fusion module and checkpoint+cisco, davidc
Previous by Thread:  Re: [ISSForum] AIX Server Sensor Not Working, Andres Riancho
Next by Thread:  Re: [ISSForum] AIX Server Sensor Not Working, Zoran Hrvoic
Indexes:  [Date] [Thread] [Top] [All Lists]