Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ISSForum] AIX Server Sensor Not Working

from [Zoran Hrvoic] Network Security [Permanent Link]
Subject: Re: [ISSForum] AIX Server Sensor Not Working
Date: Wed, 16 Mar 2005 15:51:59 +0100 
Hello,

AFAIK, you can't run any UNIX ServerSensor without syslog.


From the Server Sensor Installation Guide (RS_SvrSensor_IG_7.0.pdf):

"... for UNIX sensors, you must enable syslog logging before any syslog
based
signatures can work (many non-network based signatures rely
on the syslog)".

You should also check the KB article #2902.

Zoran

----- Original Message ----- 
From: "Kwan Chee Kin" <kck3180@yahoo.com>
To: "Zoran Hrvoic" <zoran4afc@hdinfo.hr>; <ISSForum@iss.net>
Sent: Wednesday, March 16, 2005 3:20 PM
Subject: Re: [ISSForum] AIX Server Sensor Not Working


Hi,
I'm not using any Syslog.

Kwan

--- Zoran Hrvoic <zoran4afc@hdinfo.hr> wrote:

I had a similar issue few years ago with AIX OS
Sensor.
Then the problem was trivial: the syslog daemon had
been writing to the
"/var/log/syslog.log" file, and the sensor expected
log in
"/var/log/syslog".
Check what is your syslog output file, and is it the
same file the sensor is
expecting.

Zoran


----- Original Message ----- 
From: "Kwan Chee Kin" <kck3180@yahoo.com>
To: "Andres Riancho" <andresit@fibertel.com.ar>;
<issforum@iss.net>
Sent: Saturday, March 12, 2005 10:24 AM
Subject: Re: [ISSForum] AIX Server Sensor Not
Working


Hi,

Yes, I did try with another policy. It still won't
work. I did not install the network monitoring
component so I don't think that will work, will it?
I'm trying to get the auditting part work.

Thanks.

Best regards,
Kwan Chee Kin

--- Andres Riancho <andresit@fibertel.com.ar> wrote:

Have you tried with another policy ? Maybe you

could

try to enable the event
HTTP_GET for testing.

Cheers ,

Andres Riancho

----- Original Message ----- 
From: "Kwan Chee Kin" <kck3180@yahoo.com>
To: <issforum@iss.net>
Sent: Thursday, March 10, 2005 7:32 AM
Subject: [ISSForum] AIX Server Sensor Not Working



Hi,
I installed RS Server Sensor 7 on both AIX and
Windows. I got the Sensors on both platforms
communicating to the Site Protector 5. I applied

the

default Attack_And_Audit_Policy into the

Sensors.

Then

I tried to test on the audit part of this policy

by

trying a brute force login to the Sensors.

The Windows platform sensors shows me the events

like

I expected but the AIX did not even show

anything.

There is not even an event showing 'root' access

to

the system.

I verified the Sensors is Active. Then I

verified

that

the enforce audit policy is turned on in each

AIX

sensors and the Auditing in OS for the policy is
checked.

What could be the problem? Anyone bump into such
problem before?
Will AIX sensors show me anything in the events

like

telnet login?
Anyone knows any diagnostic tool I can check

whether

the AIX sensor is working or not?

Appreciate any comment.
Thank you.

Best regards,
Kwan CK



__________________________________________________

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam

protection around

http://mail.yahoo.com
_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go

to

https://atla-mm1.iss.net/mailman/listinfo/issforum


To contact the ISSForum Moderator, send email to

mod-issforum@iss.net


The ISSForum mailing list is hosted and managed

by

Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA
30328.







__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to
mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by
Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA
30328.






__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ISSForum] AIX Server Sensor Not Working, Kwan Chee Kin
Next by Date:  [ISSForum] Remedy traffic kill on G1200F, Diamanti Massimo
Previous by Thread:  Re: [ISSForum] AIX Server Sensor Not Working, Kwan Chee Kin
Next by Thread:  Re: [ISSForum] AIX Server Sensor Not Working, Kwan Chee Kin
Indexes:  [Date] [Thread] [Top] [All Lists]