OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: ./ (dotslashlinif.org)
Date: Fri Apr 06 2001 - 04:08:07 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Thank you to all those who replied.

    First off, I've toyed around with the idea of setting up a honeypot and
    there are merits and demerits (mostly demerits for us) of using such setup
    to protect our network. My primary aim and goal is to hide as much as
    possible our network from unwanted parties and a honeypot system is like
    dangling raw meat when one is surrounded by 1i0ns.

    I finally was able to make logchecker run (Kevin your input is much
    appreciated specially on the ipf log) and I'm using it to analyse snort's
    output. I still have to trim snort's output (I'm currently using the -b
    option) though.

    ACID, Snortsnarf (thanks Jan) are cool but they're a bit too much for my
    minimal setup of OpenBSD and I prefer text logs as opposed to html ones.

    Regards,

    ----- Original Message -----
    From: "Jimmi Andersen" <japrotectdata.dk>
    To: "'./'" <dotslashlinif.org>
    Sent: Thursday, April 05, 2001 6:21 PM
    Subject: RE: Setting up IDS - needs suggestion on tools

    > The new version of tripwire supports FreeBSD 4.2.. and i have heard that
    > tripwire is maybe going to make a OpenBSD version soon. Also there is AIDE
    > (don't know if it works for OpenBSD)
    >
    > Also you can make changes to the binaries like the trojans do.. so you can
    > log specific stuff.
    >
    > Are you going to make a honeypot? - let me here... then we can exchange
    some
    > information maybe
    >
    > /ja
    >
    > -----Original Message-----
    > From: ./ [mailto:dotslashlinif.org]
    > Sent: 5. april 2001 16:04
    > To: miscopenbsd.org
    > Subject: Setting up IDS - needs suggestion on tools
    >
    >
    > Hi. I'm setting up our IDS using OpenBSD 2.8 and I'm using snort. Since
    > most of the FAQs I've read are Linux-centric I'm not sure if Tripwire and
    > Logchecker are the right tools being used by OpenBSD veterans.
    >
    > Right now I'm having some problems (using "make bsdos" or "make generic"
    > causes errors during compile) installing logchecker (although snort is now
    > setup) but I think I can make it work.
    >
    > For Tripwire since I still can't make it work I've used the mtree tool and
    > have kept the generated signatures offline.
    >
    > The question is: Are there any other tools OpenBSD gurus uses besides the
    > snort and logchecker tandem?
    >
    > Regards,
    >
    >