druddle

Does anyone know of any audit-type software for Solaris ? I am after something that can do things like check for changes to files, estate-wide updates to files, sort of like MS SMS but for Solaris ?

Cheers

Dave

DrEvil

Pentasafe do one, we use it on Solaris and AS400

http://www.pentasafe.com/

DrEvil

PS. its called Vigilent

krankyd

TRIPWIRE.


Burn a copy of the output onto a cdrom, place cdrom in drive, run tripwire every night

druddle

dave - does Tripwire put much load on the servers, as it seems to want to log all I/O and compare it against a database ??

Dave

orbv

why not use the built in stuff?

Check out here

orbv

or maybe this doc will help here

krankyd

Sorry for the long reply - been out on the champagane last night

Shouldn't put too much of a load on the server. The real load is when you run it for the first time to get a list of all the current files and permissions..

It's only like doing a ls -laR and comparing the output with a flat-file. Just don't expect it to run very fast on a Ultra 10

Should be alright though - I'll install it tonight or over the weekend on a couple of boxes and see how quick it is...

My bets is the blade 100 will be v.slow, but my server farm of 6800's will be a bit quicker

druddle

Cheers dave, let me know how you get on.

It will be going on Primepower 650/2000 and the brand new 2500s with loads of horsepower

Dave

krankyd

If you're looking for more of a network-based thing, I've seed IDS used previously and it works really well.

It used heuirestics to monitor the network traffic and trends for a while. Then when it sees a new `attack` that is not part of normal operation it blocks it and flags an alert. Really cool if you like geeky things like me