Hi Pat, I am replying in here, but be aware that I am an ossec developer (so my opnion is biased).
What I like about ossec is that you could do integrity checking, log analysis and rootkit detection on a simple client/server architecture and on multiple platforms (windows, Linux, BSD , AIX, etc). For example, you can install the ossec-agent on a Windows server and it will do integrity checking and also forward your logs (from event log, IIS, etc) to the ossec server for analysis. In addition to that, it encrypts and compress all the data in transit, saving some bandwidth. You can also install the agent on Linux, BSD, AIX, Solaris ,etc... So, with ossec you can do #1 (integrity checking), #3 (remote logging -- with the benefit of encryption and compression that syslog does not offer) and #4 (log analysis and correlation). Hope it helps.. -- Daniel B. Cid dcid ( at ) ossec.net --- Pat <[EMAIL PROTECTED]> escreveu: > Hi, > > Briefly, my question: does anyone here know the best > way to implement > all of these (Integrity Checks, Servers Monitoring > and Remote > Logging) in a mixed environment (UNIX/Windows), > everything being open-source ? > > Details of the question: > > I am looking for open-source products to secure our > network and > servers, which are a mix of Windows/Linux/AIX. I am > looknig for some > help in deciding what products to implement. > > 1- I want to begin by implementing an integrity > checker. I am looking > at Samhain and Osiris. Samhain seems better, but > since it does not > support Windows, I will probably use Osiris. Maybe > OSSEC also would > do the job ? > > 2- I want to run Nagios on my servers for monitoring > > 3- I want to setup my UNIX and Windows servers with > remote logging. > For the UNIX/Linux servers, I would do remote > syslogging to a syslog > server such as Syslog-ng or Rsyslog. For the Windows > servers, I would > also setup a remote logging to that same syslog > server, with a client > tool such as Winsyslog. > > 4- On top of that, I would like to implement a SIMS. > I know of 3 > open-source SIMS: Prelude, OSSIM and OpenSIMS. Is > one better than the > other with my mixed environment? > > 5- Would a Change Management Solution like Radmind > on top of all that > be compatible worthwile, or it would mainly be > redundant ? > > So my question again: does anyone here know the best > way to implement > all of these (Integrity Checks, Servers Monitoring > and remote > Logging) in a mixed environment (UNIX/Windows), > everything being open-source ? > > > Thank you. > > Pat > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > > to learn more. > ------------------------------------------------------------------------ > > _______________________________________________________ Você quer respostas para suas perguntas? Ou você sabe muito e quer compartilhar seu conhecimento? Experimente o Yahoo! Respostas ! http://br.answers.yahoo.com/ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
