Hi all,
I am looking forward a HIDS for mass deployment on unices systems (~= 1200
Linux/Solaris/AIX). I need a centralized system (in order to simplify
administration), excluding tripwire/aide/integrit and the like..

A that point of my researches, I have the feeling that OSSEC or Samhain
would be the right solution. I need centralized config files/databases,
multiple ways of processing logs (mail/syslog/dbs/scripts..). Managing
different types of systems/archs configuration files is also an important concern.

Here are a few questions I would like to submit to the list:
What is the most serious, stablest, easy-to-use and full-featured one between those two ?
Which one is the most widespread over huge organizations ?
Are there other solutions that would meet my needs ?
Are there well known issues in using samhain or ossec ?
Samhain and ossec seems unable to corelate alerts (avoiding mass mailing when the same
error is encountered on all hosts). Is that true ? Does some other tool do the job ?

Sorry about my weird english..
Thanks for any post.
--
Reconnaissez vos erreurs avant que quelqu'un d'autre ne les exagère.
-*- Andrew Mason -*-
0?
t *?H?÷

 ?
e0?
a

10 +0 *?H?÷


 ?&0?±0?? 
?ÿ0
 *?H?÷


0410 UFR1
0U
CNRS10U
CNRS-Standard0
080722135743Z
100722135743Z0n10 UFR1
0U
CNRS10UUSR640210UMattieu Puel1'0% *?H?÷


mattieu.puel (at) cc.in2p3 (dot) fr0 [email concealed]?
"0
 *?H?÷



?
0?

?

ÂU©?5ËÝ#ñ²?Þa?{fìÚ~*Îäg_^æuu½W?9u]Ê4Ø;Eø?P*L?
N6HR¯Qòyâ»Dº ×3ëý¢t?2þ°g µMíÝ?ø^é_TuN?Þ¹b?è??­MC
/"?áðÆøzõÑ3p§ø±53ýMB¦ô?U´c65D\.û
hcÃä·¦Z±:×3®?â?o)8åfM???*R?¿û??
?ÖG?}Ie
=±
¶¥ÏoìIVì£XöFÙ;?ì=kzV!FüËj4¶c{9Ñ?ÿ>
Õ?,ë¸Rl?8B?ë

£?
0?
?0U

ÿ00 `?H
?øB

°0U

ÿà0x `?H
?øB

kiCertificat CNRS-Standard. Pour toute information se reporter à http://igc.services.cnrs.fr/CNRS-Standard/0UGCgZ?üCUàEÖúc¬?Òj
0SU#L0J?gY¥åtIïÏÌ.¤ÕÈ?<¡/¤-0+10 UFR1
0U
CNRS1
0UCNRS?
0#U0mattieu.puel (at) cc.in2p3 (dot) fr0F [email concealed]U?0=0; 9 7?5
http://crls.services.cnrs.fr/CNRS-Standard/getder.crl0
 *?H?÷


?

ÑN»#mr¤º«s·Ä>¯8°8#?ã*·?¼?
Úgø«A?ú/ôâ´K[¥áe»5ÕÔJ¾ÿ?´¤>6?oùÀWLèÐàrúFý¯êCXç}­`°âÒ³ý»U=
mk¦?3é?±ð'­À?.}4¸<õßÛ-µ?ÔeKÉýbóüæ?ݝ!¸Lç5³S_DS?ù'#?W
?ÎzØ:

3Cöb'>×tÒkL)rwµ\Å?G??»ãw?Ñ`rs?yIzþ÷At.£ßÍ/Wk??Ùc[/Ã?]w®É?Jì
ô??PnD0?m0?U 

0
 *?H?÷


0+10 UFR1
0U
CNRS1
0UCNRS0
010427054649Z
110425054649Z0410 UFR1
0U
CNRS10U
CNRS-Standard0?
"0
 *?H?÷



?
0?

?

Üá!=?ê½^´?Û??´m=?b-ÊÿµJ?çV¤a,ñ *«ö*Ý|,¿ïuU¬ NçNaÀçðEÂ?ëÃdâc.Ë1فåÜ)??1Vâ?o§è©XDV?]³Nxp-߶ýrEÕñîMÎï¾Õ= E? ?¯LÚ ?¿:³ë'?À¹À¡N@Ü:ýj*¿@Õ,q?ùøºkäê*«/¾?ð§vm?)?/ðBò?[ÉöÌ_ºÂ¾Ò\°?À·Ëï
0í2-zJ÷?»  ¤´î3ËÐ??µµ³Þ?Y? ÕKí×LO?ú:*¡é¬ ¿

£?00U0

ÿ0UgY¥åtIïÏÌ.¤ÕÈ?<0SU#L0J?Vëh¹Ò\~?µ¥SÃ?ocX
Äùk·¡/¤-0+10 UFR1
0U
CNRS1
0UCNRS?
0U
0
 *?H?÷


?

G?rEÂNá!׫©
UÊ@mU¢^ëâ#Yä âö<6K§&#eÂê?r»¸?Ë?_ïy6%~×ó?û?D)&7Çîé?Îl??q=Òb¯öÍblSæz??{.3àAª¾e
?vñ?t³æ?SuÕK6K)ÄöÜ??@s?­{qPµ73òÈd»¡~6Æ­¯opR¦Ñ®Ì̺°èYb
­ÝK*è?9?Q/íaè·0?Û'Umf?£Q ?aqQ¾ÙA0üu_
??ÿ¾´Àrýj?j½ô?,´`6dú=j§°v?Ý3Ë4â?¡1?0?

0;0410 UFR1
0U
CNRS10U
CNRS-Standard?ÿ0 + ±0 *?H?÷

1 *?H?÷


0 *?H?÷

1
080810160304Z0# *?H?÷

13%)d´e??À£AY<ÃÅ?Ü#Z?0R *?H?÷

1E0C0
*?H?÷
0*?H?÷
?0
*?H?÷

@0+0
*?H?÷

(0
 *?H?÷



?
#àª[
¥
ÈA;?Q묝á8bû}A?¥ð(ÏPà·ÿ-ìjv¿.ã???Ç¡?Þ?ª[äeõF#j¥¦?wWo?J:iجent
½*Ø yo9]´â?¥nU!»öÌMIh??Yv+ÖÁ¡?Æ,­HßÆÜÿùKø?y¯h8®Â`¦Á"6EÊ¿?\'4±?¢½Yϝäðé?Eh??y\F?¹?Õý àà?½ÊÎ?Më?Ý?(?¥tð
??Ú?[ª?I`?)?úg;ùÔO)+pÙ`TWwÑÖ)¸6¨t²X?+úlý?ò*V@vsüªÌ

[ reply ]