ASET and BSM questions

ASET and BSM questions

Post by Jack M » Fri, 19 Apr 2002 01:10:30



Would like comments and suggestions regarding the use of ASET and BSM
on Solaris as basic security modules.

ASET:
1) After reading some posts about ASET, I get the opinion that unless
   the box will be a firewall, don't run ASET with the HIGH setting.
   The LOW option seems to be sufficient for "checking" and then
   reporting on file and directory status, but what would be a good
   reason to use the MEDIUM option?

2) Does running ASET with the LOW option just "report" settings, as
   documented, or, does ASET with the LOW option change some file
   permissions?

BSM:
1) What's the approximate performance hit when running BSM?
2) How much disk space is used when configured in it's various
settings?

I am also looking for opinions on AIDE, the TripWire free software as
found on sunfreeware.

Jack

 
 
 

ASET and BSM questions

Post by Philip Bro » Fri, 19 Apr 2002 07:11:19



Quote:>ASET:
>1) After reading some posts about ASET, I get the opinion that unless
>   the box will be a firewall, don't run ASET with the HIGH setting.
>   The LOW option seems to be sufficient for "checking" and then
>   reporting on file and directory status, but what would be a good
>   reason to use the MEDIUM option?

these days it is recommended to run JASS instead of ASET

Quote:>BSM:
>1) What's the approximate performance hit when running BSM?
>2) How much disk space is used when configured in it's various
>settings?

depends how much logging you enable, and how many users you have

--
[Trim the no-bots from my address to reply to me by email!]
[ Do NOT email-CC me on posts. Pick one or the other.]

http://www.spamlaws.com/state/ca1.html

 
 
 

ASET and BSM questions

Post by nolb » Fri, 19 Apr 2002 16:08:49


<snip>

Quote:> I am also looking for opinions on AIDE, the TripWire free software as
> found on sunfreeware.

> Jack

FCheck ( http://www.geocities.com/fcheck2000/ ) may also be an option.
It is in Perl.
I believe the pre-corporate ('97) version of tripwire is still available
for free.
 
 
 

ASET and BSM questions

Post by Dan Fost » Tue, 09 Jul 2002 03:34:23






><snip>
>> I am also looking for opinions on AIDE, the TripWire free software as
>> found on sunfreeware.

>FCheck ( http://www.geocities.com/fcheck2000/ ) may also be an option.
>It is in Perl.
>I believe the pre-corporate ('97) version of tripwire is still available
>for free.

May want to look into Samhain -- looks to be *very* hot and very well
done (freeware) package that looks like it gives Tripwire a serious run
for its money.

http://samhain.sourceforge.net

Don't know anything about AIDE, alas.

-Dan

(email sent to original poster as a courtesy and posted to comp.unix.aix)

 
 
 

1. C2, BSM and aset ?????

How do these 3 items fit together?  

Also, if I do "aset -l high", is there any falling back (w/o restoring
from backup)?

please respond here or by email at the email address pronounced "bobn at
interaccess dot com"

2. poor man's DMZ ?

3. ASET questions

4. Kernel Compile Problem

5. Matrox Mystique ands X.

6. Waiting for all descendants

7. BSM question

8. Blocked serial I/O under NetBSD vs. Linux

9. BSM Solaris - question of return value

10. BSM question

11. Question about Solaris BSM and Auditd

12. BSM question...