Domain: intersectalliance.com
Stories and comments across the archive that link to intersectalliance.com.
Comments · 11
-
Re:Works for me
It's the open source Windows-eventlog-to-syslog forwarding agent. http://www.intersectalliance.com/projects/SnareWindows/
-
Re:Redhat and Novell
I love SuSE and use both SuSE and Red Hat Enterprise at work. I work for a large defense contractor and we had to throw out SuSE because we could not make it DoD NISPOM chapter 8 compliant. This is required for computers which operate in classified environments. Its failure - PAM configuration and auditing. PAM configurations which support NISPOM 8 would crash on SuSE. The snare kernel (to support auding requirements http://www.intersectalliance.com/projects/Snare/) for SuSE Pro (9.3) is not available. I could not get the patch to apply to thier kernel. RHEL4 could be made compliant, easily. Obviously Red Hat is working closely with customers and SuSE is not.
-
What if you write GPL code to help SOX compliance?GPL could Violate SOX eh?
I guess all the organisations that are using the GPL'd Snare for Windows, Snare for Solaris, Snare for (Linux|AIX|Tru64|etc..). to help them meet their Sarbanes-Oxley audit-related objectives (or GLBA / DCID / DIAM / ACSI 33 / NISPOM / HIPAA / etc..) will be laughing their collective asses off then
;)Red. (Disclaimer: Snare developer)
-
Re:My complaint about intrusion detection devices.
Have a peek at Snare (http://www.intersectalliance.com/snareserver/ind
e x.html) - looks like it does something along the lines of what you're after.
It's primarilly focused on auditing / eventlog analysis, but there's a snort interface too I think (http://www.intersectalliance.com/snareserver/samp les/index.html) -
Re:My complaint about intrusion detection devices.
Have a peek at Snare (http://www.intersectalliance.com/snareserver/ind
e x.html) - looks like it does something along the lines of what you're after.
It's primarilly focused on auditing / eventlog analysis, but there's a snort interface too I think (http://www.intersectalliance.com/snareserver/samp les/index.html) -
Re:Hardened Gentoo
I presume you have taken a look at Snare?
I've collaborated with the Intersect Alliance team recently to improve the userland audit daemon support, and I know a fellow at NASA who is also doing work to improve the in-kernel behavior of the system.
Snare looks like pretty good stuff, we'd love to see it integrated with SELinux and made available as a kernel configuration option.
-
Kernel auditing
Interesting that CA is pushing for inclusion of a kernel auditing facility in 2.7. That sort of functionality, required in a number of federal contexts, is already available in a Linux-compatible, GPL'ed code base, from Intersect Alliance down in Australia. The Snare project patches the Linux kernel with auditing instrumentation, making it possible to detect abnormal system call activity that other methods don't.
Solaris has had something like this for a long time in the form of BSM, as had Windows. Even Mac OS X has preliminary BSM support in Mac OS X Panther. It would be very great to see this kind of functionality as a config option on the Linux kernel, and hopefully sooner rather than later.
-
What about C2 -style auditing?
The SNARE folks say they are working to get C2-style auditing capability in the kernel, since the old hooks were broken/fixed in 2.4.21. This is a big feature that is keeping Linux from being a "serious" player in "secure" environments, such as certain government-controlled areas.
-
Auditing for Linux:
Syscall Tracker
or...
SNARE System iNtrusion Analysis & Reporting Environment
Maybe we're not C2 now, but I don't think there's anything we can't do in Linux that you can in Solaris (except STREAMS, but that has questionable merits... there hasn't been a need in Linux really).
If you want an analogue to Trusted Solaris, there's always NSA SeLinux. But some people don't trust it. -
C2 Development Target
A couple of ex Defence Signals Directorate spooks (Australias NSA) are researching the possibility of integrating C2 into the kernel. See Intersect Alliance press releases for more info.
Dont know where they fit in with the SGI efforts.
Mal. -
Re: Auditing for Linux?
Geeknews has a segment on an Oz IT Security firm (InterSect Alliance) which was started by a couple of ex-spooks from DSD, the Australian equivalent of the NSA. They're aparently investigating the possibility of a government-strength C2 audit module for Linux. A chance to push open source into those really paranoid government agencies? So much for microsoft saying linux has 'poor security functionality' because it has no 'C2 government strength' security.