Host Integrity Monitoring Using Osiris and Samhain
A survival guide for the future of computing, this book provides the information necessary to understand the what, why, and how of host integrity monitoring.
TABLE OF CONTENTS Host Integrity Monitoring Using Osiris and Samhain
Administering Osiris
One of the biggest pitfalls with software security solutions (including Osiris) is that adequate administration is often ignored or the system is misconfigured. After you have deployed Osiris and established a management console, it is critical that you understand some administrative issues so that your deployment is a benefit to your security administration. The following sections deal specifically with logging, notifications (e.g., e-mail), scheduling, filters, users, and the management of the scan data. The goal is to make sure that your deployment does not become more of a problem than it is worth.
Logging
Logging is the most important behavioral aspect of Osiris (or any system like it). Whenever the management console performs analysis on scan data, the results are directed to the logs. The only downside to logs is that they must be read. This is a fundamental part of administrating a host integrity monitoring system that exists specifically to make sure that Osiris logs are presented to the appropriate person in a readable manner (see Chapter 9, Analysis and Response ).
The Osiris management console is the source of all logging data and has three vectors for log data: system logs, files, and pipes to external applications. All logging information is directed to the system log (usually syslog or the Event Viewer); which includes information about the workings of the management console itself, as well as all of the information about detected changes on monitored hosts. In addition to system logs, each host has a directory specifically...
Copyright Syngress Publishing, Inc. 2005 under license agreement with Books24x7
