Re: prfile
Martin Hargreaves (martinh@paston.co.uk)
Fri, 18 Aug 1995 21:03:26 +0100
>We've are using a combination of commercial and freeware products and I
>seem to be relying more on freeware than on the commercial products.
>The majority of the pitfalls I am running into in both types of products
>is the portability of the product to a multitude of Unix platforms.
I agree with this, a lot of code is very portable but some packages
(I'm thinking of maybe ISS) and rather sun-centric. The things that deal
with networking tend to be a bit more machine specific but there doesn't
seem to be much that can be done about that. Maybe use some of the freeware
libraries (BPF?)
>For instance, Haystack Labs has a really nice ids
>product called stalker which installs on Sun's and HP's, but not SGI's.
>More disturbing was a comment I got from a developer there. He said
>(and I am summerizing) that they have no plans to port to SGI's because
>most SGI customers only buy the Unix systems for the graphics capability
>and are not willing to take the performance hit.
Maybe they've never seen a Challenge? Some supercomputer centers are going
to move entirely to Challenge and PowerChallenge arrays due to cost reasons
I've heard. I think they are taking a very short sighted view.
>This is unfortunate because
>I was quite impressed with their Stalker product.
Any more details on it? What exactly does it do?
>One of the most portable packages I have seen to date in the freeware
>realm is tcp_wrappers.
I shall be porting this to our Sequents next week. A very useful program, I
agree - it is also useful for listening with dummy servers on well known
ports. Also to do this on say 10 sequential ports gives the same (or better)
functionality as "courtney" and "gabriel" for checking against port scanners.
>If you install using
>the "hard installation" this means you have to change the inetd.conf file
>and in doing so, the sgis will have to be rebooted. :-( It is the
>only platform out of 7 different Unix platforms that I have to deal with
>that exhibits this problem.
Really? You can't restart the network software from the console? Which
version of IRIX is this? I've used 4.0.5 through 5.3 and those are the only
two revisions I'd recommend...
>So the commercial venue is a very touchy problem. Being able to
>respond to a customers problems is top priority for us. Perhaps
>that is why we rely on freeware because we can make changes ourselves
>or contact the authors who generally are very willing to help. There
>are even some very nice integrity checking packages out there in
>freeware such as ISS, SATAN, COPS, etc, all of which are invaluable
>tools to a Unix security administrator.
I'd go for TIGER over COPS, it's very much more thorough than COPS. Although
I found COPS easier to extend (added a module for HP-UX). Ingeneral I think
it's better to trawl the COAST archive and get everything that looks useful....
>Well I've said enough. I hope some of this helps. I am more than
>eager to hear anyone elses experiences with commercial packages.
Our Security services people are looking for access control/admin software.
They looked at CA-Unicenter, I thought maybe Powerbroker could help? Any
experiences with these? From looking at it's web site (http://www.fsa.ca)
PowerBroker looked like a souped-up version of sudo. Has anyone tried it?
Regards,
Martin.
########################################################################
# Martin Hargreaves Contract Unix System Administrator #
# (martinh@paston.co.uk) Unix & Network Security, WWW #
# Computational Chemistry #
########################################################################