Date: Sun, 26 Mar 1995 12:13:32 -0800 From: daemon@holonet.net (HoloNet Background Processor) To: jtruitt@iu.net Subject: info info Last updated 10 Mar 95 This file is sent in response to any email message to: info@haystack.com or info@mailer.haystack.com You have reached the Internet email responder for Haystack Labs, Inc. We design and develop Unix security tools for intrusion and misuse detection and audit trail analysis. There are many files available from this system, as described below, and new ones are added frequently. All files are ASCII; binary files are uuencoded. (See the end of this message for information on uuencoded files.) Check the file size to make sure your Internet mailer has sufficient capacity for a mail message of that size. Any of these files will be emailed to you in response to email sent to: filename@mailer.haystack.com where filename is listed in the leftmost column below. For example, if you want a copy of the file named "background.uue", then send an email message to: background.uue@mailer.haystack.com We would appreciate it if you would provide your contact information (name/address/phone) in the body of your message, but the system works without it. If you have problems using this system, please send email to support@haystack.com, or call/fax us. Here's how to reach us: post: Haystack Labs, Inc. 10713 RR620 North, Suite 521 Austin, TX 78726 USA phone: 512-918-3555 fax: 512-918-1265 If you are interested in sales-related information, please contact Donna Herrin ay the above phone number or send email to: sales@haystack.com please contact our U.S. Government sales rep, Ms. Kelly Collins, at 301-924-0800 in the DC area. ------------------------------------------------------------------- ------------------------------------------------------------------- approx. filename size (KB) contents ------------------------------------------------------------------- ------------------------------------------------------------------- info 11 this file events 2 upcoming talks and trade shows where you can see our products and/or hear about our technologies backgrnd.uue 38 company backgrounder on Haystack Labs format is uuencoded .eps.Z file (Postscript) ------------------------------------------------------------------- product data sheets: ------------------------------------------------------------------- overview 4 product overview of Stalker (TM), Haystack Labs' software for misuse detection and audit trail analysis on Unix platforms; ASCII ac 2 data sheet on Audit Control features; ASCII ac.uue 72 data sheet on Audit Control features; format is uuencoded .eps.Z file (Postscript) tb 3 data sheet on Tracer/Browser features; for queries and report generation; ASCII tb.uue 52 data sheet on Tracer/Browser features for queries and report generation; format is uuencoded .eps.Z file (Postscript) md 3 data sheet on Misuse Detector features;; ASCII md.uue 72 data sheet on Misuse Detector features; format is uuencoded .eps.Z file (Postscript) aix_pr.uue 14 press release on new IBM AIX 3.2.5/4.1 support; format is a uuencoded .eps.Z file with graphics edu_sld.eps.uue 133 Introductory slide set on Stalker software; useful in general security classes; format is uuencoded .eps.Z file (Postscript) edu_sld.ppt.uue 267 Introductory slide set on Stalker software; useful in general security classes; Microsoft PowerPoint data file that generated edu_sld.eps.uue; format is uuencoded .ppt.Z file (PC PowerPoint) ------------------------------------------------------------------- product application notes: ------------------------------------------------------------------- NOTE: These notes show how the Stalker software is used to solve common security and accountability problems. They include detailed screen snapshots. These files are uuencoded .eps.Z files (Postscript). appnote1.uue 190 Who Read the CEO's Email? appnote2.uue 154 Did Anyone Log In From Outside the Company? appnote3.uue 233 Did Anyone Install a Trojan Horse Program? appnote4.uue 168 Who Tried To Become "Superuser"? appnote5.uue 191 Who Read Burt Reynolds Tax Return? appnote6.uue 150 Did An Internet Hacker Install a Sniffer Program on the Network? ------------------------------------------------------------------- legal: ------------------------------------------------------------------- dev_lic.uue 68 Developer's kit license agreement; required to purchase our Misuse Detector Developer's Kit; format is uuencoded .eps.Z file (Postscript) eval.uue 51 Software evaluation agreement; required to get an evaluation copy of our products; format is uuencoded .eps.Z file (Postscript) nda.uue 33 Non-disclosure agreement; format is uuencoded .eps.Z file (Postscript) reseller.uue 106 Reseller's agreement; format is uuencoded .eps.Z file (Postscript) re_info.uue 21 Reseller's information/qualification form; format is uuencoded .eps.Z file (Postscript) sla.uue 95 Software license agreement; required to purchase our products; format is uuencoded .eps.Z file (Postscript) sma.uue 41 Software maintenance agreement; covers support for our products; format is uuencoded .eps.Z file (Postscript) ------------------------------------------------------------------- research papers and presentations: ------------------------------------------------------------------- acsac-tk.uue 91 Presentation slides used by Steve Smaha at the 10th Computer Security APplications Conference in Orlando, FL, on 08 Dec 94; talk was entitled "Audit Trail Analysis in Government and Industry", and gives an overview of the uses and management of audit trail data; format is uuencoded .eps.Z file (Postscript) biblio 22 bibliography of papers on intrusion and misuse detection; ASCII hli_biblio 3 bibliography of security-related papers by Haystack Labs' staff; ASCII svr4.p22 17 version 2.2 of specification for svr4++ audit data interchange format for Unix; ASCII csi.uue 36 Journal paper, "Misuse Detection Tools," from Computer Security Journal (Computer Security Institute), Spring, 1994; format is uuencoded .eps.Z file (Postscript) auerbach.uue 37 Journal paper, "Software Tools for Detecting Misuse on Unix Systems," Data Security Management (Auerbach Publications), Fall, 1994; format is uuencoded .eps.Z file (Postscript) ------------------------------------------------------------------- reports and source code from Firewall Monitor project: ------------------------------------------------------------------- NOTE: This is some of the code developed for a U.S. Government project to build a Firewall Monitor. This monitor merged data from a high-grade firewall with SunOS operating system audit trail information from the Bastion Host for subsequent analysis by Stalker. See 14idswrk.uue for more information. 14idswrk.uue 49 presentation slides used by Steve Smaha at the 14th Intrusion Detection Systems Workshop in Baltimore, MD, on 13 Oct 94; talk was entitled "Using Non-Audit Data For Misuse Detection", and describes an application of the Stalker product to monitor a high-grade firewall; format is uuencoded .eps.Z file (Postscript) firewal1.uue 56 Diagram to accompany fwtech.txt; format is uuencoded .eps.Z file (Postscript) firewal2.uue 29 Diagram to accompany fwtech.txt; format is uuencoded .eps.Z file (Postscript) firewal3.uue 63 Diagram to accompany fwtech.txt; format is uuencoded .eps.Z file (Postscript) fwtech.txt 67 Final project technical report; ASCII api.uue 50 C source code for API to write audit trail events based on POSIX 1003.6/Draft 14 spec; uses svr4++ format as underlying implementation; format is uuencoded .tar.Z file; unsupported, use at own risk, etc.; see "fine print" in the file headers ------------------------------------------------------------------- other source code: ------------------------------------------------------------------- svr4prep.uue 135 C source code for reference implementation of preprocessor for converting SunOS BSM audit trails to svr4++ format; format is uuencoded .tar.Z file; unsupported, use at own risk, etc.; see "fine print" in the file headers; note that this is for rev 1.0 of svr4++ spec, NOT the current one. audit_level.sh 1 Bourne shell script for use on IBM AIX 3.2.5 to check for presence of IBM patch required for operation of Stalker software; format is ASCII file. ------------------------------------------------------------------- About uuencoded files: ------------------------------------------------------------------- The Unix uuencode/uudecode utilities are often used on the Internet to make non-ASCII files into ASCII files (that is done by uuencode), or convert uuencoded ASCII files back into their original binary formats (that is done by uudecode). If you do not have uuencode and uudecode on your non-Unix machine, either locate a colleague with a Unix workstation or contact Haystack Labs for hardcopy. ------------------------------------------------------------------- ------------------------------------------------------------------- Copyright (c) 1994-1995 by Haystack Labs, Inc. All rights reserved. Stalker is a registered trademark of Haystack Labs, Inc. All other trademarks belong to their respective owners. Specifications subject to change without notice. >i suppose you could try stalker and netstalker from haystack labs >in austin. > >stalker doesn't use syslog. it uses the c2 audit trail. > >>