Hi, thanks for the reply DK, Well I found the GUI....thanks for the tip. It wasnt installed properly in Fedora Core 1, ah well, never mind, Ill build a dedicated machine.
I am in the process of building a server based version using Debian Woody. May I ask upon which Debian distro is the "Installing OSSIM on a Debian Gnu/Linux" based? (ie. woody or sarge) I will integrated Firewall-1 NG and Realsecure host and network sensor traps and see how we get on....anything to filter those false positives has got to be good. So..yes I would love your Perl script!! Do you have any instructions on providing the SNMP package with the Realsecure MIB? We did this with HP OpenView, but it seemed overly complicated. Do you mean I should enter all Realsecure enabled signtaures into the SIM XML file? Whoa....there are thousands.....any tips on processing Realsecure policy files? By the way, I am CCing the public Issforum.net, im sure others will be interested. Stephen Stephen Cooper, CISSP Senior Security Analyst Security & Architecture Group Information Technology Services Bank for International Settlements Voice: +41 61 2806792 Fax: +41 61 2809100 >>> DK <[EMAIL PROTECTED]> Tuesday 30, March, 2004 16:25:39 >>> Hi Stephen, thanks for the conflict point, we'll try it out. Regarding your questions: 1) Ossim adds itself to apache and the whole interface sits at /var/www/ossim. 2) In order to get realsecure input you have to do the following: - Patch the installed policy in order to enable snmp logging of everything (a simple perl script does the thing, if you want it I can send it in) - Enable any host running ossim agent to receive snmp traps (we used ucd-snmp) and log them into a file. You have to provide ucd-snmp with the realsecure MIB. - Sort all your installed realsecure rules and enter them into the plugin_sid table. Some sample rules are included with ossim. - Modify the Realsecure agent in order to get the same plugin index. If you wan't more detailed info just ask but it may take me some time to write it down. Greetings, DK Am 30.03.2004 um 12:42 schrieb Nobody: > Stephen Cooper <[EMAIL PROTECTED]> wrote: > > Hi, > > I have downloaded (and I think successfully) got most components > working on Fedora Core 1....by the way, the RPMs conflict terribly > with the apt rpm repository hosted by \"DAG\". > > After reading the english documentation I could find, I was wondering > if I might ask a few questions.... > > 1. How does one run the GUI. Is it a webtop? Is there a user interface? > > 2. How would you see Realsecure traps being processed, is there a tool > that takes SNMP traps and creates realsecure.log via syslog? > > Stephen > Disclaimer This e-mail message shall not be construed as legally binding on the Bank for International Settlements (BIS). As internet communications are not secure, the BIS does not accept responsibility for the content of this message. This message is intended only for the recipient(s) named above. Any unauthorized disclosure, use or dissemination, either in whole or in part, of this message is prohibited. If you have received this message in error, please inform the sender immediately by return e-mail and delete this message and any attachments thereto from your system. Thank you for your co-operation. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
