I'm not sure that running an A/V for the Solaris platform is all that productive. However, because of 0-day exploits, a potentially better solution is to use products like Aide to verify that the critical programs haven't been tampered with (i.e. rootkits or malicious users).
I got hit with a rootkit once on my home server running SunOS 4 and if I didn't see a strange message on the console during booting that prompted me to do some investigating I probably would never have caught it. Fortunately, my firewall prevented it from doing it's intended job. I've used aide ever since. You could use aide to keep track of changes to user files (.profile, etc.) if you are paranoid enough. With root on zfs and it's snapshot capabilities, there is an easy way to rollback from a rootkit. Gary This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
