February 18th, 2003, 03:50 AM
I compiled and installed Puresecure-1.6-Personal on my tux box and it is up and running, except for system integrity verification status: no sensor monitoring. I still haven't been able to figure out why. Anyone familiar with this please reply.
Thanks for the help!
February 18th, 2003, 07:43 AM
Well, I havent used this particular app before, but a quick look at the documentation gave me a couple of hints.
Puresecure appears to take advantage of(not in a bad way) open source apps. Snort was specifically mentioned as far as the network intrusion detection goes. I am assuming that they follow similar practice with other parts of their software, by using well known open source apps, with a plugin to deal with getting the data in and out of the db, and to the console.
Having said that, it is very likely that the "System Integrity Verification" is done using a package called Tripwire, which is available free(open source) for linux, and other *nix, but not windows(pay version).
So, I would imagine that either a). tripwire is not installed on your machine, and puresecure did not install it for licensing reasons, in which case you need to get tripwire downloaded and installed, the reconfigure that part, or b) tripwire is installed on your box, but the plugin nescessary for that part of the software was not installed by default, in which case, you will need to find that plugin on their site, and install it.
Like I said, I know nothing about this product, short of reading their marketing blurb, and then skimming the documentation, but, the scenarios I mentioned above seem very reasonable.
Good luck, and let us know when/if you get it solved, and what you think of the software.
February 18th, 2003, 08:59 AM
I thought of tripwire as well but haven't figured out how to integrate it with Puresecure. It does use snort, as well as mysql and apache (and some perl mods). It identified a ms-sql propagation attempt a few mins. ago, lol. It supplies quite a bit of info and I am learning about attacks (as well as some false alarms) at a greater rate then I did without it. A good tool to study security as well as provide it so far. Thanks for the input!
February 18th, 2003, 11:21 AM
No it doesn't use tripwire. You have to go into the sys verif setup screen and tell it what you want to verify using the syntax displayed there. You can only verify stuff on the box that PureSecure is installed on. If you want to verify another box you install PureSecure without snort and make it a secondary sensor reporting to the first which is the main sensor.
As for service monitoring you need to create a group, create a service, add the service to the group and then tell it to monitor the service..... I could be a little off on the details 'cos a) I just woke up, and b) I'm at home and it's at work....<s>
I use PureSecure quite a lot, recommend very highly, and personally love it. If you have any questions about it feel free to ask.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
February 18th, 2003, 03:10 PM
Appreciate the knowledgeable correction, I was just assuming about the tripwire thing.
It sounds interesting, I will have to try puresecure sometime.