Re: Snare, SELinux, NISPOM

G'day Tom, (All: Info) That seems like a pretty accurate summary right at the moment. We have quite a few people contacting us who use Snare for NISPOM - have a peek at the Snare support page on sourceforge for some hints on a NISPOM-targeted configuration, or drop me an email for more info. There is apparently also a custom DISA-approved version of Snare available - you may want to contact DISA for assistance. Although we're just about to bring out Snare 0.9.7, I'm pretty hopeful that this version will be the last that actually needs kernel components - with a little luck, we'll be able to shift the Snare daemon, GUI and micro-web server over to use the native logging subsystem sometime during (or after) FC3, based on the fantastic progress that has been recently made on the linux-audit list. So pre-fc3, I suspect that Snare's your best bet - but you may want to have a look at SuSE Enterprise, or RHEL3, which both incorporate Olaf Kirch's excellent audit environment + daemon. Note that if you're an SGI client, you may want to look at their distribution of Linux - which currently includes Snare from what I understand. Once things have stabilised, hopefully distributions post-fc3 should be able to cover a fair majority of NISPOM requirements natively, without any need to recompile kernels, or install much in the way of extra packages. Regards, Leigh. On Tue, 2004-12-21 at 09:17 -0600, Browder, Tom wrote: -- Leigh Purdie, Director - InterSect Alliance Pty Ltd http://www.intersectalliance.com/