Samhain questions
Hi there --
I am planning on implementing Samhain, and I need feedback on what would be the best deployment option. What I intend to do is to have Samhain do the following checks: Quote:
If I go with the centralized server approach, will the configuration script for the server include the option Code:
--enable-network=server Code:
--enable-network=client |
Quote:
So. About "best" deployment. What does "best" mean? That depends on what these "two servers" represent. If one is a web server and the other a secure logging server then that would be easy. But if they for instance are both Internet-facing servers then they may be considered as targets of equal value. If you can't afford to wedge in a secure, central syslog server then your middle way choices will be to run Samhain stand-alone on both machines or set both up to be the server and client for the other. It depends on what the value is of what you need to protect. |
All times are GMT -5. The time now is 09:52 PM. |