Hi > Does IRIX have something like Sun's JASS > or Titan ToolKit to lockdown systems? It's not exactly Titan or JASS or YASS for Solaris, but take a look at TARA (www-arc.com) from ARC - it's an upgrade to TIGER and it support IRIX 6.5. Unfortunately the publicly available version is outdated but it is very easy to tailor TARA to your own needs as it is implemented mainly as shell script. TARA can help you in evaluation process of areas that need hardening or to verify some areas of your hardening process. The only use of TARA during pen-test I can think of is during test when you already have an account on attacked host and just wish to check for few simple vulnerabilities that would be helpful in further system penetration. There is also a good paper on IRIX/MIPS shellcode: http://packetstormsecurity.nl/groups/teso/mipsshellcode.pdf It can give you important details that will let you start from solid ground. Best Regards, Aleksander Czarnowski AVET INS --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jul 09 2003 - 08:28:20 PDT