Snare for Tru64 provides a remote distribution capability for Tru64 audit data, interfacing with the underlying Tru64 audit subsystem using the audit_tool command to track Tru64 audit log data.

InterSect Alliance have developed software that interfaces with the Tru64 auditing subsystem to collect audit log information, and send the data back to a central location over the network (via UDP) in real-time, allowing security administrators to implement a centralised audit collection, analysis and archive facility with minimal audit client resource utilisation.

Snare is currently used by hundreds of thousands of individuals, and organisations worldwide. Snare for Tru64 is being developed for customers in the Financial, Defence, AeroSpace, and Intelligence organisations to meet elements of local and federal security requirements, such as: ACSI 33 GLBA (Gramm-Leach-Bliley Act) Sarbanes Oxley (SOX) C2 / CAPP DCID 6/3 DIAM 50-4 DDS-2600-5502-87 Chapter 4 NISPOM Chapter 8 HIPAA California Senate Bill 1386 USA Patriot Act British Standard BS7799

To Enable auditing on your Tru64 box:
1) Audit setup
/usr/sbin/sysman auditconfig or /usr/sbin/audit_setup
2. Use /usr/sbin/auditmask to enable auditing on the system calls that you wish to monitor.
3. If you wish to monitor files or directories, add the file paths into the relevant /etc/sec/file_objects/* files.
4. If you wish to preserve your current audit settings across reboots, ensure that /etc/sec/rc_audit_events is updated to reflect your new settings.
5. Install Snare for Tru64.

Please contact us for more information regarding the availability of Snare for Tru64.