Security Basics mailing list archives
Re: What files to watch??
From: Geoffrey Shorter <geoffreyshorter () hotmail com>
Date: 21 May 2003 16:12:36 -0000
In-Reply-To: <Law15-F100zGNsokLQ800000f5e () hotmail com> Chris: I'd be most interested in a copy of your scanner, as you have generously offered in your post. Also, there is a free tool for Windows, GFI LANguard System Integrity Monitor: http://www.gfi.com/lansim/index.html We set up the Integrity Monitor on a workstation and a test server. It stopped working on the workstation for some reason (a workstation that had a server security template applied to it by an overzealous admin, oops!), but continues to feed reports from the server. So, it's worth testing, I think. Thanks. geof OCPDBA, MCSD, MCSE+I, MCDBA, MCPSB Server Group Manager geoffreyshorter () hotmail com
From: "Chris Berry" <compjma () hotmail com> Subject: What files to watch?? I'm trying to upgrade our security setup, and one of the things we didn't have was an integrity scanner (like tripwire). I looked around and
couldn't
find anything free since we're using windows (well there was a product called languardian, but they looked pretty commercial, and I have no
budget
now or later). Lacking funds and a GPL alternative, I went ahead a wrote
a
scanner using perl and the Digest::Md5 module. I've got the system
working
and have set it up to run nightly, everything seems to be working fine.
My
problem is that it's generating WAY too much information, and I don't
have
time to wade through the logs every day trying to see if there is
something
significant in there. I've cut down some of the chatter by telling it to ignore certain files and directories that change alot, but I'm not sure
how
to proceed from here. Anyone have a good idea on how to get it to
produce
more useable detections? By the way, if anyone wants a copy, I'd be
happy
to give them one, I'm releasing it GPL, but be warned it's only alpha quality at the moment (though I haven't had any trouble with it). Chris Berry compjma () hotmail com Systems Administrator JM Associates
--------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- What files to watch?? Chris Berry (May 21)
- Re: What files to watch?? Drew Flickema (May 22)
- RE: What files to watch?? Jeffrey Rivero (May 22)
- lan statistic tool Dejan (May 23)
- Re: lan statistic tool Daniel Cid (May 26)
- lan statistic tool Dejan (May 23)
- <Possible follow-ups>
- Re: What files to watch?? Geoffrey Shorter (May 22)
- LanGuard Problem Louie (May 23)
- Re: What files to watch?? H Carvey (May 22)
- RE: What files to watch?? Chris Berry (May 23)
- Re: What files to watch?? Chris Berry (May 23)