RE: open source user audit software ??

["Craig Wright" <cwright () bdosyd com au>]

How about we get the terms right.

Pen Testing, Vulnerability tests etc etc are NOT audits.

An audit is a systematic and scientifically determined repeatable
process designed to test an organisations controls.

Pen Testing is not. It is an attempt through whatever methodology to
penetrate a system.

Vulnerability testing is an attempt to map the major vulnerabilities
which effect a system

An audit trail is a documentary trail which may be used in an audit

Software which is automated can be an aide to an audit - but can not by
definition replace an audit.

Craig

PS
Nagging supplied for free. Not even 2 cents 

-----Original Message-----
From: NewYork User [mailto:newyorkuser () gmail com] 
Sent: 4 August 2005 12:17
To: security-basics () securityfocus com
Subject: Re: open source user audit software ??

Michael, 

I think you are looking to implement "Single Sign-on (SSO) Solution".
IBM has 2 products Tivoli Identity Manager (TIM) and Tivoli Access
Manager (TAM). If you are looking to implement Open Source Web SSO, SUN
has recently donated the code to open source community. Take a look at
the following sites.

http://www.internetnews.com/dev-news/article.php/3519651

https://opensso.dev.java.net/




On 7/29/05, Michael Gale <michael.gale () bluesuperman com> wrote:
> Hello,
>
> I believe that IBM has a product called Tivoli which has a component 
> that can do the following:
>
> - A new employee is starting, the PM clicks the required access 
> through a web portal. Which then notifies each person required to make

> the changes or accounts, plus could make the accounts if allowed.
>
> It will provide an audit trail of who requested the access and who 
> approved the request.
>
> It can also provide an alert when new accounts have been created with 
> out using the software.
>
> Does anyone know of any open source tools that can do this ??
>
> Michael