Educause Security Discussion mailing list archives
Private Cassandra client software for security alerts
From: Gene Spafford <spaf () CERIAS PURDUE EDU>
Date: Fri, 2 Dec 2005 22:56:01 -0500
This should be of interest to many of you.
I am pleased to announce the availability of an open source, command-line version of the Cassandra system. For 5 years the Cassandra system (https://cassandra.cerias.purdue.edu) has been delivering free vulnerability notifications based on NIST's ICAT database of CVE entries, and later, Secunia advisories were added. These notifications were based on a profile of interest you entered, saving you time in doing searches for you every day and remembering which entries you had already seen (Meunier and Spafford, FIRST 2002). However, using Cassandra meant that I (and CERIAS) had a list of possible vulnerabilities in your organization's systems, and this list was sent to you in plain text emails. Even though Cassandra was never compromised, it (and the emails) made a tempting target; risk- averse people and organizations were therefore unable to benefit from the service. The new command-line tool, my_cassandra.php, solves these issues and can be downloaded from my home page: http://homes.cerias.purdue.edu/~pmeunier/ Because you get the source code and the custody of your profiles, this version of Cassandra should not generate the privacy concerns that the online version did. As it is under your control you can also run it at the intervals you choose. It is made available under an open source license so you can modify it. It runs under PHP so it should run on almost any platform (tested on Windows XP SP2 and PHP 5.1.1, and MacOS 10.4.3 and PHP 4.3.11 -- Windows users need to download also "cassandra.bat"). It works by downloading an XML export of recent entries in NIST's National Vulnerability Database, and comparing them to vendors, products and keywords specified in the file "profile.txt". The tool will then open a browser window for each new and relevant entry, and save the list of seen entries in a file named "seen_CVE.txt" on your workstation. WARNING: The first time you run it, it will open a large number of windows. It is then up to you to run it when you have time to read the new entries. Regards, Pascal Meunier Purdue University CERIAS P.S.: Thanks to the NVD team at NIST, and the people at MITRE doing the tedious and cautious work without which Cassandra would have no data, and special thanks for doing it swiftly.
Current thread:
- Private Cassandra client software for security alerts Gene Spafford (Dec 02)