Security Basics mailing list archives

CIS server configuration audit tools.

From: "Tony Lindsey" <tonylindseyt () excite com>
Date: Mon, 3 Feb 2003 20:39:33 -0500 (EST)


These are my questions:

   1)Has anybody used the Center for Internet Security (CIS) server configuration audit tools and want to share their 
experience?   I heard the software sometimes crashes servers and does not always accurately report its audit results 
(i.e. you could run the tools several times on a server and get different results each time).  
    2)Are there any tools out there that do about the same type of thing.  I think the commercial version of Tripwire 
does this but I doubt if management will come up with the funds. 

BTW...we currently use Nessus...but management want me to do  security configuration types of audits.  We currently use 
the RATS tool from CIS and have been pleased with its benchmarking/scoring results.  See for more info.  
http://www.cisecurity.org/


Tony Lindsey - CISA,CISSP
Audit Security and Risk Management Group
Managed Medical Services LLP
U.S. Division



_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!

Current thread:

CIS server configuration audit tools. Tony Lindsey (Feb 05)
- Re: CIS server configuration audit tools. Johannes Ullrich (Feb 04)