Security Basics mailing list archives
CIS server configuration audit tools.
From: "Tony Lindsey" <tonylindseyt () excite com>
Date: Mon, 3 Feb 2003 20:39:33 -0500 (EST)
These are my questions: 1)Has anybody used the Center for Internet Security (CIS) server configuration audit tools and want to share their experience? I heard the software sometimes crashes servers and does not always accurately report its audit results (i.e. you could run the tools several times on a server and get different results each time). 2)Are there any tools out there that do about the same type of thing. I think the commercial version of Tripwire does this but I doubt if management will come up with the funds. BTW...we currently use Nessus...but management want me to do security configuration types of audits. We currently use the RATS tool from CIS and have been pleased with its benchmarking/scoring results. See for more info. http://www.cisecurity.org/ Tony Lindsey - CISA,CISSP Audit Security and Risk Management Group Managed Medical Services LLP U.S. Division _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web!
Current thread:
- CIS server configuration audit tools. Tony Lindsey (Feb 05)
- Re: CIS server configuration audit tools. Johannes Ullrich (Feb 04)