Security Basics mailing list archives
Re: Detecting File Alteration
From: "Mister Dookie" <misterdookie () gmail com>
Date: Thu, 7 Sep 2006 14:20:49 -0400
Do you want it to run as a service or a hidden .exe on the system where the file is being stored?
Probably as a service or a program that the user is aware of.
How do you want to be alerted to the change?
A message back to a central monitoring station, like the domain controller.
Do you want to monitor a single file or the contents of a directory?
I would like to monitor files that are flagged (identified before or while system is deployed), like say for instance sensitive files.
Mister Dookie wrote: > Yes. Windows is preferred since we are trying to deploy host integrity > monitoring within an Active Directory (AD) environment. GPL Tripwire > is available for UNIX. Basically what we are trying to do is if we > have a sensitive file "TradeSecrets.pdf" or "Salaries.xls" located > either on a shared drive or local/remote drive, we want to monitor if > that file gets DELETED, RENAMED, COPIED, or MOVED either within the > file system or to an external drive. Systernals' REGMON and FILEMON in > combination achieve much of this with some manual parsing and sorting, > but I was just wondering if there was a better solution. > > On 9/5/06, offset <offset () ubersecurity org> wrote: >> I dont recall if your original email required this to run on windows >> or *nix. >> >> I've used samhain on *nix with no issues, not sure about windows. >> >> http://www.la-samhna.de/samhain/ >> >> -off >> >> On Thu, Aug 31, 2006 at 11:44:14PM -0400, Mister Dookie wrote: >> > Tripwire is awfully expensive for a small company... there must be >> > something in the freeware realm or at least something cheaper that >> > accomplishes the same thing as Tripwire. >> > >> > On 8/31/06, Peter Marshall <petermmarshall () hotmail com> wrote: >> > > Tripwire as well . . . >> > > >> > >-----Original Message----- >> > >From: Saqib Ali [mailto:docbook.xml () gmail com] >> > >Sent: Thursday, August 31, 2006 3:49 PM >> > >To: Mister Dookie >> > >Cc: security-basics () securityfocus com >> > >Subject: Re: Detecting File Alteration >> > > >> > >Filemon??? >> > >http://www.sysinternals.com/Utilities/Filemon.html >> > > >> > >filters as well.... >> > > >> > >-- >> > >Saqib Ali, CISSP, ISSAP >> > >Support http://www.capital-punishment.net >> > >----------- >> > >"I fear, if I rebel against my Lord, the retribution of an Awful >> Day (The >> > >Day of Resurrection)" Al-Quran 6:15 >> > >----------- >> >> --------------------------------------------------------------------------- >> >> This list is sponsored by: Norwich University >> >> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE >> The NSA has designated Norwich University a center of Academic >> Excellence >> in Information Security. Our program offers unparalleled Infosec >> management >> education and the case study affords you unmatched consulting >> experience. >> Using interactive e-Learning technology, you can earn this esteemed >> degree, >> without disrupting your career or home life. >> >> http://www.msia.norwich.edu/secfocus >> --------------------------------------------------------------------------- >> >> >> > > --------------------------------------------------------------------------- > > This list is sponsored by: Norwich University > > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE > The NSA has designated Norwich University a center of Academic > Excellence in Information Security. Our program offers unparalleled > Infosec management education and the case study affords you unmatched > consulting experience. Using interactive e-Learning technology, you > can earn this esteemed degree, without disrupting your career or home > life. > > http://www.msia.norwich.edu/secfocus > --------------------------------------------------------------------------- > > >
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Detecting File Alteration Mister Dookie (Sep 05)
- RE: Detecting File Alteration Dan Tesch (Sep 05)
- Re: Detecting File Alteration Jon Wallace (Sep 05)
- Re: Detecting File Alteration irado furioso com tudo (Sep 05)
- Re: Detecting File Alteration offset (Sep 05)
- Re: Detecting File Alteration Daniel Cid (Sep 06)
- Re: Detecting File Alteration Mister Dookie (Sep 06)
- Message not available
- Re: Detecting File Alteration Mister Dookie (Sep 08)
- Re: Detecting File Alteration Fósforo (Sep 06)
- RE: Detecting File Alteration Dan Tesch (Sep 05)
- <Possible follow-ups>
- Re: RE: Detecting File Alteration krymson (Sep 05)
- RE: Detecting File Alteration Jordan Jason (Sep 05)
- RE: Detecting File Alteration Beauford, Jason (Sep 05)
- RE: Detecting File Alteration Young, Randy (Sep 05)
- RE: Detecting File Alteration Sorin Petre (Sep 05)
- Re: RE: Detecting File Alteration thomas . jones (Sep 06)
- Re: RE: Detecting File Alteration josh . g . parker (Sep 07)
- RE: Detecting File Alteration Beauford, Jason (Sep 07)