File integrity monitoring software

[rd at rd1.net (Ralph Durkee)]

TripWire and Aide are the classic answers, but I would recommend OSSEC 
http://ossec.net

While consulting with a large organization that was deploying a 
commercial FIM product managed by a major vendor, the security group was 
given the list of files to monitored and ask for their approval.  The 
list was the default for the commercial product and was missing some 
obvious directories and registries for the windows platform.  When I was 
asked for an opinion, I went out and got the default list from OSSEC 
download. Since it was much more complete, we reviewed that list with 
the group, and it became their standard for the FIM.

-- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN
Principal Security Consultant


Kennith Asher wrote:
> Greetings gurus-
>
> The company I work for is being pressed to deploy file integrity 
> monitoring tools in our production environment.  I've not worked with 
> such tools in the past and am interested in your experiences.
>
> I have concerns around noise levels, false positives, how to control 
> file integrity and still keep up with vendor updates (50 hour days 
> anyone?).
>
> Anyone have any recommendations?
>
> Thanks,
>
> Ken
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100313/d69be8fa/attachment.htm