PaulDotCom mailing list archives

File integrity monitoring software

From: cgkades at gmail.com (Brett)
Date: Sat, 13 Mar 2010 19:03:51 -0800

I just implemented ossec. It works great, and is extreemly easy to set  
up

Sent from my iPhone

On Mar 13, 2010, at 15:58, Ralph Durkee <rd at rd1.net> wrote:

TripWire and Aide are the classic answers, but I would recommend  
OSSEC http://ossec.net

While consulting with a large organization that was deploying a  
commercial FIM product managed by a major vendor, the security group  
was given the list of files to monitored and ask for their  
approval.  The list was the default for the commercial product and  
was missing some obvious directories and registries for the windows  
platform.  When I was asked for an opinion, I went out and got the  
default list from OSSEC download. Since it was much more complete,  
we reviewed that list with the group, and it became their standard  
for the FIM.
-- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN
Principal Security Consultant

Kennith Asher wrote:


Greetings gurus-

The company I work for is being pressed to deploy file integrity  
monitoring tools in our production environment.  I've not worked  
with such tools in the past and am interested in your experiences.

I have concerns around noise levels, false positives, how to  
control file integrity and still keep up with vendor updates (50  
hour days anyone?).

Anyone have any recommendations?

Thanks,

Ken

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100313/28417481/attachment.htm

Current thread:

File integrity monitoring software Kennith Asher (Mar 12)
- File integrity monitoring software Ralph Durkee (Mar 13)
  - File integrity monitoring software Brett (Mar 13)
  - File integrity monitoring software Ron Gula (Mar 16)
- File integrity monitoring software Robert Miller (Mar 18)
  - File integrity monitoring software Michael McGrew (Mar 22)
- <Possible follow-ups>
- File integrity monitoring software Robert Wahl (Mar 14)