Re: Auditing ACL Changes

From: Holger Reichert (holger.reichert@holysword.de)
Date: 07/31/02

• Previous message: Dave Roberts: "RE: Good software against spam"
• Maybe in reply to: Rob Galatidis: "Auditing ACL Changes"
• Next in thread: Frank Heyne: "Re: Auditing ACL Changes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Holger Reichert" <holger.reichert@holysword.de>
To: <focus-ms@securityfocus.com>
Date: Wed, 31 Jul 2002 10:03:07 +0200

Hello Rob

try the tools xcacls and perms from the NT/W2000-Ressource Kits.
You can generate a snapshot of your ACL's based on the directory or based on
users.
After a suspicious event you may take another snapshot and compare the
results with the command fc.

But first you should know who is authorized to change ACL's on your machines
and you should know it, when they are doing it.
Keyword:
Change Management

Last tip:
Search for unknown users

Best wishes

Holger Reichert

Holysword GbR
www.holysword.de

---

• Previous message: Dave Roberts: "RE: Good software against spam"
• Maybe in reply to: Rob Galatidis: "Auditing ACL Changes"
• Next in thread: Frank Heyne: "Re: Auditing ACL Changes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2002-07