Re: What files to watch??
From: Geoffrey Shorter (geoffreyshorter_at_hotmail.com)
Date: 05/21/03
- Previous message: Potter, Tim: "RE: suggestions on a good firewall"
- Maybe in reply to: Chris Berry: "What files to watch??"
- Next in thread: Louie: "LanGuard Problem"
- Reply: Louie: "LanGuard Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 May 2003 16:12:36 -0000 To: security-basics@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <Law15-F100zGNsokLQ800000f5e@hotmail.com>
Chris:
I'd be most interested in a copy of your scanner, as you have generously
offered in your post.
Also, there is a free tool for Windows, GFI LANguard System Integrity
Monitor: http://www.gfi.com/lansim/index.html
We set up the Integrity Monitor on a workstation and a test server. It
stopped working on the workstation for some reason (a workstation that had
a server security template applied to it by an overzealous admin, oops!),
but continues to feed reports from the server.
So, it's worth testing, I think.
Thanks.
geof
OCPDBA, MCSD, MCSE+I, MCDBA, MCPSB
Server Group Manager
geoffreyshorter@hotmail.com
>From: "Chris Berry" <compjma@hotmail.com>
>Subject: What files to watch??
>I'm trying to upgrade our security setup, and one of the things we didn't
>have was an integrity scanner (like tripwire). I looked around and
couldn't
>find anything free since we're using windows (well there was a product
>called languardian, but they looked pretty commercial, and I have no
budget
>now or later). Lacking funds and a GPL alternative, I went ahead a wrote
a
>scanner using perl and the Digest::Md5 module. I've got the system
working
>and have set it up to run nightly, everything seems to be working fine.
My
>problem is that it's generating WAY too much information, and I don't
have
>time to wade through the logs every day trying to see if there is
something
>significant in there. I've cut down some of the chatter by telling it to
>ignore certain files and directories that change alot, but I'm not sure
how
>to proceed from here. Anyone have a good idea on how to get it to
produce
>more useable detections? By the way, if anyone wants a copy, I'd be
happy
>to give them one, I'm releasing it GPL, but be warned it's only alpha
>quality at the moment (though I haven't had any trouble with it).
>
>Chris Berry
>compjma@hotmail.com
>Systems Administrator
>JM Associates
---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!
Vigilar's industry leading curriculum includes: Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------
- Previous message: Potter, Tim: "RE: suggestions on a good firewall"
- Maybe in reply to: Chris Berry: "What files to watch??"
- Next in thread: Louie: "LanGuard Problem"
- Reply: Louie: "LanGuard Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
