Home page logo

basics logo Security Basics mailing list archives

Re: What files to watch??
From: Geoffrey Shorter <geoffreyshorter () hotmail com>
Date: 21 May 2003 16:12:36 -0000

In-Reply-To: <Law15-F100zGNsokLQ800000f5e () hotmail com>


I'd be most interested in a copy of your scanner, as you have generously 
offered in your post.

Also, there is a free tool for Windows, GFI LANguard System Integrity 
Monitor: http://www.gfi.com/lansim/index.html

We set up the Integrity Monitor on a workstation and a test server. It 
stopped working on the workstation for some reason (a workstation that had 
a server security template applied to it by an overzealous admin, oops!), 
but continues to feed reports from the server.

So, it's worth testing, I think. 


Server Group Manager
geoffreyshorter () hotmail com

From: "Chris Berry" <compjma () hotmail com>
Subject: What files to watch??
I'm trying to upgrade our security setup, and one of the things we didn't 
have was an integrity scanner (like tripwire).  I looked around and 
find anything free since we're using windows (well there was a product 
called languardian, but they looked pretty commercial, and I have no 
now or later).  Lacking funds and a GPL alternative, I went ahead a wrote 
scanner using perl and the Digest::Md5 module.  I've got the system 
and have set it up to run nightly, everything seems to be working fine.  
problem is that it's generating WAY too much information, and I don't 
time to wade through the logs every day trying to see if there is 
significant in there.  I've cut down some of the chatter by telling it to 
ignore certain files and directories that change alot, but I'm not sure 
to proceed from here.  Anyone have a good idea on how to get it to 
more useable detections?  By the way, if anyone wants a copy, I'd be 
to give them one, I'm releasing it GPL, but be warned it's only alpha 
quality at the moment (though I haven't had any trouble with it).

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]