Home page logo
/

basics logo Security Basics mailing list archives

RE: What files to watch??
From: "Jeffrey Rivero" <Jeffr76 () yahoo com>
Date: Thu, 22 May 2003 00:35:09 -0400

The company I work for is in the process of making a solution for that same
problem.
we are currently in beta(0.9) and our goal is a alternative to tripwire(R)
if you would like more info and
possible a way to be a beta tester drop me a line at
support () comtech-admin com
when I get the ok I will announce the new product on this list.
Jeff
Sr. Dev
Comtech Administration'
www.comtech-admin.com

-----Original Message-----
From: Chris Berry [mailto:compjma () hotmail com]
Sent: Tuesday, May 20, 2003 1:35 PM
To: security-basics () securityfocus com; windows2000 () freelists org
Subject: What files to watch??


I'm trying to upgrade our security setup, and one of the things we didn't
have was an integrity scanner (like tripwire).  I looked around and couldn't
find anything free since we're using windows (well there was a product
called languardian, but they looked pretty commercial, and I have no budget
now or later).  Lacking funds and a GPL alternative, I went ahead a wrote a
scanner using perl and the Digest::Md5 module.  I've got the system working
and have set it up to run nightly, everything seems to be working fine.  My
problem is that it's generating WAY too much information, and I don't have
time to wade through the logs every day trying to see if there is something
significant in there.  I've cut down some of the chatter by telling it to
ignore certain files and directories that change alot, but I'm not sure how
to proceed from here.  Anyone have a good idea on how to get it to produce
more useable detections?  By the way, if anyone wants a copy, I'd be happy
to give them one, I'm releasing it GPL, but be warned it's only alpha
quality at the moment (though I haven't had any trouble with it).

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"What does it mean when they tell you your budget and it's a negative
number?"

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point,
Hacking & Assessment, Cisco Security, Wireless Security & more! Register
Now!
--UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault