Hello,
I was wondering if anyone knew of any good filesystem
auditing tools.
Running tripwire or some other daemon _at this point_
is out of the question.
What i would like to see is something that did the following:
Has a ruleset ...
... on which services are allowed to listen
-for incomming connections.
... which address classes that are connected are truly
-who they say they are/are within accepted range
... which tests if setuid/setgid are really supposed to
-be
... monitor user accounts for elevated permissions
-i.e. accounts that are `grep ':0:' /etc/passwd
-and the such
and other obvious audit tests that take a lot of text to
type.
This will be run on many different hosts, primarily RedHat linux,
but there has been some talk in the background about other
distributions being involved as well.
Purpose:
to save a lot of my time. i dont want to write something
that could potentially be this complex.
thanx in advance
