You might want to look at the benchmark tools from the Center for Internet Security at http://cisecurity.org. Although they are not remotely executable, when run on the individual systems they can help identify running services and possible misconfigurations from a security perspective. The benchmarks include scanners for Windows, FreeBSD, Solaris, Linux, HP-UX, Cisco routers, Oracle databases and Apache web servers.
The reports also give a score so you can do quantifiable comparisions between runs of the benchmark tools. Ken McKinlay Network Security Curtiss-Wright Controls Embedded Computing > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of Ruiyuan Jiang > Sent: Tuesday, March 01, 2005 2:09 PM > To: [email protected] > Subject: Re: [FW-1] OT: Security Audit Software > > Hi, Chris > > Thanks for your response. I have and use Nessus. The problem > that Nessus > for what I need is that Nessus only checks listening ports. It can't > check un-necessary user id, system configuration, i.e. ftpuser, ftp > access, etc. those configuration file on UNIX. What I need is > a software > can gather system configuration and analyze it and give a > recommendation. Thanks. > > Ryan > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of > Covington, Chris > Sent: Monday, February 28, 2005 5:08 PM > To: [email protected] > Subject: Re: [FW-1] OT: Security Audit Software > > Nessus. > > --- > Chris Covington > IT > Plus One Health Management > 75 Maiden Lane Suite 801 > NY, NY 10038 > 646-312-6269 > http://www.plusoneactive.com > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf > Of Ruiyuan > Jiang > Sent: Monday, February 28, 2005 4:04 PM > To: [email protected] > Subject: [FW-1] OT: Security Audit Software > > Hi, all > > Does anyone know any good system security auditing software either > commercial or freeware? My client's auditors have some kind > of auditing > software that run across platforms (UNIX, Windows, AS/400, Mainframe), > etc. and collect data such as file, directory permission, > password file, > enabled un-necessary daemon running on the systems, etc. Unfortunately > those auditors do not share the software with clients so my clients > hopefully can have similar software in house to prepare systems out > before auditors come. Thanks in advance. > > > Ryan > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, > email [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, > email [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ______________________________________________________________________ > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
