I just implemented ossec. It works great, and is extreemly easy to set
up
Sent from my iPhone
On Mar 13, 2010, at 15:58, Ralph Durkee <[email protected]> wrote:
TripWire and Aide are the classic answers, but I would recommend
OSSEC http://ossec.net
While consulting with a large organization that was deploying a
commercial FIM product managed by a major vendor, the security group
was given the list of files to monitored and ask for their
approval. The list was the default for the commercial product and
was missing some obvious directories and registries for the windows
platform. When I was asked for an opinion, I went out and got the
default list from OSSEC download. Since it was much more complete,
we reviewed that list with the group, and it became their standard
for the FIM.
-- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN
Principal Security Consultant
Kennith Asher wrote:
Greetings gurus-
The company I work for is being pressed to deploy file integrity
monitoring tools in our production environment. I've not worked
with such tools in the past and am interested in your experiences.
I have concerns around noise levels, false positives, how to
control file integrity and still keep up with vendor updates (50
hour days anyone?).
Anyone have any recommendations?
Thanks,
Ken
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
