Re: Checking behind the wall
> I was thinking of setting up a scanner (strobe/nmap/...?) to > automatically do a scan from a cron and mail the results to me. However, > is there any existing framework like this that I could leverage? > Nessus can be tweaked to be able to report on a daily basis, its reports (including nmap probes, as configured). You might want to take a look at it (and maybe go through the mailing list archive since it was discussed previously there) Javi
Re: Checking behind the wall
> I was thinking of setting up a scanner (strobe/nmap/...?) to > automatically do a scan from a cron and mail the results to me. However, > is there any existing framework like this that I could leverage? > Nessus can be tweaked to be able to report on a daily basis, its reports (including nmap probes, as configured). You might want to take a look at it (and maybe go through the mailing list archive since it was discussed previously there) Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Checking behind the wall
Mike Moran <[EMAIL PROTECTED]> writes: > Although it is good to have a properly setup firewall, I was wondering > what else I could do to check that the machines behind it haven't been > compromised (by an email trojan or the like)? You can do an awful lot worse than installing AIDE for this sort of thing. > I was thinking of setting up a scanner (strobe/nmap/...?) to > automatically do a scan from a cron and mail the results to me. However, > is there any existing framework like this that I could leverage? Have you got a central loghost with logcheck? That might make life a lot easier (once you get the hang of ignoring stuff :) If you were to save the results of nmap to disk for posterity, you could see when they changed with AIDE, above. Funky. ~Tim -- 12:59pm up 12:34, 3 users, load average: 0.14, 0.05, 0.02 [EMAIL PROTECTED] |The sun is melting over the hills, http://piglet.is.dreaming.org |All our roads are waiting / To be revealed
Re: Checking behind the wall
Mike Moran <[EMAIL PROTECTED]> writes: > Although it is good to have a properly setup firewall, I was wondering > what else I could do to check that the machines behind it haven't been > compromised (by an email trojan or the like)? You can do an awful lot worse than installing AIDE for this sort of thing. > I was thinking of setting up a scanner (strobe/nmap/...?) to > automatically do a scan from a cron and mail the results to me. However, > is there any existing framework like this that I could leverage? Have you got a central loghost with logcheck? That might make life a lot easier (once you get the hang of ignoring stuff :) If you were to save the results of nmap to disk for posterity, you could see when they changed with AIDE, above. Funky. ~Tim -- 12:59pm up 12:34, 3 users, load average: 0.14, 0.05, 0.02 [EMAIL PROTECTED] |The sun is melting over the hills, http://piglet.is.dreaming.org |All our roads are waiting / To be revealed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]