FYI, I believe OSSEC 2.7 now has a configuration toggle that would would allow
commands in agent.conf to be executed on each Agent--this allows for
centralized management of (full_)commands.
On Nov 29, 2012, at 10:23 AM, sklaumin...@gmail.com wrote:
> Michael Starks responded with the Windows
Michael Starks responded with the Windows command to determine account
availability.
net user account_name | find "Account active Yes"
This could be placed the the full_command syntax on the agent machine's
ossec.conf. This would need to be distributed to all agent machines by som
Hmm the code is from 2010 and there are 2 beta versions..doesn't look there
is a lot of progress on the development of this product.
I might try OpenVAS but it would be great if there was a check, since we do
check files for Linux with OSSEC, I would imagine you could do something
similar with O
On 27.11.2012 06:02, Michiel van Es wrote:
Hi,
We want to check for hardening and one of our Windows hardening rules
is to rename the Administrator account and create a decoy
Administrator account, not part of any group and disabled.
One of the things we want to check is to see if the Administra
A newer resource fro SCAP scanning:
http://www.open-scap.org/page/Download
On Nov 27, 2012, at 6:18 AM, dan (ddp) wrote:
> On Tue, Nov 27, 2012 at 7:02 AM, Michiel van Es
> wrote:
>> Hi,
>>
>> We want to check for hardening and one of our Windows hardening rules is to
>> rename the Administra
Something like this might be a better tool for your needs:
SSA - Security System Analyzer 2.0
http://code.google.com/p/ssa/
You could tie it into OSSEC with the full_command option.
If all you need to t o determine the Admin account status, then use a
PowerShell command in full_command.
Scott
On Tue, Nov 27, 2012 at 7:02 AM, Michiel van Es wrote:
> Hi,
>
> We want to check for hardening and one of our Windows hardening rules is to
> rename the Administrator account and create a decoy Administrator account,
> not part of any group and disabled.
> One of the things we want to check is to
Hi,
We want to check for hardening and one of our Windows hardening rules is to
rename the Administrator account and create a decoy Administrator account,
not part of any group and disabled.
One of the things we want to check is to see if the Administrator account
is enabled on Windows machines