RE: Scanning tool that will track and report diffs

From: Joseph.Wulf (Joseph.Wulf@prosync.com)
Date: Wed Feb 25 2004 - 22:16:58 EST

• Next message: Jerry Shenk: "RE: LEAP"
• Previous message: Chris Kirschke: "Re: Scanning tool that will track and report diffs"
• Maybe in reply to: Ben Nelson: "Scanning tool that will track and report diffs"
• Next in thread: Joseph.Wulf: "Tool <was: Scanning tool that will track and report diffs>"
• Reply: Joseph.Wulf: "Tool <was: Scanning tool that will track and report diffs>"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ben,

I can offer a tool for the "baseline", at least for Unix systems. Its not
something I've "marketed", but freely offer to anyone that would want them.
I've developed a shell script, in csh and supported by 5 awk scripts, that
will essentially list an entire Unix filesystem and pack it away for
reference.

On subsequent executions it will "diff" the current output with the most
previous run and provide that as separate output. This has a fairly rich
feature set and has some comparisons to "tripwire". The scripts will
operate without modification on Sun Solaris 2.3+, all versions of Linux that
I've had the opportunity to test it on (Red Hat especially), HP-UX 9.0+, DEC
v4.0+, and AIX. Designed specifically for this function, but also to
operate on as many systems as possible without change. There is also
substantial documentation enclosed. The gzip'd tar file is 123k.

I'll gladly share the scripts with anyone who is interested, send me an
email directly and I'll send the gzip'd tar file back. If the list
moderator or someone will identify a more appropriate method, I'll provide
the scripts that way.

R,
-Joe Wulf, CISSP
 ProSync Technology Group, LLC
 Senior IA Engineer
 (410) 772-7969 office
 
-----Original Message-----
From: Ben Nelson [mailto:lists@venom600.org]
Sent: Wednesday, February 25, 2004 17:19
To: pen-test@securityfocus.com
Subject: Scanning tool that will track and report diffs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm looking for a scanning tool that I can run on a regular basis which
will: track all results in a database (optional) and report differences
between scan runs (primary functionality I'm looking for).
I started down the road of writing a python wrapper for nmap which used
nmap's XML result output to plug into a MySQL database. But, I thought that
this has got to be something that a lot of network auditors have a need for;
which is usually a good indication that there may be a tool that already
does it.
Another bit of functionality that I think would be pretty useful is the
ability to 'base-line' a set of systems and then notify when they deviate
from this baseline.
Any suggestions?
- --Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAPR843cL8qXKvzcwRAtvkAJ4zkrFWiDLlaLbFrvohI4IkKAwQ8ACgu1Ng
J5iMid2wbOqd02/4DuvKFkk=
=5as/
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Jerry Shenk: "RE: LEAP"
• Previous message: Chris Kirschke: "Re: Scanning tool that will track and report diffs"
• Maybe in reply to: Ben Nelson: "Scanning tool that will track and report diffs"
• Next in thread: Joseph.Wulf: "Tool <was: Scanning tool that will track and report diffs>"
• Reply: Joseph.Wulf: "Tool <was: Scanning tool that will track and report diffs>"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:49 EDT