From: Joseph.Wulf (Joseph.Wulf@prosync.com)
Date: Thu Feb 26 2004 - 21:56:18 EST
As a follow-up to all. Those that have requested the tool should
find it awaiting them in their email in-boxes. Would ask those that do take
a stab at testing it and/or actually using it, provide feedback either to me
personally for to all here for the benefit of the group. Constructive
criticism as well as encouraging feedback is always welcome. Enjoy!
Also, hopefully this will spawn other initiatives throughout the community
to pony up a little time and energy to polish YOUR products and offer them
to the community when and where applicable.
Finally, in the private requests I'd received, were some comments,
statements and questions. I'll address them here for the benefit of all
without attribution. :)
- If you requested it, and haven't received it from me by now, then please
write back
and lets workout any email difficulties. :) Probable reasons include
bad typing on
my part (duh), a full mailbox on your part, or other nefarious internet
botulism (nah).
If my email to you bounced, I'll manually try a second time, but will
await your next
email to me to see what we can do about it if that second attempt also
fails.
- Yes, I anticipated I'd be bombarded with requests. <grin> I consider
that part of
"giving" back to the community I "take" from.
- I'm personally not aware of any exportation-from-the-US restrictions on
this set of
csh and awk scripts. If someone is aware, PLEASE clue me in. This stuff
is simply
an expedited "process" that is scripted in csh and awk. In the LONG-run,
I'll presume
that no replies to this issue means its DEAD.
- Feel free to still request if you haven't already. As I've said, I
believe in sharing
the wealth. Also, feel free to pass the ORIGINAL gzip'd archive to
anyone you wish. I
encourage you to also independently share any changes, modifications,
enhancements, etc
that you embellish, but please do so after already sharing the original
scripts.
Further, if you do make any changes to suit your environment, please send
along a copy
to me, for the package's further perfection.
- One person stated they were going to see if it runs under Micro$loth's OS
using "cygwin".
that will be an interesting test. Would like to know your results and
success. If
anyone has some free/spare time (ha) to maybe try these scripts on some
other OS then
what I've had access to and provide me with the results. I'd LOVE to
know if they work
on a CRAY, but figure the odds.
- One person asked about if this was a product I'd market or could be
brought to market.
A partial answer is that I made the decision years ago that this was
going to be a tool
that I'd ALWAYS make freely available to anyone who wishes it. After my
years of effort
to date and the numerous give-aways I've already done, I've no intention
of changing
my mind on this. Thank you for the idea (offer?) to help me make more
money, but I
personally see my current decision as being far more personally
rewarding/satisfying.
R,
-Joe Wulf, CISSP
ProSync Technology Group, LLC
Senior IA Engineer
(410) 772-7969 office
-----Original Message-----
From: Joseph.Wulf [mailto:Joseph.Wulf@prosync.com]
Sent: Wednesday, February 25, 2004 22:17
To: lists@venom600.org; pen-test@securityfocus.com
Subject: RE: Scanning tool that will track and report diffs
Ben,
I can offer a tool for the "baseline", at least for Unix systems. Its not
something I've "marketed", but freely offer to anyone that would want them.
I've developed a shell script, in csh and supported by 5 awk scripts, that
will essentially list an entire Unix filesystem and pack it away for
reference.
On subsequent executions it will "diff" the current output with the most
previous run and provide that as separate output. This has a fairly rich
feature set and has some comparisons to "tripwire". The scripts will
operate without modification on Sun Solaris 2.3+, all versions of Linux that
I've had the opportunity to test it on (Red Hat especially), HP-UX 9.0+, DEC
v4.0+, and AIX. Designed specifically for this function, but also to
operate on as many systems as possible without change. There is also
substantial documentation enclosed. The gzip'd tar file is 123k.
I'll gladly share the scripts with anyone who is interested, send me an
email directly and I'll send the gzip'd tar file back. If the list
moderator or someone will identify a more appropriate method, I'll provide
the scripts that way.
R,
-Joe Wulf, CISSP
ProSync Technology Group, LLC
Senior IA Engineer
(410) 772-7969 office
-----Original Message-----
From: Ben Nelson [mailto:lists@venom600.org]
Sent: Wednesday, February 25, 2004 17:19
To: pen-test@securityfocus.com
Subject: Scanning tool that will track and report diffs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm looking for a scanning tool that I can run on a regular basis which
will: track all results in a database (optional) and report differences
between scan runs (primary functionality I'm looking for). I started down
the road of writing a python wrapper for nmap which used nmap's XML result
output to plug into a MySQL database. But, I thought that this has got to
be something that a lot of network auditors have a need for; which is
usually a good indication that there may be a tool that already does it.
Another bit of functionality that I think would be pretty useful is the
ability to 'base-line' a set of systems and then notify when they deviate
from this baseline. Any suggestions?
- --Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAPR843cL8qXKvzcwRAtvkAJ4zkrFWiDLlaLbFrvohI4IkKAwQ8ACgu1Ng
J5iMid2wbOqd02/4DuvKFkk=
=5as/
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:49 EDT