Re: Info collection

From: Ali-Reza Anghaie (ali@packetknife.com)
Date: Thu Aug 05 2004 - 22:57:08 EDT

• Next message: Strand, John: "RE: nessus exceptions"
• Previous message: Michael Shirk: "RE: Info collection"
• In reply to: Jeff Gercken: "Info collection"
• Next in thread: Jeff Gercken: "RE: Info collection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 2004-08-04 at 11:01, Jeff Gercken wrote:
> I am attempting to refine my methods of evaluating servers and am
> wondering what information you all gather during an assessment on
> various platforms. These would be run on the target machines with
> privileged accounts (root or administrator). They should be scriptable
> & statically compiled or at least not have any unusual dependencies.
>
> Examples:
> Fport
> Portqryv2
> LADS
> Dumpwin
> Lsof
> Netstat -an / -ln
> Tiger
> Hfnetchk
> Msinfo32
> Winmsd

It looks like you have a mix of platforms in the commands above. How
about other items (mixed platforms again) like:

MS Baseline Security Analyser
rpm -V (or other package integrity checkers)
find -perm (sticky bit, sgid, etc.)
tripwire
inzider
dumpsec (from hyena)
crontab information
startup/rc.d

*shrug* Depends on what you're trying to accomplish and log.

Cheers, -Ali

--
OpenPGP Key: 030E44E6
--
Was I helpful?: http://svcs.affero.net/rm.php?r=packetknife
--
May you do Good Magic with Perl. -- Larry Wall

• application/pgp-signature attachment: This is a digitally signed message part

• Next message: Strand, John: "RE: nessus exceptions"
• Previous message: Michael Shirk: "RE: Info collection"
• In reply to: Jeff Gercken: "Info collection"
• Next in thread: Jeff Gercken: "RE: Info collection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT