What files to watch??

["Chris Berry" <compjma () hotmail com>]

I'm trying to upgrade our security setup, and one of the things we didn't 
have was an integrity scanner (like tripwire).  I looked around and couldn't 
find anything free since we're using windows (well there was a product 
called languardian, but they looked pretty commercial, and I have no budget 
now or later).  Lacking funds and a GPL alternative, I went ahead a wrote a 
scanner using perl and the Digest::Md5 module.  I've got the system working 
and have set it up to run nightly, everything seems to be working fine.  My 
problem is that it's generating WAY too much information, and I don't have 
time to wade through the logs every day trying to see if there is something 
significant in there.  I've cut down some of the chatter by telling it to 
ignore certain files and directories that change alot, but I'm not sure how 
to proceed from here.  Anyone have a good idea on how to get it to produce 
more useable detections?  By the way, if anyone wants a copy, I'd be happy 
to give them one, I'm releasing it GPL, but be warned it's only alpha 
quality at the moment (though I haven't had any trouble with it).

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"What does it mean when they tell you your budget and it's a negative 
number?"

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


---------------------------------------------------------------------------
Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes:  Security +, Check Point, 
Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities-- 
http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------