Security Basics mailing list archives
Re: Microsoft Software Auditing ?
From: Times Enemy <times () krr org>
Date: Fri, 08 Apr 2005 00:14:57 -0700
Greetings. I like the idea of manually checking for executables using a batch script. To take it a step further, for known, critical, "special", or all grep'ed ... er ... listed executables, a hash can be done, and kept on the network, a la Tripwire style. So, the batch file could list all executables, generate a hash, store the results on the network, then next time it is run, the hashes can be compared. When anomalies exist, it can contact the Admin.. This would be fun to play with. Good luck, and when you are done, i would like to see your final script and overall process design. If i come up with anything i think might be useful, i'll either post to this list, or to entities directly. .times enemy Depp, Dennis M. wrote:
I'm not sure why this is so "incredibly daunting and scary." You can parse the output with a script, remove all the known programs that you don't want to worry about, such as all the OS executables, and you are left with a much more managable set of files. Also if you parse the output on the machine that generates the file, you can look at the attributes of the file to gather additional infromation. I'm not saying this would be the best, but it is not an impossible task simply because of the number of .exe files this would find. Dennis -----Original Message----- From: Jacob Bresciani [mailto:jacob () bresciani ca] Sent: Thursday, April 07, 2005 11:20 AM To: Depp, Dennis M. Cc: security-basics () securityfocus com Subject: RE: Microsoft Software Auditing ? simple inefficiency. I just did a search on a windows 2000 (sp4) server. The only thing installed is an AV program and some minor tools to help me maintain the server. A search for exe files returned 2100 hits. Now you have to figure out which exe file matches what program. And as we've all seen not all programs follow a standard install routine. i.e. some of the exe's in c:\winnt where put there by installers from other applications, these applications might not have anything anywhere else. Some tools are simply dll's and a few registry entries to extend functionality, again they may not have their own directory somewhere to make them distinct. I'm not saying this way would not work, I'm takes a relatively simple task (once you find the tools) and makes it incredibly daunting and scary. On Thu, 2005-04-07 at 07:31 -0400, Depp, Dennis M. wrote:So why is that a problem. Store the file on a network share and parse the file with a perl or vbscript program. It woln't be elegant, butitwill work. Dennis -----Original Message----- From: Jacob Bresciani [mailto:jacob () bresciani ca] Sent: Tuesday, April 05, 2005 11:21 AM To: security-basics () securityfocus com Subject: Re: Microsoft Software Auditing ? Dear god, I can only imagine how many exe files that would bring up. On Tue, 2005-04-05 at 08:23 -0500, Robert Holtz wrote:You could do something as simple as: dir *.exe /s > foo.all.of.the.exe.files.txt On Apr 1, 2005 10:36 PM, Michael Gale<michael.gale () bluesuperman com>wrote:Hello, Does any body know of any free / cheap Microsoft auditingsoftware ?Ideally I would like something that could be run from a loginscript,that would find all the software currently installed and either: store it in a network drive (excel, html,txt) e-mail the data I do not want to have to take out a loan to buy this software. preferably open source :) Michael
--------------------------------------------------------------------------- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ----------------------------------------------------------------------------
Current thread:
- RE: Microsoft Software Auditing ?, (continued)
- RE: Microsoft Software Auditing ? warcat (Apr 07)
- RE: Microsoft Software Auditing ? Pat Smith (Apr 05)
- RE: Microsoft Software Auditing ? Dante Mercurio (Apr 06)
- RE: Microsoft Software Auditing ? Beauford, Jason (Apr 06)
- Re: Microsoft Software Auditing ? Andrew Rogers (Apr 07)
- Re: Microsoft Software Auditing ? Jonathan Loh (Apr 06)
- RE: Microsoft Software Auditing ? Depp, Dennis M. (Apr 07)
- RE: Microsoft Software Auditing ? Jacob Bresciani (Apr 07)
- RE: Microsoft Software Auditing ? Beauford, Jason (Apr 07)
- RE: Microsoft Software Auditing ? Depp, Dennis M. (Apr 07)
- Re: Microsoft Software Auditing ? Times Enemy (Apr 08)
- Re: Microsoft Software Auditing ? Adam Jones (Apr 11)
- Re: Microsoft Software Auditing ? Ansgar -59cobalt- Wiechers (Apr 13)
- Re: Microsoft Software Auditing ? Adam Jones (Apr 14)
- Re: Microsoft Software Auditing ? Times Enemy (Apr 08)