Re: Detecting File Alteration

[Daniel Cid <danielcid () yahoo com br>]

In addition to samhain, you can try ossec. It does
file integrity checking natively on both Unix/Linux
and Windows systems (besides log analysis and rk
detection)...

Hope it helps..

--
Daniel B. Cid
dcid ( at ) ossec.net


--- offset <offset () ubersecurity org> escreveu:

> I dont recall if your original email required this
> to run on windows or *nix.
>
> I've used samhain on *nix with no issues, not sure
> about windows.
>
> http://www.la-samhna.de/samhain/
>
> -off
>
> On Thu, Aug 31, 2006 at 11:44:14PM -0400, Mister
> Dookie wrote:
> > Tripwire is awfully expensive for a small
> company... there must be
> > something in the freeware realm or at least
> something cheaper that
> > accomplishes the same thing as Tripwire.
> >
> > On 8/31/06, Peter Marshall
> <petermmarshall () hotmail com> wrote:
> > > Tripwire as well . . .
> > >
> > > -----Original Message-----
> > > From: Saqib Ali [mailto:docbook.xml () gmail com]
> > > Sent: Thursday, August 31, 2006 3:49 PM
> > > To: Mister Dookie
> > > Cc: security-basics () securityfocus com
> > > Subject: Re: Detecting File Alteration
> > >
> > > Filemon???
> >
> > http://www.sysinternals.com/Utilities/Filemon.html
> > > filters as well....
> > >
> > > --
> > > Saqib Ali, CISSP, ISSAP
> > > Support http://www.capital-punishment.net
> > > -----------
> > > "I fear, if I rebel against my Lord, the
> retribution of an Awful Day (The
> > > Day of Resurrection)" Al-Quran 6:15
> > > -----------
---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE -
> ONLINE
> The NSA has designated Norwich University a center
> of Academic Excellence 
> in Information Security. Our program offers
> unparalleled Infosec management 
> education and the case study affords you unmatched
> consulting experience. 
> Using interactive e-Learning technology, you can
> earn this esteemed degree, 
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
>



                
_______________________________________________________ 
Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu celular. Registre seu aparelho agora! 
http://br.mobile.yahoo.com/mailalertas/ 
 


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------