[Dshield] Software Inventory?

Dragos Ruiu dr at kyx.net
Thu May 16 23:57:56 GMT 2002


On May 16, 2002 10:24 pm, Wayne Beckham wrote:
> Does anyone have a useful procedure or tool for
> auditing a machine to determine if there is common
> hacker software loaded on it?
>
> We've recently had an individual who was caught
> D/L'ing PWDUMP, L0Phat, the usual and my manager wants
> the whole division audited.


Sounds like your manager needs to take a pill or have a 
stiff drink and relax.

Or worry about auditing your servers so you wont have to be so
scared of your coworkers downloading "hacker" tools.

But if you do insist on tilting at windmills or instituting witch hunts, 
and you can come to agreement on what constitutes this verboten 
"hacker" software, you can use a floppy based linux distribution 
to mount arbitrary machines' drives, and use "find" to look for 
common filenames or "grep -r" to look for patterns in the files.

cheers,
--dr




More information about the list mailing list