[Dshield] Software Inventory?
dr at kyx.net
Thu May 16 23:57:56 GMT 2002
On May 16, 2002 10:24 pm, Wayne Beckham wrote:
> Does anyone have a useful procedure or tool for
> auditing a machine to determine if there is common
> hacker software loaded on it?
> We've recently had an individual who was caught
> D/L'ing PWDUMP, L0Phat, the usual and my manager wants
> the whole division audited.
Sounds like your manager needs to take a pill or have a
stiff drink and relax.
Or worry about auditing your servers so you wont have to be so
scared of your coworkers downloading "hacker" tools.
But if you do insist on tilting at windmills or instituting witch hunts,
and you can come to agreement on what constitutes this verboten
"hacker" software, you can use a floppy based linux distribution
to mount arbitrary machines' drives, and use "find" to look for
common filenames or "grep -r" to look for patterns in the files.
More information about the list