Scot L. Harris wrote:
On Wed, 2005-08-10 at 14:41, Jamie Bohr wrote:
I know this is off topic but ...
I am looking to a vulnerability scanner for UNIX. Currently we (the
company I work for) are using TARA and have come to the conclusion
that either we need to switch to something else or give TARA a major
overhaul. Before we went down updating TARA I thought I would see
what else was out there that could be a direct TARA replacement and
possibly have more features, central reporting be one of them.
Thank you for you time,
Jamie Bohr
Are you looking for something like nessus? You can get some fairly
comprehensive web based reports from nessus for the systems on your
network.
Yes, nessus is good, but beware of false positives from nessus. It may
report that you have package foobar-X.Y which has a certain
vulnerability, when in fact you have foobar-X.Y-xx.yy where that has
been fixed. Nessus doesn't necessarily know about fixes in incremental
releases. It looks at the signon message or behaviour of the program
and bases its recommendations on that. Just wanted you to be aware of
that.
You can also use nmap to portscan your systems and see which ports a
given machine is listening on. We also use portsentry and snort to
watch things go bump on the network, as well as firewalling the kapok
out of things.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Never test for an error condition you don't know how to handle. -
----------------------------------------------------------------------
