OT: vulnerability scanner
Rick Stevens
rstevens at vitalstream.com
Wed Aug 10 18:54:33 UTC 2005
Scot L. Harris wrote:
> On Wed, 2005-08-10 at 14:41, Jamie Bohr wrote:
>
>>I know this is off topic but ...
>>
>>I am looking to a vulnerability scanner for UNIX. Currently we (the
>>company I work for) are using TARA and have come to the conclusion
>>that either we need to switch to something else or give TARA a major
>>overhaul. Before we went down updating TARA I thought I would see
>>what else was out there that could be a direct TARA replacement and
>>possibly have more features, central reporting be one of them.
>>
>>Thank you for you time,
>> Jamie Bohr
>
>
> Are you looking for something like nessus? You can get some fairly
> comprehensive web based reports from nessus for the systems on your
> network.
Yes, nessus is good, but beware of false positives from nessus. It may
report that you have package foobar-X.Y which has a certain
vulnerability, when in fact you have foobar-X.Y-xx.yy where that has
been fixed. Nessus doesn't necessarily know about fixes in incremental
releases. It looks at the signon message or behaviour of the program
and bases its recommendations on that. Just wanted you to be aware of
that.
You can also use nmap to portscan your systems and see which ports a
given machine is listening on. We also use portsentry and snort to
watch things go bump on the network, as well as firewalling the kapok
out of things.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Never test for an error condition you don't know how to handle. -
----------------------------------------------------------------------
More information about the fedora-list
mailing list