[osiris-devel] monitoring host state
Alexei_Roudnev
Alexei_Roudnev at exigengroup.com
Mon Jan 5 21:11:02 EST 2004
Few ideas, related to few last issues:
(1) let's modify (I can do it) file match so that 'xxx' mathc to '''.../xxx"
or "...\xxx" on Windows; I tried to find simple reg-exp function for Win32
but it (simple one) does not exists;
(2) users / groups. May be, it must be more flexible - allow to monitor such
things as 'aliases' and other 'line format' files. (I do not see big value
in it).
On Windows, it is better to drop an idea for now.
(3) Windows / Registry. May be, 'services' can be monitored by special
command as a special case.
(4) There is one more interesting (for IDS) resource - ports opened for
LISTEN.
----- Original Message -----
From: "Brian Wotring" <brian at shmoo.com>
To: "Osiris Developers" <osiris-devel at lists.shmoo.com>
Sent: Monday, January 05, 2004 11:38 AM
Subject: [osiris-devel] monitoring host state
>
> Here is what we have so far. I'm mostly concerned with the lack of any
> significant attributes on the Windows side. If anyone knows of any way
> to expand this, now is the time.
>
> unix users: name,uid,gid,gecos,home,shell
> windows users: name, privs, home, flags, auth_flags
>
> unix groups: group,gid
>
> For Windows, only the name. The LOCAL_GROUP_INFO structure contains
> only the name and the comment field. Getting the gid and other
> attributes requires using NetGroupEnum(), which I have found to be
> unreliable for listing local group information.
>
> linux kmods: same as output from lsmod
> darwin kexts: same as output from kextstat
> windows kmods (services): name, display_name, status (types
> SERVICE_WIN32)
>
> --
> Brian Wotring ( brian at shmoo.com )
> PGP KeyID: 0x9674763D
>
> _______________________________________________
> osiris-devel mailing list
> osiris-devel at lists.shmoo.com
> https://lists.shmoo.com/mailman/listinfo/osiris-devel
>
More information about the osiris-devel
mailing list