[osiris-devel] monitoring host state
Brian Wotring
brian at shmoo.com
Tue Jan 6 18:39:54 EST 2004
On Windows, it displays:
>> windows kmods (services): name, display_name, status (types
>> SERVICE_WIN32)
On Jan 6, 2004, at 4:18 PM, Alexei Roudnev wrote:
> What is 'services' ? I man - what is scanned?
>
>
>
> ----- Original Message -----
> From: "Brian Wotring" <brian at shmoo.com>
> To: "Osiris Developers" <osiris-devel at lists.shmoo.com>
> Sent: Tuesday, January 06, 2004 2:02 PM
> Subject: Re: [osiris-devel] monitoring host state
>
>
>>
>> You can test these features by adding this to your config:
>>
>> <System>
>> Include users
>> Include groups
>> Include services
>> </System>
>>
>> And, debug configurations have been added to all of the Visual Studio
>> project files.
>>
>> On Jan 6, 2004, at 2:52 PM, Alexei Roudnev wrote:
>>
>>> Hmm, NT.. I think I have (yet) 1 NT. I'll try to verify (btw, virtusl
>>> machines can be a good choice for testing).
>>>
>>> Which version - 3.0?
>>>
>>> ----- Original Message -----
>>> From: "Brian Wotring" <brian at shmoo.com>
>>> To: "Osiris Developers" <osiris-devel at lists.shmoo.com>
>>> Sent: Tuesday, January 06, 2004 12:46 PM
>>> Subject: Re: [osiris-devel] monitoring host state
>>>
>>>
>>>>
>>>> I've only tested this on Windows 2000. If you could verify this on
>>>> NT
>>>> and XP, that would be really helpful.
>>>>
>>>> On Jan 6, 2004, at 1:39 PM, Alexei Roudnev wrote:
>>>>
>>>>> Excellent - if it works -:).
>>>>>
>>>>> Where (which OS) did you tested it already?
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Brian Wotring" <brian at shmoo.com>
>>>>> To: "Osiris Developers" <osiris-devel at lists.shmoo.com>
>>>>> Sent: Tuesday, January 06, 2004 6:02 AM
>>>>> Subject: Re: [osiris-devel] monitoring host state
>>>>>
>>>>>
>>>>>>
>>>>>> The user entry for Windows now contains a list of groups that user
>>>>>> is
>>>>>> a
>>>>>> member of.
>>>>>>
>>>>>> On Jan 5, 2004, at 1:05 PM, Alexei_Roudnev wrote:
>>>>>>
>>>>>>> For Windows, you need to monitor, at least,
>>>>>>>
>>>>>>> Users, 'Member Of', with names insted of group SID. I can find a
>>>>>>> code,
>>>>>>> which allowed to extract such information (I wrote it in past -
>>>>>>> user,
>>>>>>> list
>>>>>>> of groups).
>>>>>>>
>>>>>>> It is not excellent, but works.
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>> From: "Brian Wotring" <brian at shmoo.com>
>>>>>>> To: "Osiris Developers" <osiris-devel at lists.shmoo.com>
>>>>>>> Sent: Monday, January 05, 2004 11:38 AM
>>>>>>> Subject: [osiris-devel] monitoring host state
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Here is what we have so far. I'm mostly concerned with the lack
>>>>>>>> of
>>>>>>>> any
>>>>>>>> significant attributes on the Windows side. If anyone knows of
>>>>>>>> any
>>>>>>>> way
>>>>>>>> to expand this, now is the time.
>>>>>>>>
>>>>>>>> unix users: name,uid,gid,gecos,home,shell
>>>>>>>> windows users: name, privs, home, flags, auth_flags
>>>>>>>>
>>>>>>>> unix groups: group,gid
>>>>>>>>
>>>>>>>> For Windows, only the name. The LOCAL_GROUP_INFO structure
>>>>>>>> contains
>>>>>>>> only the name and the comment field. Getting the gid and other
>>>>>>>> attributes requires using NetGroupEnum(), which I have found to
>>>>>>>> be
>>>>>>>> unreliable for listing local group information.
>>>>>>>>
>>>>>>>> linux kmods: same as output from lsmod
>>>>>>>> darwin kexts: same as output from kextstat
>>>>>>>> windows kmods (services): name, display_name, status (types
>>>>>>>> SERVICE_WIN32)
>>>>>>>>
>>>>>>>> --
>>>>>>>> Brian Wotring ( brian at shmoo.com )
>>>>>>>> PGP KeyID: 0x9674763D
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> osiris-devel mailing list
>>>>>>>> osiris-devel at lists.shmoo.com
>>>>>>>> https://lists.shmoo.com/mailman/listinfo/osiris-devel
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> osiris-devel mailing list
>>>>>>> osiris-devel at lists.shmoo.com
>>>>>>> https://lists.shmoo.com/mailman/listinfo/osiris-devel
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> Brian Wotring ( brian at shmoo.com )
>>>>>> PGP KeyID: 0x9674763D
>>>>>>
>>>>>> _______________________________________________
>>>>>> osiris-devel mailing list
>>>>>> osiris-devel at lists.shmoo.com
>>>>>> https://lists.shmoo.com/mailman/listinfo/osiris-devel
>>>>>>
>>>>> _______________________________________________
>>>>> osiris-devel mailing list
>>>>> osiris-devel at lists.shmoo.com
>>>>> https://lists.shmoo.com/mailman/listinfo/osiris-devel
>>>>>
>>>>>
>>>> --
>>>> Brian Wotring ( brian at shmoo.com )
>>>> PGP KeyID: 0x9674763D
>>>>
>>>> _______________________________________________
>>>> osiris-devel mailing list
>>>> osiris-devel at lists.shmoo.com
>>>> https://lists.shmoo.com/mailman/listinfo/osiris-devel
>>>>
>>>
>>> _______________________________________________
>>> osiris-devel mailing list
>>> osiris-devel at lists.shmoo.com
>>> https://lists.shmoo.com/mailman/listinfo/osiris-devel
>>>
>>>
>> --
>> Brian Wotring ( brian at shmoo.com )
>> PGP KeyID: 0x9674763D
>>
>> _______________________________________________
>> osiris-devel mailing list
>> osiris-devel at lists.shmoo.com
>> https://lists.shmoo.com/mailman/listinfo/osiris-devel
>>
> _______________________________________________
> osiris-devel mailing list
> osiris-devel at lists.shmoo.com
> https://lists.shmoo.com/mailman/listinfo/osiris-devel
>
>
--
Brian Wotring ( brian at shmoo.com )
PGP KeyID: 0x9674763D
More information about the osiris-devel
mailing list