Practical audit advice you can use today.
# 29 : Automating Tripwire
The installation of a file integrity testing tool should be a part of the standard install of any server class system in your environment. Not only does it allow for simple continuous monitoring and detection of unauthorized configuration changes, but it also allows for rapid damage assessment in the face of a compromise.
This episode will take a fast look at the open source version of Tripwire. We'll examine common configuration errors in addition to discussing how to automate reporting for an auditor effectively without having to give the auditor or security officer root access to the system.
© 2011, David Hoelzer & EnclaveForensics