Automating Audit Baselines – A Case Study

James TaralaBaselining, Scripting, Windows Auditing

Quite a few times in this blog we’ve talked about automating audit and assessment tasks, especially as it relates to system baselines. We’ve tried quite a few times to give our readers tools for creating baselines and always hope that people will turn those baselines into automated processes that will alert them to deviations or changes to their systems. Certainly … Read More

More PowerShell Audit One Liners

James TaralaBaselining, Scripting, Windows Auditing

In our last couple posts we described how to gather a general baseline of system demographics on a Microsoft Windows system you’ve been tasked with auditing. Hopefully the posts gave everyone some ideas for the capabilities that PowerShell offers, even if the information we gathered isn’t all that exciting. In this post I thought we would show you additional examples … Read More

Using SystemInfo.exe to Baseline a System

James TaralaBaselining, Scripting, Windows Auditing

After our last post on gathering system demographics using PowerShell (specifically the Get-Object cmdlet) we had a few auditors mention to us that there are other ways to do it as well. We couldn’t agree more and we’re glad they brought it up. Microsoft seems to like to give us choices for how we perform job tasks, and this is … Read More

PowerShell Audit One Liners

James TaralaBaselining, Scripting, Windows Auditing

Over our last few posts we’ve talked a lot about using Unix BASH scripting to audit Unix systems. But we certainly don’t want our Windows friends to feel left out. The more I talk with people and listen to their security challenges, the more interest I hear about how to use PowerShell for audit or security purposes. Who knows, maybe … Read More

Audit Script to Detect Unix Operating System

James TaralaBaselining, Scripting, Unix Auditing

In the last few blog entries we have been focusing quite a bit on displaying information from a Unix system via a BASH script. One question that’s come up by quite a few people is, do these commands work on all Unix system? That’s a very valid question. It turns out that one of my favorite sayings about Unix is … Read More

Unix Audit Script for Disk Utilization

James TaralaBaselining, Scripting, Unix Auditing

We’ve noticed an issue on some of our Unix servers lately. This may not be completely security related (unless of course we’re talking about the availability of a system). We have noticed on quite a few occurrences lately that the disk space on our Unix servers has started to grow out of control to the point where the availability of … Read More

More Unix Audit Script One Liners

James TaralaBaselining, Scripting, Unix Auditing

In our last post we gave some examples of Unix audit script one liners for baselining information from a Unix system. It turns out there are more people than we thought who are interested in this topic and are looking to include commands like these in their scripts. We definitely appreciate everyone’s enthusiasm and decided to post more commands in … Read More

Unix Audit Script One Liners

James TaralaBaselining, Scripting, Unix Auditing

Lately I’ve had quite a few requests come in from students and clients to review the audit script that companies are using to audit their Unix / Linux systems. It seems like every company has one person who, at some point in time, wrote a script to audit Unix systems, or they downloaded one from someone online. But in either … Read More

Comparing Text Files in Windows

James TaralaBaselining, Tools, Windows Auditing

So last month we wrote a post about the built in capabilities of Microsoft Windows to be able to perform comparisons of two text files. Personally when I am comparing two files I am concerned that I can do it from the command line, can easily automate the comparison, and that the output is easy to parse and understand. Built … Read More

Comparing Two Files with PowerShell

James TaralaBaselining, Windows Auditing

One of the concepts that we have written about over and over again on this blog is the principal of baselining and how to compare the present state of a system with a known good snapshot of the same attribute of a system. If for instance we have a server with 10 running services on it today, and tomorrow we … Read More