[Fed-Talk] FAAS status update
[Fed-Talk] FAAS status update
- Subject: [Fed-Talk] FAAS status update
- From: Todd Heberlein <email@hidden>
- Date: Tue, 19 Feb 2013 16:23:23 -0800
Fed-Talkers,
With the recent penetration of Macs at both Apple and Facebook, I thought it would be a good time send out an update on the Free Audit Aggregation System (FAAS) that I've been working on. The idea is to get logs useful for detection and forensics off the vulnerable clients and aggregate them on a server.
The original concept paper can be found here:
Free Audit Aggregation System (FAAS)
An introductory video to FAAS can be found here:
FAAS Intro
I've posted Betas of FAAS Maker (the free tool) and two other tools (I'm not sure what I'll do with those) on a Beta page I stood up:
Betas
Additional videos for the tools include:
FAAS Maker Intro (a walk through of standing up a FAAS audit server)
Log Browser Intro
And 4 short videos on standing up a web server (that will serve as your FAAS audit log server) on Lion and Mountain Lion (with and without Apple's Server App). I recommend that you do NOT stand up FAAS on a web server that you use for other purposes.
Mountain Lion Server
Mountain Lion
Lion Server
Lion
The server-side analysis of the BSM logs (with a little help from the Syslog and process snapshots) will come a little later. In the meantime, I am hoping I can convince some people to do a little testing on these tools.
Thanks,
Todd
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden