ISS_Expert
asked on
How do I identify if any changes were made
Hi All,
According to our change management policy, all changes to production servers should be supported by supporting documents. I would like to perform a test by looking for files that have been created/changed recently and comparing with supporting documents. What is the best way of doing this on Windows and Unix servers? Can I use the create date or modified date? fyi there is no auditing of changes to files and system objects.
Thanks.
According to our change management policy, all changes to production servers should be supported by supporting documents. I would like to perform a test by looking for files that have been created/changed recently and comparing with supporting documents. What is the best way of doing this on Windows and Unix servers? Can I use the create date or modified date? fyi there is no auditing of changes to files and system objects.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Check out this this link talking about the possible auditing capability on servers. The key things are that there can be granular tracking for objects, events, access and etc. I will say that the Windows audit serve as baseline as whole platform and the rest of the software will be value add by doing correlation or having more details instead.
For example, in the tools mentioned above it can track specfic target folder/file you want to track but (at least to best knowledge) not for Window Audit whcih tends to be the whole OS. At least searching through will be easier using the 'focused' tools. The Windows will complement to check the other 'non-focused' events for correlation (in investigation like who is the last user that have login and etc).
Overall, they are complementary and good to have both - just like security pitch "defense in depth"
Link: http://www.windowsecurity.com/articles/Windows-Active-Directory-Auditing.html
For example, in the tools mentioned above it can track specfic target folder/file you want to track but (at least to best knowledge) not for Window Audit whcih tends to be the whole OS. At least searching through will be easier using the 'focused' tools. The Windows will complement to check the other 'non-focused' events for correlation (in investigation like who is the last user that have login and etc).
Overall, they are complementary and good to have both - just like security pitch "defense in depth"
Link: http://www.windowsecurity.com/articles/Windows-Active-Directory-Auditing.html
ASKER
Thanks guys.
ASKER