These are my questions:
1)Has anybody used the Center for Internet Security (CIS) server configuration
audit tools and want to share their experience? I heard the software sometimes
crashes servers and does not always accurately report its audit results (i.e. you
could run the tools several times on a server and get different results each time).
2)Are there any tools out there that do about the same type of thing. I think the
commercial version of Tripwire does this but I doubt if management will come up with
the funds.
BTW...we currently use Nessus...but management want me to do security configuration
types of audits. We currently use the RATS tool from CIS and have been pleased with
its benchmarking/scoring results. See for more info. http://www.cisecurity.org/
Tony Lindsey - CISA,CISSP
Audit Security and Risk Management Group
Managed Medical Services LLP
U.S. Division
_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
