Hello, welcome to the Friday, September 21st, 2018 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

One tool that I don't see used as much as it probably should be used is OSEC. OSEC is an open source

log monitoring system first of all, but it can do

a lot more than just collect logs and parse them. For example, it can also check file integrity,

and as pointed out in Xavier's diary today, it can also monitor the output of scripts that you are running.

And with that you can, for example, keep an easy look on the output of, for example, PS,

the script that will tell you all the processes running currently on a Unix system in order to identify known malicious software.

Pretty neat little trick, so if you are running OSEC, take a look at this.

If not, well, maybe your monitoring system has a similar solution

where you can monitor what processes are running on your systems.

And usually I don't talk much about politics or legal issues, they like, but NS Labs did sue a number

of antivirus vendors, anti-malware vendors, because of a new testing standard that these

vendors agreed on.

Now, NS Labs is a fairly reputable testing company that tests various

security software hardware packages and, well, it has run into vendors in the past, of course,

whenever it came out with less than favorable reviews. In this particular case, the problem is that these vendors agreed to only allow

their software to be tested using a very specific testing procedure. And while there may be

nothing fundamentally wrong with this testing procedure, Whenever you define a very specific testing procedure

like this, then of course software starts to get optimized for the test and not necessarily

for real-world applications. To make things worse, the Yula that came with these products,

then outright forbade to actually run any other tests

...