It's true, I've reviewed a second book in one weekend. The review flood gates have opened. Amazon.com just posted my four-star review of Host Integrity Monitoring Using Osiris and Samhain by Brian Wotring. From the review:
"Host Integrity Monitoring Using Osiris and Samhain (HIM) is an excellent book on a frequently overlooked security discipline. Most people who hear about host integrity monitoring nod their heads and agree that performing it is a good idea. These same people usually don't implement HIM, and frequently cannot count the number of hosts, operating systems, and applications working in their enterprise. Thankfully, HIM provides a way to use open source tools to help remedy this situation. Consistent with the Visible Ops methodology, HIM provides guidance on how to keep track of host integrity."
I really liked this book, and I added it to the System Administration section of my Listmania Lists. I gave four stars because I would have liked to have read case studies on using each tool. Coverage of a related program, Radmind, for open source change management, would also have been nice.
PS: The drivers.exe program used to show loaded Windows kernel modules is available for free online in the Windows 2000 Resource Kit.