Penetration Testing mailing list archives
[PEN-TEST] Testing SAP security on UNIX at OS level
From: "Kreusch, Stephen (ZA - Johannesburg)" <skreusch () DELOITTE CO ZA>
Date: Wed, 14 Mar 2001 18:47:47 +0200
Does anyone have any pointers to information on testing SAP security at a UNIX level? There are the obvious things such as owner/group/other, file permissions, SUID, etc. What I am more interested in is pointers on any specific files to check for, what their contents should be, etc. To draw an Oracle parallel, I am not interesting in looking at the database level security, roles, and stored procedures. Instead, I am looking at things like weak listener passwords, the contents of the pwd<SID> password file, ORA_ENCRYPT_LOGIN environment variable, etc. Any assistance would be appreciated. Thanks Stephen
Current thread:
- [PEN-TEST] Testing SAP security on UNIX at OS level Kreusch, Stephen (ZA - Johannesburg) (Mar 14)