Penetration Testing mailing list archives
Re: UNIX/Windows audit scripts
From: mozilla () ids-guide de
Date: Fri, 4 Mar 2005 20:48:57 +0100
Hi, beyond tools like the ones from foundstone and sysinternals you can use Microsofts Scriptmatic V2 to generate nice scripts that uses wmi to gather information like installed software and installed hotfixes. You can generate vbs scripts, perl, jscript and python. Together with a perl compiler you can make your 'own' audit tools. I use it all together in a running batch to get my infos. Hope tat helps Michael JFS> -----BEGIN PGP SIGNED MESSAGE----- JFS> Hash: SHA1 JFS> Hi there, JFS> I have just returned from an audit in which I have been extensively JFS> used a set of audit scripts to extract information to do a "white box" JFS> analysis of a set of systems. Running an "advanced" tool on those JFS> systems [1] was not an option and I used a simple shell script (batch JFS> in the Windows 2000/XP/2003 case) that would extract the relevant JFS> information from the system (installed software and patches, JFS> permissions, TCP/IP listeners, processes, etc.) and allow me to review JFS> that manually and fill in the appropiate checklist. JFS> After developing my own I have been able to find only a few similar JFS> scripts out there. Marc Heuse's set of audit scripts [2] and Seán JFS> Boran's UNIX/Linux local audit tool [3]. Has anyone written / used JFS> similar scripts? JFS> Please refrain from suggesting me using tools like ISS's Host Scanner, JFS> Nessus (and its Local Security Checks), the CIS scoring tool, Titan JFS> or similar software. I'm actually looking for audit scripts less than JFS> 8-10Kb in size that do not need any installation and can be run JFS> without a GUI to just output information that will be later on JFS> analysed. I'm not looking for something that will do both the JFS> information extraction and the security review report for me. JFS> I have working audit scripts currently for AIX, Debian GNU/Linux, Red JFS> Hat, SuSE, HPUX, Solaris and Windows. But I'm interested in comparing JFS> mine with others out there in order to improve them and with a public JFS> release of those in mind. JFS> Regards JFS> Javier JFS> [1] Like Tiger in Unix systems, which I maintain currently (at JFS> http://savannah.nongnu.org/projects/tiger) JFS> [2] http://www.suse.de/~marc/audit/ JFS> [3] http://www.boran.com/security/sp/solaris/audit_tool.html JFS> -----BEGIN PGP SIGNATURE----- JFS> Version: PGP 8.0.3 JFS> iQA/AwUBQigmNaO1I0N5hzVfEQIbLwCfe9fUv6GOkKoH5TU2Fw2zopoNn4AAoPQk JFS> 7/sChGpaQrMzuJx0473nSrGZ JFS> =g6vs JFS> -----END PGP SIGNATURE----- -- Mit freundlichen Grüßen mozilla () ids-guide de mailto:mozilla () ids-guide de
Current thread:
- UNIX/Windows audit scripts Javier Fernandez-Sanguino (Mar 04)
- Re: UNIX/Windows audit scripts mozilla (Mar 04)
- Re: UNIX/Windows audit scripts Jeffrey Denton (Mar 04)
- Re: UNIX/Windows audit scripts David Cravshaw (Mar 04)
- <Possible follow-ups>
- RE: UNIX/Windows audit scripts Todd Towles (Mar 04)