Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: UNIX/Windows audit scripts

From: David Cravshaw <david.cravshaw () gmail com>
Date: Fri, 4 Mar 2005 14:02:02 -0600
SomarSoft's DumpSec (http://www.systemtools.com/somarsoft/) is a great
tool for pulling various Windows settings, but it is slightly out of
date and I've had a couple issues with it in the past.  It's been
known to get stuck in an infinite loop in some AD environments, I
think nested Universal groups were the cause.  And it can sometimes
die if it's pulling user rights and it tries to resolve the SID of a
deleted user.  Although you intially have to install dumpsec, you can
easily pull the .exe off a machine and use it elsewhere.  It also has
command-line options, which make it quite scriptable.

8-10kb is pretty restrictive, though.  I've been working on a tool to
do something very similar on Win systems and the current release
version is at 78kb...and that's just the basics!  Of course, it could
be the kludgy code...


On Fri, 04 Mar 2005 10:11:20 +0100, Javier Fernandez-Sanguino
<jfernandez () germinus com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,

I have just returned from an audit in which I have been extensively
used a set of audit scripts to extract information to do a "white box"
analysis of a set of systems. Running an "advanced" tool on those
systems [1] was not an option and I used a simple shell script (batch
in the Windows 2000/XP/2003 case) that would extract the relevant
information from the system (installed software and patches,
permissions, TCP/IP listeners, processes, etc.) and allow me to review
that manually and fill in the appropiate checklist.

After developing my own I have been able to find only a few similar
scripts out there. Marc Heuse's set of audit scripts [2] and Seán
Boran's UNIX/Linux local audit tool [3]. Has anyone written / used
similar scripts?

Please refrain from suggesting me using tools like ISS's Host Scanner,
Nessus (and its Local Security Checks), the CIS scoring tool, Titan
or similar software. I'm actually looking for audit scripts less than
8-10Kb in size that do not need any installation and can be run
without a GUI to just output information that will be later on
analysed. I'm not looking for something that will do both the
information extraction and the security review report for me.

I have working audit scripts currently for AIX, Debian GNU/Linux, Red
Hat, SuSE, HPUX, Solaris and Windows. But I'm interested in comparing
mine with others out there in order to improve them and with a public
release of those in mind.

Regards

Javier

[1] Like Tiger in Unix systems, which I maintain currently (at
http://savannah.nongnu.org/projects/tiger)
[2] http://www.suse.de/~marc/audit/
[3] http://www.boran.com/security/sp/solaris/audit_tool.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQigmNaO1I0N5hzVfEQIbLwCfe9fUv6GOkKoH5TU2Fw2zopoNn4AAoPQk
7/sChGpaQrMzuJx0473nSrGZ
=g6vs
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: