Penetration Testing mailing list archives
Re: UNIX/Windows audit scripts
From: David Cravshaw <david.cravshaw () gmail com>
Date: Fri, 4 Mar 2005 14:02:02 -0600
SomarSoft's DumpSec (http://www.systemtools.com/somarsoft/) is a great tool for pulling various Windows settings, but it is slightly out of date and I've had a couple issues with it in the past. It's been known to get stuck in an infinite loop in some AD environments, I think nested Universal groups were the cause. And it can sometimes die if it's pulling user rights and it tries to resolve the SID of a deleted user. Although you intially have to install dumpsec, you can easily pull the .exe off a machine and use it elsewhere. It also has command-line options, which make it quite scriptable. 8-10kb is pretty restrictive, though. I've been working on a tool to do something very similar on Win systems and the current release version is at 78kb...and that's just the basics! Of course, it could be the kludgy code... On Fri, 04 Mar 2005 10:11:20 +0100, Javier Fernandez-Sanguino <jfernandez () germinus com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, I have just returned from an audit in which I have been extensively used a set of audit scripts to extract information to do a "white box" analysis of a set of systems. Running an "advanced" tool on those systems [1] was not an option and I used a simple shell script (batch in the Windows 2000/XP/2003 case) that would extract the relevant information from the system (installed software and patches, permissions, TCP/IP listeners, processes, etc.) and allow me to review that manually and fill in the appropiate checklist. After developing my own I have been able to find only a few similar scripts out there. Marc Heuse's set of audit scripts [2] and Seán Boran's UNIX/Linux local audit tool [3]. Has anyone written / used similar scripts? Please refrain from suggesting me using tools like ISS's Host Scanner, Nessus (and its Local Security Checks), the CIS scoring tool, Titan or similar software. I'm actually looking for audit scripts less than 8-10Kb in size that do not need any installation and can be run without a GUI to just output information that will be later on analysed. I'm not looking for something that will do both the information extraction and the security review report for me. I have working audit scripts currently for AIX, Debian GNU/Linux, Red Hat, SuSE, HPUX, Solaris and Windows. But I'm interested in comparing mine with others out there in order to improve them and with a public release of those in mind. Regards Javier [1] Like Tiger in Unix systems, which I maintain currently (at http://savannah.nongnu.org/projects/tiger) [2] http://www.suse.de/~marc/audit/ [3] http://www.boran.com/security/sp/solaris/audit_tool.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQigmNaO1I0N5hzVfEQIbLwCfe9fUv6GOkKoH5TU2Fw2zopoNn4AAoPQk 7/sChGpaQrMzuJx0473nSrGZ =g6vs -----END PGP SIGNATURE-----
Current thread:
- UNIX/Windows audit scripts Javier Fernandez-Sanguino (Mar 04)
- Re: UNIX/Windows audit scripts mozilla (Mar 04)
- Re: UNIX/Windows audit scripts Jeffrey Denton (Mar 04)
- Re: UNIX/Windows audit scripts David Cravshaw (Mar 04)
- <Possible follow-ups>
- RE: UNIX/Windows audit scripts Todd Towles (Mar 04)