Re: UNIX/Windows audit scripts

From: mozilla@ids-guide.de
Date: Fri Mar 04 2005 - 14:48:57 EST

• Next message: Jeffrey Denton: "Re: UNIX/Windows audit scripts"
• Previous message: Todd Towles: "RE: UNIX/Windows audit scripts"
• In reply to: Javier Fernandez-Sanguino: "UNIX/Windows audit scripts"
• Next in thread: Jeffrey Denton: "Re: UNIX/Windows audit scripts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

beyond tools like the ones from foundstone and sysinternals you can
use Microsofts Scriptmatic V2 to generate nice scripts that uses wmi
to gather information like installed software and installed hotfixes.
You can generate vbs scripts, perl, jscript and python. Together with
a perl compiler you can make your 'own' audit tools.

I use it all together in a running batch to get my infos.

Hope tat helps
Michael

JFS> -----BEGIN PGP SIGNED MESSAGE-----
JFS> Hash: SHA1

JFS> Hi there,

JFS> I have just returned from an audit in which I have been extensively
JFS> used a set of audit scripts to extract information to do a "white box"
JFS> analysis of a set of systems. Running an "advanced" tool on those
JFS> systems [1] was not an option and I used a simple shell script (batch
JFS> in the Windows 2000/XP/2003 case) that would extract the relevant
JFS> information from the system (installed software and patches,
JFS> permissions, TCP/IP listeners, processes, etc.) and allow me to review
JFS> that manually and fill in the appropiate checklist.

JFS> After developing my own I have been able to find only a few similar
JFS> scripts out there. Marc Heuse's set of audit scripts [2] and Seán
JFS> Boran's UNIX/Linux local audit tool [3]. Has anyone written / used
JFS> similar scripts?

JFS> Please refrain from suggesting me using tools like ISS's Host Scanner,
JFS> Nessus (and its Local Security Checks), the CIS scoring tool, Titan
JFS> or similar software. I'm actually looking for audit scripts less than
JFS> 8-10Kb in size that do not need any installation and can be run
JFS> without a GUI to just output information that will be later on
JFS> analysed. I'm not looking for something that will do both the
JFS> information extraction and the security review report for me.

JFS> I have working audit scripts currently for AIX, Debian GNU/Linux, Red
JFS> Hat, SuSE, HPUX, Solaris and Windows. But I'm interested in comparing
JFS> mine with others out there in order to improve them and with a public
JFS> release of those in mind.

JFS> Regards

JFS> Javier

JFS> [1] Like Tiger in Unix systems, which I maintain currently (at
JFS> http://savannah.nongnu.org/projects/tiger)
JFS> [2] http://www.suse.de/~marc/audit/
JFS> [3] http://www.boran.com/security/sp/solaris/audit_tool.html

JFS> -----BEGIN PGP SIGNATURE-----
JFS> Version: PGP 8.0.3

JFS> iQA/AwUBQigmNaO1I0N5hzVfEQIbLwCfe9fUv6GOkKoH5TU2Fw2zopoNn4AAoPQk
JFS> 7/sChGpaQrMzuJx0473nSrGZ
JFS> =g6vs
JFS> -----END PGP SIGNATURE-----

-- 
Mit freundlichen Grüßen
mozilla@ids-guide.de
mailto:mozilla@ids-guide.de

• Next message: Jeffrey Denton: "Re: UNIX/Windows audit scripts"
• Previous message: Todd Towles: "RE: UNIX/Windows audit scripts"
• In reply to: Javier Fernandez-Sanguino: "UNIX/Windows audit scripts"
• Next in thread: Jeffrey Denton: "Re: UNIX/Windows audit scripts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT