From: David Cravshaw (david.cravshaw@gmail.com)
Date: Fri Mar 04 2005 - 15:02:02 EST
SomarSoft's DumpSec (http://www.systemtools.com/somarsoft/) is a great
tool for pulling various Windows settings, but it is slightly out of
date and I've had a couple issues with it in the past. It's been
known to get stuck in an infinite loop in some AD environments, I
think nested Universal groups were the cause. And it can sometimes
die if it's pulling user rights and it tries to resolve the SID of a
deleted user. Although you intially have to install dumpsec, you can
easily pull the .exe off a machine and use it elsewhere. It also has
command-line options, which make it quite scriptable.
8-10kb is pretty restrictive, though. I've been working on a tool to
do something very similar on Win systems and the current release
version is at 78kb...and that's just the basics! Of course, it could
be the kludgy code...
On Fri, 04 Mar 2005 10:11:20 +0100, Javier Fernandez-Sanguino
<jfernandez@germinus.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi there,
>
> I have just returned from an audit in which I have been extensively
> used a set of audit scripts to extract information to do a "white box"
> analysis of a set of systems. Running an "advanced" tool on those
> systems [1] was not an option and I used a simple shell script (batch
> in the Windows 2000/XP/2003 case) that would extract the relevant
> information from the system (installed software and patches,
> permissions, TCP/IP listeners, processes, etc.) and allow me to review
> that manually and fill in the appropiate checklist.
>
> After developing my own I have been able to find only a few similar
> scripts out there. Marc Heuse's set of audit scripts [2] and Seán
> Boran's UNIX/Linux local audit tool [3]. Has anyone written / used
> similar scripts?
>
> Please refrain from suggesting me using tools like ISS's Host Scanner,
> Nessus (and its Local Security Checks), the CIS scoring tool, Titan
> or similar software. I'm actually looking for audit scripts less than
> 8-10Kb in size that do not need any installation and can be run
> without a GUI to just output information that will be later on
> analysed. I'm not looking for something that will do both the
> information extraction and the security review report for me.
>
> I have working audit scripts currently for AIX, Debian GNU/Linux, Red
> Hat, SuSE, HPUX, Solaris and Windows. But I'm interested in comparing
> mine with others out there in order to improve them and with a public
> release of those in mind.
>
> Regards
>
> Javier
>
> [1] Like Tiger in Unix systems, which I maintain currently (at
> http://savannah.nongnu.org/projects/tiger)
> [2] http://www.suse.de/~marc/audit/
> [3] http://www.boran.com/security/sp/solaris/audit_tool.html
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
>
> iQA/AwUBQigmNaO1I0N5hzVfEQIbLwCfe9fUv6GOkKoH5TU2Fw2zopoNn4AAoPQk
> 7/sChGpaQrMzuJx0473nSrGZ
> =g6vs
> -----END PGP SIGNATURE-----
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT