Projects tagged ‘audit’

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. ... [More] Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches. [Less]

sshproxy is a pure python implementation of an ssh authenticating proxy. It allows users to connect to remote sites without having to know the password or key of the remote sites. ACL rules can be set up to allow or deny users based on ... [More] different parameters like their IP address or the time of the day. Access attempts are logged via syslog, and an enhanced "action log" system is under development. The client is the standard ssh client. [Less]

The Envers project makes it simple to version entities. The only thing required is annotating them with @Versioned. Storing historical data (versions) is completely transparent to the developer. He/she may interact with the entities as always. Not ... [More] only basic properties of an entity can be versioned, but also relations, making it possible to view parts of the database as they were at a given revision (each revision has an associated timestamp, one revision = one transaction, in which versioned data has changed). Moreover, Envers provides a straightforward interface for retrieving historical data, a criteria-like query interface, and the possibility to store additional information alongside each revision. Envers works with Hibernate and Hibernate Entity Manager. [Less]

CDO Model Repository ===================== CDO is both a technology for distributed shared EMF models and a fast server-based O/R mapping solution. With CDO you can easily enhance your existing models in such a way that saving a resource ... [More] transparently commits the applied changes to a relational database. Optionally other connected clients are actively notified about these changes so that their model copies get partially invalidated and all user interfaces reflect the current state at once. Stored resources are demand-loaded from the database only as needed. CDO uses the Net4j technology as a flexible and scalable signalling backbone. [Less]

Release Audit Tool (RAT) is a tool to improve accuracy and efficiency when checking releases. It is heuristic in nature: making guesses about possible problems. It will produce false positives and cannot find every possible issue with a release. It's ... [More] reports require interpretation. RAT was developed in response to a need felt in the Apache Incubator to be able to review releases for the most common faults less labour intensively. It is therefore highly tuned to the Apache style of releases. [Less]

PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

WebSpidah is a tactical WASS (Web Application Security Scanner) written in PHP. It has an interactive shell as a user interface, much like the MSF, and a modularized, XML-based, vulnerability recon system. WebSpidah is released under the GPL license.

My interpertation of SOX Compliance as it relates to Linux in the business environment is as follows: All users, hardware, software, transactions and processes must be identified and accounted for. Sally creates a cron job on a backend SQL server ... [More] , that purges a temporary table nightly. Sally's cron job is linked to Sally. The server running the cron job is identified. The cron jobs and SQL procedure that purge the data are documentated with the business needs. Who requested it and why. The data that is purged is backed up prior to purging and locatable offline if needed. Server 'x' has services / programs that run automatically when booted. Each of these services is documentated with its business needs and audited. Server 'y' has ports open that accept incoming connections, these services are documented with their business needs and audited. User accounts, group accounts and password policies are audited to be sure only those authorized access, have access and passwords are expired and changed periodicaly. Installed software applications are audited and documentated with business requirments. Software patches are documentated and audited. Server 'z' has 600 Red Hat RPM's installed. RPM's are updated regulary by administrators this must be documentated and audited. Do all servers have the same versions of Sendmail? These IT thorns can create turmoil or provide opportunity of IT professionals to finally get the time and resources they need to make life easier. With SOX Section 404, IT can slow down and really look at their environment and create policies and practices that may at first seem stupid , difficult and time consuming. But in the long run these changes will make administration of Linux environments much easier and cleaner. Because of the SOX compliance push at my company I was able to create a central database that holds all users, groups, cron jobs, rpms, services and applications running on all linux servers. Each morning a collector runs which checks each server and update the database. I can tell you which servers have which version of libc++, which users have cron jobs and who needs to change their password. The collection process takes about 15 minutes. I also have nagios monitoring everything every minute, and cacti with RRDTool building historical trend databases each minute. I can tell you how many users, what processes and the system load on a server 7 months ago at exactly 3:42am. Imagine having to check thousands of servers and compile this sort of information. Currently I have the following ruby scripts: CronAudit (audits /etc/crontab and /var/spool/cron) UserAudit (audits /etc/passwd, /etc/shadow and /etc/group) RPMAudit (audits all system rpm's) RCAudit (includes /etc/init.d/ rc scripts and xinetd managed processes) MySQL Database Structure The above scripts run from one central server and require: Net::SSH http://rubyforge.org/projects/net-ssh/ Ruby/DBI http://rubyforge.org/projects/ruby-dbi/ [Less]

The goal of the project is to enable generic audit logging for java applications and to describe the schema and format for audit logging, as well as best practices for audit logging, for other commons platforms such as: Ruby on Rails .NET Audit ... [More] Logs can be stored in a database or in log files. This is NOT meant as a replacement for the regular logging systems such as log4j. It can be considered an abstraction on top of the normal logging that enables better business level logging of a deployed application or applications. Group email: jaudit@googlegroups.com [Less]