Monday, August 13, 2012

Python oneliner - HTTP servers

Power of python :)

# python -m SimpleHTTPServer 8080
# python3 -m http.server 8000

# sudo python -m pyftpdlib.ftpserver.

Sunday, August 12, 2012

Python - inserting data into excel file

Creating excel file with Python
import win32api
import win32con
import win32file

import win32com.client
xlapp = win32com.client.Dispatch("Excel.Application")
xlapp.cells(1,1).value ="Hello"
xlSheet = xlApp.Sheets(1)


Python Script to Parse MBSA files

Simple python script to parse Microsoft MBSA files

# Name:        MBSA parser
# Author:      Azmath
# Created:     11/07/2012
# Copyright:   (c) 2012

from xml.etree import ElementTree

with open('test.mbsa', 'rt') as f:
    tree = ElementTree.parse(f)
print "servername" + "|"+"domainname" +"|"+"scandate"+"|"+"id" +"|"+ "severity" +"|"+ "Patchtype" + "|"+"Description"
for node in tree.iter('SecScan'):
    name = node.attrib.get('Machine')
    domain = node.attrib.get('Domain')
    scandate = node.attrib.get('LDate')
    if name and domain:
        print '  %s :: %s' % (name, domain)
        print name

for node in tree.iter('UpdateData'):
    id = node.attrib.get('ID')
    if id:
        isinstalled = node.attrib.get('IsInstalled')
        if isinstalled == 'false':
            bid = node.attrib.get('BulletinID')
            if bid:
                bulletinid = bid
                bulletinid = "None"
            idd = node.attrib.get('ID')
            #print "Patch id = " +idd
            severity = node.attrib.get('Severity')
            #print "Severity = "+severity
            dtype = node.attrib.get ('Type')
            #print "Patch type:" + dtype
            for p in node.getiterator('Title'):
                desc = p.text
            print name + "|"+domain +"|"+scandate+"|"+idd +"|"+ severity +"|"+ dtype + "|"+desc

AIX oneliners for auditing

Locked Accounts

#sudo cat /etc/security/user | grep -iE '\:|account_locked'|grep -iv '*'

Last password change date
#for a in `cut -f1 -d: /etc/passwd | grep -v '\+' `;do echo $a; /usr/bin/sudo /usr/lbin/getprpw $a; done|cut -f9 -d ','

NFS shares:
#/usr/bin/sudo cat /etc/exports||echo 'file not found'

Inactive Accounts:
#/usr/bin/sudo lsuser -a id ALL | awk '{ print $(NF-1) }' |while read user ; do sudo lssec -f /etc/security/lastlog -s $user -a time_last_login;done

Last password change date:
#/usr/bin/sudo lsuser -a id ALL | awk '{ print $(NF-1) }' |while read user ; do sudo lssec -f /etc/security/passwd -s $user -a lastupdate;done

All SNMP strings:
#/usr/bin/sudo cat /etc/snmpd.conf|grep -iE '^[a-z][A-Z]'

Default SNMP

#sudo cat /etc/snmpd.conf | grep -iE 'community|public|private' |grep -iv '# '

List of services:
#/usr/bin/sudo cat /etc/services |grep -iE '^[a-z][A-Z]'

Users with uid=0, gid=0
 #cat /etc/passwd | grep ':0:'
#cat /etc/group | grep ':0:'

Check if auditing service is running:
#/usr/bin/sudo ps -ef |grep auditd|grep -v 'grep'||echo 'not enabled'

List of sudoer:
#/usr/bin/sudo cat /etc/sudoers|grep -iE '^[a-z][A-Z]'

unmask value

sudo lssec -f /etc/security/user -s default -a umask

List of users:
sudo cat /etc/passwd|cut -d ':' -f1

account/password policy:
sudo lssec -f /etc/security/user -s default -a maxage
sudo lssec -f /etc/security/user -s default -a maxexpired
sudo lssec -f /etc/security/user -s default -a minalpha
sudo lssec -f /etc/security/user -s default -a minother
sudo lssec -f /etc/security/user -s default -a minlen
sudo lssec -f /etc/security/user -s default -a mindiff
sudo cat /etc/security/user | grep -iE '\:|loginretries'
sudo cat /etc/security/user | grep -iE '\:|histsize'
sudo cat /etc/profile |grep -i 'tmout'
sudo cat /etc/security/user | grep -iE '\:|histexpire'
sudo cat /etc/security/user | grep -iE '\:|pwdwarntime'
sudo cat /etc/security/user | grep -iE '\:|maxrepeats'

Login Delay
sudo cat /etc/security/login.cfg | grep -i 'logindelay'

Log Login attempts:
sudo ls -l /var/adm/ /etc/security |grep -iE 'loginlog|sulog|failedlogin'

cat /etc/services