Power of python :)
# python -m SimpleHTTPServer 8080
# python3 -m http.server 8000#sudo python -m pyftpdlib.ftpserver.
Monday, August 13, 2012
Sunday, August 12, 2012
Python - inserting data into excel file
Creating excel file with Python
----snip-----
import win32api
import win32con
import win32file
import win32com.client
xlapp = win32com.client.Dispatch("Excel.Application")
xlapp.visible=1
#xlwb=xlapp.workbooks.open("results.xls")
xlapp.workbooks.Add()
xlapp.cells(1,1).value ="Hello"
xlSheet = xlApp.Sheets(1)
----snip----
----snip-----
import win32api
import win32con
import win32file
import win32com.client
xlapp = win32com.client.Dispatch("Excel.Application")
xlapp.visible=1
#xlwb=xlapp.workbooks.open("results.xls")
xlapp.workbooks.Add()
xlapp.cells(1,1).value ="Hello"
xlSheet = xlApp.Sheets(1)
----snip----
Python Script to Parse MBSA files
Simple python script to parse Microsoft MBSA files
# Created: 11/07/2012
# Copyright: (c) 2012
#-------------------------------------------------------------------------------
from xml.etree import ElementTree
with open('test.mbsa', 'rt') as f:
tree = ElementTree.parse(f)
print "servername" + "|"+"domainname" +"|"+"scandate"+"|"+"id" +"|"+ "severity" +"|"+ "Patchtype" + "|"+"Description"
for node in tree.iter('SecScan'):
name = node.attrib.get('Machine')
domain = node.attrib.get('Domain')
scandate = node.attrib.get('LDate')
if name and domain:
print ' %s :: %s' % (name, domain)
else:
print name
for node in tree.iter('UpdateData'):
id = node.attrib.get('ID')
if id:
isinstalled = node.attrib.get('IsInstalled')
if isinstalled == 'false':
bid = node.attrib.get('BulletinID')
if bid:
bulletinid = bid
else:
bulletinid = "None"
idd = node.attrib.get('ID')
#print "Patch id = " +idd
severity = node.attrib.get('Severity')
#print "Severity = "+severity
dtype = node.attrib.get ('Type')
#print "Patch type:" + dtype
for p in node.getiterator('Title'):
desc = p.text
print name + "|"+domain +"|"+scandate+"|"+idd +"|"+ severity +"|"+ dtype + "|"+desc
#-------------------------------------------------------------------------------
# Name: MBSA parser
# Author: Azmath# Name: MBSA parser
# Created: 11/07/2012
# Copyright: (c) 2012
#-------------------------------------------------------------------------------
from xml.etree import ElementTree
with open('test.mbsa', 'rt') as f:
tree = ElementTree.parse(f)
print "servername" + "|"+"domainname" +"|"+"scandate"+"|"+"id" +"|"+ "severity" +"|"+ "Patchtype" + "|"+"Description"
for node in tree.iter('SecScan'):
name = node.attrib.get('Machine')
domain = node.attrib.get('Domain')
scandate = node.attrib.get('LDate')
if name and domain:
print ' %s :: %s' % (name, domain)
else:
print name
for node in tree.iter('UpdateData'):
id = node.attrib.get('ID')
if id:
isinstalled = node.attrib.get('IsInstalled')
if isinstalled == 'false':
bid = node.attrib.get('BulletinID')
if bid:
bulletinid = bid
else:
bulletinid = "None"
idd = node.attrib.get('ID')
#print "Patch id = " +idd
severity = node.attrib.get('Severity')
#print "Severity = "+severity
dtype = node.attrib.get ('Type')
#print "Patch type:" + dtype
for p in node.getiterator('Title'):
desc = p.text
print name + "|"+domain +"|"+scandate+"|"+idd +"|"+ severity +"|"+ dtype + "|"+desc
AIX oneliners for auditing
Locked Accounts
Last password change date
#for a in `cut -f1 -d: /etc/passwd | grep -v '\+' `;do echo $a; /usr/bin/sudo /usr/lbin/getprpw $a; done|cut -f9 -d ','
NFS shares:
#/usr/bin/sudo cat /etc/exports||echo 'file not found'
Inactive Accounts:
#/usr/bin/sudo lsuser -a id ALL | awk '{ print $(NF-1) }' |while read user ; do sudo lssec -f /etc/security/lastlog -s $user -a time_last_login;done
Last password change date:
#/usr/bin/sudo lsuser -a id ALL | awk '{ print $(NF-1) }' |while read user ; do sudo lssec -f /etc/security/passwd -s $user -a lastupdate;done
All SNMP strings:
#/usr/bin/sudo cat /etc/snmpd.conf|grep -iE '^[a-z][A-Z]'
Default SNMP
#sudo cat /etc/snmpd.conf | grep -iE 'community|public|private' |grep -iv '# '
List of services:
#/usr/bin/sudo cat /etc/services |grep -iE '^[a-z][A-Z]'
Users with uid=0, gid=0
Check if auditing service is running:
#/usr/bin/sudo ps -ef |grep auditd|grep -v 'grep'||echo 'not enabled'
List of sudoer:
#/usr/bin/sudo cat /etc/sudoers|grep -iE '^[a-z][A-Z]'
unmask value
List of users:
account/password policy:
Login Delay
Log Login attempts:
#sudo cat /etc/security/user | grep -iE '\:|account_locked'|grep -iv '*'
Last password change date
#for a in `cut -f1 -d: /etc/passwd | grep -v '\+' `;do echo $a; /usr/bin/sudo /usr/lbin/getprpw $a; done|cut -f9 -d ','
NFS shares:
#/usr/bin/sudo cat /etc/exports||echo 'file not found'
Inactive Accounts:
#/usr/bin/sudo lsuser -a id ALL | awk '{ print $(NF-1) }' |while read user ; do sudo lssec -f /etc/security/lastlog -s $user -a time_last_login;done
Last password change date:
#/usr/bin/sudo lsuser -a id ALL | awk '{ print $(NF-1) }' |while read user ; do sudo lssec -f /etc/security/passwd -s $user -a lastupdate;done
All SNMP strings:
#/usr/bin/sudo cat /etc/snmpd.conf|grep -iE '^[a-z][A-Z]'
Default SNMP
#sudo cat /etc/snmpd.conf | grep -iE 'community|public|private' |grep -iv '# '
List of services:
#/usr/bin/sudo cat /etc/services |grep -iE '^[a-z][A-Z]'
Users with uid=0, gid=0
#cat /etc/passwd | grep ':0:'
#cat /etc/group | grep ':0:'
Check if auditing service is running:
#/usr/bin/sudo ps -ef |grep auditd|grep -v 'grep'||echo 'not enabled'
List of sudoer:
#/usr/bin/sudo cat /etc/sudoers|grep -iE '^[a-z][A-Z]'
unmask value
sudo lssec -f /etc/security/user -s default -a umask
List of users:
sudo cat /etc/passwd|cut -d ':' -f1
account/password policy:
sudo lssec -f /etc/security/user -s default -a maxage
sudo lssec -f /etc/security/user -s default -a maxexpired
sudo lssec -f /etc/security/user -s default -a minalpha
sudo lssec -f /etc/security/user -s default -a minother
sudo lssec -f /etc/security/user -s default -a minlen
sudo lssec -f /etc/security/user -s default -a mindiff
sudo cat /etc/security/user | grep -iE '\:|loginretries'
sudo cat /etc/security/user | grep -iE '\:|histsize'
sudo cat /etc/profile |grep -i 'tmout'
sudo cat /etc/security/user | grep -iE '\:|histexpire'
sudo cat /etc/security/user | grep -iE '\:|pwdwarntime'
sudo cat /etc/security/user | grep -iE '\:|maxrepeats'
Login Delay
sudo cat /etc/security/login.cfg | grep -i 'logindelay'
Log Login attempts:
sudo ls -l /var/adm/ /etc/security |grep -iE 'loginlog|sulog|failedlogin'
cat /etc/services
Subscribe to:
Posts (Atom)