diff options
| author | Christian Cleberg <hello@cleberg.net> | 2025-08-02 13:02:43 -0500 |
|---|---|---|
| committer | Christian Cleberg <hello@cleberg.net> | 2025-08-02 13:02:43 -0500 |
| commit | b598a79d270b3a91b0e6d5f3b9dca4aecca2dd4c (patch) | |
| tree | 5faf22af7a20ea6f7639fa3bdbde5210144959e6 | |
| parent | a24b16d1c04f396209d1e80168f5df12e79bc438 (diff) | |
| download | audit-tools-b598a79d270b3a91b0e6d5f3b9dca4aecca2dd4c.tar.gz audit-tools-b598a79d270b3a91b0e6d5f3b9dca4aecca2dd4c.tar.bz2 audit-tools-b598a79d270b3a91b0e6d5f3b9dca4aecca2dd4c.zip | |
fix: convert README.org to README.md
| -rw-r--r-- | README.md | 112 | ||||
| -rw-r--r-- | README.org | 102 | ||||
| -rw-r--r-- | applications/github/README.md (renamed from applications/github/README.org) | 65 | ||||
| -rw-r--r-- | applications/gitlab/README.md (renamed from applications/gitlab/README.org) | 79 | ||||
| -rw-r--r-- | databases/mongo/README.md (renamed from databases/mongo/README.org) | 206 | ||||
| -rw-r--r-- | databases/mysql/README.md | 173 | ||||
| -rw-r--r-- | databases/mysql/README.org | 183 | ||||
| -rw-r--r-- | databases/oracle/README.md (renamed from databases/oracle/README.org) | 20 | ||||
| -rw-r--r-- | databases/postgres/README.md | 67 | ||||
| -rw-r--r-- | databases/postgres/README.org | 75 | ||||
| -rw-r--r-- | databases/sql/README.md (renamed from databases/sql/README.org) | 20 | ||||
| -rw-r--r-- | os/linux/README.md | 56 | ||||
| -rw-r--r-- | os/linux/README.org | 64 | ||||
| -rw-r--r-- | sampling/README.md (renamed from sampling/README.org) | 27 |
14 files changed, 615 insertions, 634 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..f2be0d7 --- /dev/null +++ b/README.md @@ -0,0 +1,112 @@ +# 📊 Audit Tools by Christian Cleberg + +Welcome to **Audit Tools** — a collection of open-source Python scripts +and resources designed to help auditors, risk professionals, and data +analysts automate common audit tasks and analytics. + +Whether you're new to audit automation or an experienced tech-enabled +auditor, this toolkit offers practical, real-world examples you can use, +customize, and build upon. + +# 📦 What's Inside + +This repository contains Python scripts and templates for common audit +procedures and control testing activities, including: + +- ✅ **Pseudo-Random Sampling** +- ✅ **GITC Extractions and Analysis** +- ✅ **Project Management Tracking & Visualizations** +- ✅ **Cloud Platform Analysis (planned)** +- ✅ **Audit AI Prompts & Guides (planned)** + +The goal is to provide practical, easy-to-understand tools that auditors +and analysts can quickly deploy in their environments. + +# 🚀 Getting Started + +****Clone the Repository**** + +``` bash +git clone https://git.sr.ht/~cxc/audit-tools +cd audit-tools +``` + +****Install Dependencies**** + +*Required for Python scripts* + +``` bash +pip install -r requirements.txt +``` + +****Run a Sample Script**** + +Example: Run the **Linux OS Report** tool. + +``` bash +./os/linux/report/linux.sh +``` + +View the results in your terminal or within the file created by the +script. + +# 📖 Learn More + +If you're new to audit analytics or Python scripting, start here: + +- [Python for Auditors](https://realpython.com) +- [Audit Analytics 101](https://audit-analytics.com) +- [Intro to Pandas + Documentation](https://pandas.pydata.org/docs/getting_started/) + +Also, check out the `notebooks/` folder for interactive tutorials and +use cases. + +# 🤝 How to Contribute + +Want to add your own audit scripts or improve existing ones? +Contributions are welcome! + +****Ways to Help**** + +- Submit new Python scripts for audit use cases. +- Suggest enhancements or new features. +- Improve documentation or write beginner-friendly tutorials. +- Test existing tools on new datasets and report issues. + +****To Contribute**** + +1. Fork this repo + +2. Create a new branch: + + ``` bash + git checkout -b my-feature + ``` + +3. Commit your changes: + + ``` bash + git commit -m 'Added new audit test' + ``` + +4. Push to the branch: + + ``` bash + git push origin my-feature + ``` + +5. Open a Pull Request + +# 👤 About the Creator + +Made with ❤️ by [Christian Cleberg](https://cleberg.net/). + +I'm a technology assurance leader passionate about audit innovation, AI +in audit, and building practical tools for auditors and risk +professionals. + +# 📜 License + +This project is licensed under the **GNU General Public License v3.0** — +see the [LICENSE](LICENSE) file for details. diff --git a/README.org b/README.org deleted file mode 100644 index 6e33faf..0000000 --- a/README.org +++ /dev/null @@ -1,102 +0,0 @@ -#+TITLE: Audit Tools by Christian Cleberg -#+AUTHOR: Christian Cleberg -#+OPTIONS: toc:nil - -* 📊 Audit Tools by Christian Cleberg - -Welcome to *Audit Tools* — a collection of open-source Python scripts and -resources designed to help auditors, risk professionals, and data analysts -automate common audit tasks and analytics. - -Whether you're new to audit automation or an experienced tech-enabled auditor, -this toolkit offers practical, real-world examples you can use, customize, and -build upon. - -* 📦 What's Inside - -This repository contains Python scripts and templates for common audit -procedures and control testing activities, including: - -- ✅ *Pseudo-Random Sampling* -- ✅ *GITC Extractions and Analysis* -- ✅ *Project Management Tracking & Visualizations* -- ✅ *Cloud Platform Analysis (planned)* -- ✅ *Audit AI Prompts & Guides (planned)* - -The goal is to provide practical, easy-to-understand tools that auditors and -analysts can quickly deploy in their environments. - -* 🚀 Getting Started - -**Clone the Repository** - -#+begin_src bash -git clone https://git.sr.ht/~cxc/audit-tools -cd audit-tools -#+end_src - -**Install Dependencies** - -/Required for Python scripts/ - -#+begin_src bash -pip install -r requirements.txt -#+end_src - -**Run a Sample Script** - -Example: Run the *Linux OS Report* tool. - -#+begin_src bash -./os/linux/report/linux.sh -#+end_src - -View the results in your terminal or within the file created by the script. - -* 📖 Learn More - -If you're new to audit analytics or Python scripting, start here: -- [[https://realpython.com][Python for Auditors]] -- [[https://audit-analytics.com][Audit Analytics 101]] -- [[https://pandas.pydata.org/docs/getting_started/][Intro to Pandas Documentation]] - -Also, check out the =notebooks/= folder for interactive tutorials and use cases. - -* 🤝 How to Contribute - -Want to add your own audit scripts or improve existing ones? Contributions are -welcome! - -**Ways to Help** -- Submit new Python scripts for audit use cases. -- Suggest enhancements or new features. -- Improve documentation or write beginner-friendly tutorials. -- Test existing tools on new datasets and report issues. - -**To Contribute** -1. Fork this repo -2. Create a new branch: - #+begin_src bash - git checkout -b my-feature - #+end_src -3. Commit your changes: - #+begin_src bash - git commit -m 'Added new audit test' - #+end_src -4. Push to the branch: - #+begin_src bash - git push origin my-feature - #+end_src -5. Open a Pull Request - -* 👤 About the Creator - -Made with ❤️ by [[https://cleberg.net/][Christian Cleberg]]. - -I'm a technology assurance leader passionate about audit innovation, AI in -audit, and building practical tools for auditors and risk professionals. - -* 📜 License - -This project is licensed under the *GNU General Public License v3.0* — see the -[[file:LICENSE][LICENSE]] file for details. diff --git a/applications/github/README.org b/applications/github/README.md index d707277..3ea076b 100644 --- a/applications/github/README.org +++ b/applications/github/README.md @@ -1,23 +1,25 @@ -#+title: GitHub Scripts - -*NOTE*: I used the same [[https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens][PAT]] for all scripts within this folder. Note that you can likely reduce permissions for certain scripts - it's best practice to define a PAT for a specific purpose and avoid using a single PAT with broad permissions. +**NOTE**: I used the same +[PAT](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) +for all scripts within this folder. Note that you can likely reduce +permissions for certain scripts - it's best practice to define a PAT for +a specific purpose and avoid using a single PAT with broad permissions. - Personal Access Token: - - [x] Repository Permissions - - [x] Actions: read-only - - [x] Contents: read-only - - [x] Metadata: read-only - - [x] Workflows: read-only - - [x] Organization Permissions - - [x] Administration: read-only + - \[x\] Repository Permissions + - \[x\] Actions: read-only + - \[x\] Contents: read-only + - \[x\] Metadata: read-only + - \[x\] Workflows: read-only + - \[x\] Organization Permissions + - \[x\] Administration: read-only -* =github_admins.py= +# `github_admins.py` -#+begin_src sh +``` bash python ./github_admins.py -#+end_src +``` -#+begin_src text +``` text Members of the organization 'your_organization': Repositories in the organization 'your_organization': @@ -25,28 +27,27 @@ Repositories in the organization 'your_organization': Collaborators for the repository 'demo-repository': - user1: admin -#+end_src +``` -* =github_audit_log.py= +# `github_audit_log.py` -*NOTE*: Requires an active GitHub Enterprise subscription. +**NOTE**: Requires an active GitHub Enterprise subscription. -#+begin_src sh +``` bash python ./github_audit_log.py -#+end_src +``` -#+begin_src text +``` text TODO: Need to get an Enterprise subscription to test this script. -#+end_src - -* =github_branch_protections.py= +``` +# `github_branch_protections.py` -#+begin_src sh +``` bash python ./github_branch_protections.py -#+end_src +``` -#+begin_src text +``` text Total branches in the repository 'demo-repository': 1 Branch: main @@ -54,15 +55,15 @@ No protection settings Repository rulesets for 'demo-repository': [{'id': 2311373, 'name': 'default', 'target': 'branch', 'source_type': 'Repository', 'source': 'phryq/demo-repository', 'enforcement': 'active', 'node_id': 'RRS_lACqUmVwb3NpdG9yec40LV1PzgAjRM0', '_links': {'self': {'href': 'https://api.github.com/repos/phryq/demo-repository/rulesets/2311373'}, 'html': {'href': 'https://github.com/phryq/demo-repository/rules/2311373'}}, 'created_at': '2024-10-19T15:59:35.200-05:00', 'updated_at': '2024-10-19T15:59:35.200-05:00'}] -#+end_src +``` -* =github_commits.py= +# `github_commits.py` -#+begin_src sh +``` bash python ./github_commits.py -#+end_src +``` -#+begin_src text +``` text Total commits in the repository 'demo-repository' on branch 'main': 3 Commit SHA: 13c488a2cdda08e4043f8ef36ced5fdd429e9718 @@ -109,4 +110,4 @@ Files changed: Additions: 1, Deletions: 0, Changes: 1 - package.json (added) Additions: 9, Deletions: 0, Changes: 9 -#+end_src +``` diff --git a/applications/gitlab/README.org b/applications/gitlab/README.md index d137497..a564f13 100644 --- a/applications/gitlab/README.org +++ b/applications/gitlab/README.md @@ -1,14 +1,12 @@ -#+title: GitLab Scripts +# `approvals.py` -* =approvals.py= +\\This script requires an active Premium or Ultimate subscription.\*\\ -\*This script requires an active Premium or Ultimate subscription.*\ - -#+begin_src sh +``` bash python ./approvals.py -#+end_src +``` -#+begin_src text +``` text Rule: All Members Approvals Required: 1 Rule type: any_approver @@ -17,15 +15,15 @@ Rule: Default Rule type: regular Protected Branch: master Eligible Approver: Christian Cleberg -#+end_src +``` -* =branch_protections.py= +# `branch_protections.py` -#+begin_src sh +``` bash python ./branch_protections.py -#+end_src +``` -#+begin_src json +``` json [ { "id": 148448212, @@ -55,27 +53,28 @@ python ./branch_protections.py "inherited": false } ] -#+end_src +``` -* =passwords.py= +# `passwords.py` -*This script does not apply to GitLab.com. This is for self-hosted instances only.* +**This script does not apply to GitLab.com. This is for self-hosted +instances only.** -#+begin_src sh +``` bash python ./passwords.py -#+end_src +``` -#+begin_src text +``` text # TODO: Need access to a self-hosted version of GitLab to test this out. -#+end_src +``` -* =pipelines.py= +# `pipelines.py` -#+begin_src sh +``` bash python ./pipelines.py -#+end_src +``` -#+begin_src text +``` text Pipeline ID: 1754222228 Status: failed Ref: master @@ -100,28 +99,28 @@ Pipeline ID: 1754214637 Created At: 2025-04-06T03:21:39.902Z Duration: N/A seconds Configuration: N/A -#+end_src +``` -* =provisioning.py= +# `provisioning.py` -\*This script requires an active Premium or Ultimate subscription.*\ +\\This script requires an active Premium or Ultimate subscription.\*\\ -#+begin_src sh +``` bash python ./provisioning.py -#+end_src +``` -#+begin_src text +``` text Group: 105300140 2025-04-08T03:33:17.055Z : Action: member_created, Member: 128029250, Author: 24608590 -#+end_src +``` -* =repositories.py= +# `repositories.py` -#+begin_src shell +``` shell python ./repositories.py -#+end_src +``` -#+begin_src text +``` text # User ID Example Projects under ID: ccleberg: - audit-tools (ID: 68757698) @@ -131,15 +130,15 @@ Projects under ID: ccleberg: Projects under ID: phryq: - Yoshi Cli (ID: 68757750) - pages-demo (ID: 68757186) -#+end_src +``` -* =users.py= +# `users.py` -#+begin_src sh +``` bash python ./users.py -#+end_src +``` -#+begin_src text +``` text Access Level Roles: 0 : No access 5 : Minimal access @@ -158,4 +157,4 @@ Username: ccleberg, Access Level: 50 Project 68701468 Members: Username: ccleberg, Access Level: 50 Username: project_68701468_bot_2c7ee010a479c0e48cdb4c7c5cfae886, Access Level: 40 -#+end_src +``` diff --git a/databases/mongo/README.org b/databases/mongo/README.md index 689d37d..99e1c68 100644 --- a/databases/mongo/README.org +++ b/databases/mongo/README.md @@ -1,104 +1,102 @@ -#+title: MongoDB Scripts
-
-* =admins.py=
-
-Dependency:
-
-#+begin_src shell
-pip install pymongo
-#+end_src
-
-#+begin_src python
-python ./admins.py
-#+end_src
-
-Example output:
-
-#+begin_src json
-[
- {
- "_id": "admin.admin",
- "user": "admin",
- "db": "admin",
- "roles": [
- {
- "role": "userAdminAnyDatabase",
- "db": "admin"
- },
- {
- "role": "readWriteAnyDatabase",
- "db": "admin"
- },
- {
- "role": "dbAdminAnyDatabase",
- "db": "admin"
- },
- {
- "role": "clusterAdmin",
- "db": "admin"
- }
- ],
- "credentials": {
- "SCRAM-SHA-1": {
- "iterationCount": 10000,
- "salt": "abc123",
- "storedKey": "storedKeyHash",
- "serverKey": "serverKeyHash"
- },
- "SCRAM-SHA-256": {
- "iterationCount": 15000,
- "salt": "def456",
- "storedKey": "storedKeyHash256",
- "serverKey": "serverKeyHash256"
- }
- }
- },
- {
- "_id": "test.user1",
- "user": "user1",
- "db": "test",
- "roles": [
- {
- "role": "readWrite",
- "db": "test"
- }
- ],
- "credentials": {
- "SCRAM-SHA-1": {
- "iterationCount": 10000,
- "salt": "ghi789",
- "storedKey": "storedKeyHashUser1",
- "serverKey": "serverKeyHashUser1"
- }
- }
- },
- {
- "_id": "test.ldapUser",
- "user": "ldapUser",
- "db": "test",
- "roles": [
- {
- "role": "read",
- "db": "test"
- }
- ],
- "userSource": "ldap"
- },
- {
- "_id": "admin.x509User",
- "user": "x509User",
- "db": "$external",
- "roles": [
- {
- "role": "readWrite",
- "db": "admin"
- }
- ],
- "credentials": {
- "MONGODB-X509": {
- "subject": "CN=x509User,OU=OrgUnit,O=Org,L=City,ST=State,C=Country"
- }
- }
- }
-]
-#+end_src
+# `admins.py` + +Dependency: + +``` shell +pip install pymongo +``` + +``` python +python ./admins.py +``` + +Example output: + +``` json +[ + { + "_id": "admin.admin", + "user": "admin", + "db": "admin", + "roles": [ + { + "role": "userAdminAnyDatabase", + "db": "admin" + }, + { + "role": "readWriteAnyDatabase", + "db": "admin" + }, + { + "role": "dbAdminAnyDatabase", + "db": "admin" + }, + { + "role": "clusterAdmin", + "db": "admin" + } + ], + "credentials": { + "SCRAM-SHA-1": { + "iterationCount": 10000, + "salt": "abc123", + "storedKey": "storedKeyHash", + "serverKey": "serverKeyHash" + }, + "SCRAM-SHA-256": { + "iterationCount": 15000, + "salt": "def456", + "storedKey": "storedKeyHash256", + "serverKey": "serverKeyHash256" + } + } + }, + { + "_id": "test.user1", + "user": "user1", + "db": "test", + "roles": [ + { + "role": "readWrite", + "db": "test" + } + ], + "credentials": { + "SCRAM-SHA-1": { + "iterationCount": 10000, + "salt": "ghi789", + "storedKey": "storedKeyHashUser1", + "serverKey": "serverKeyHashUser1" + } + } + }, + { + "_id": "test.ldapUser", + "user": "ldapUser", + "db": "test", + "roles": [ + { + "role": "read", + "db": "test" + } + ], + "userSource": "ldap" + }, + { + "_id": "admin.x509User", + "user": "x509User", + "db": "$external", + "roles": [ + { + "role": "readWrite", + "db": "admin" + } + ], + "credentials": { + "MONGODB-X509": { + "subject": "CN=x509User,OU=OrgUnit,O=Org,L=City,ST=State,C=Country" + } + } + } +] +``` diff --git a/databases/mysql/README.md b/databases/mysql/README.md new file mode 100644 index 0000000..cc05311 --- /dev/null +++ b/databases/mysql/README.md @@ -0,0 +1,173 @@ +# `mysql_admins.sql` + +``` sql +SELECT * FROM information_schema.user_privileges; +``` + + MySQL [(none)]> SELECT * FROM information_schema.user_privileges; + +--------------------------------+---------------+---------------------------------+--------------+ + | GRANTEE | TABLE_CATALOG | PRIVILEGE_TYPE | IS_GRANTABLE | + +--------------------------------+---------------+---------------------------------+--------------+ + | 'mysql.infoschema'@'localhost' | def | SELECT | NO | + | 'mysql.infoschema'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO | + | 'mysql.infoschema'@'localhost' | def | FIREWALL_EXEMPT | NO | + | 'mysql.infoschema'@'localhost' | def | SYSTEM_USER | NO | + | 'mysql.session'@'localhost' | def | SHUTDOWN | NO | + | 'mysql.session'@'localhost' | def | SUPER | NO | + | 'mysql.session'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO | + | 'mysql.session'@'localhost' | def | AUTHENTICATION_POLICY_ADMIN | NO | + | 'mysql.session'@'localhost' | def | BACKUP_ADMIN | NO | + | 'mysql.session'@'localhost' | def | CLONE_ADMIN | NO | + | 'mysql.session'@'localhost' | def | CONNECTION_ADMIN | NO | + | 'mysql.session'@'localhost' | def | FIREWALL_EXEMPT | NO | + | 'mysql.session'@'localhost' | def | PERSIST_RO_VARIABLES_ADMIN | NO | + | 'mysql.session'@'localhost' | def | SESSION_VARIABLES_ADMIN | NO | + | 'mysql.session'@'localhost' | def | SYSTEM_USER | NO | + | 'mysql.session'@'localhost' | def | SYSTEM_VARIABLES_ADMIN | NO | + | 'mysql.sys'@'localhost' | def | USAGE | NO | + | 'mysql.sys'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO | + | 'mysql.sys'@'localhost' | def | FIREWALL_EXEMPT | NO | + | 'mysql.sys'@'localhost' | def | SYSTEM_USER | NO | + | 'root'@'localhost' | def | SELECT | YES | + | 'root'@'localhost' | def | INSERT | YES | + | 'root'@'localhost' | def | UPDATE | YES | + | 'root'@'localhost' | def | DELETE | YES | + | 'root'@'localhost' | def | CREATE | YES | + | 'root'@'localhost' | def | DROP | YES | + | 'root'@'localhost' | def | RELOAD | YES | + | 'root'@'localhost' | def | SHUTDOWN | YES | + | 'root'@'localhost' | def | PROCESS | YES | + | 'root'@'localhost' | def | FILE | YES | + | 'root'@'localhost' | def | REFERENCES | YES | + | 'root'@'localhost' | def | INDEX | YES | + | 'root'@'localhost' | def | ALTER | YES | + | 'root'@'localhost' | def | SHOW DATABASES | YES | + | 'root'@'localhost' | def | SUPER | YES | + | 'root'@'localhost' | def | CREATE TEMPORARY TABLES | YES | + | 'root'@'localhost' | def | LOCK TABLES | YES | + | 'root'@'localhost' | def | EXECUTE | YES | + | 'root'@'localhost' | def | REPLICATION SLAVE | YES | + | 'root'@'localhost' | def | REPLICATION CLIENT | YES | + | 'root'@'localhost' | def | CREATE VIEW | YES | + | 'root'@'localhost' | def | SHOW VIEW | YES | + | 'root'@'localhost' | def | CREATE ROUTINE | YES | + | 'root'@'localhost' | def | ALTER ROUTINE | YES | + | 'root'@'localhost' | def | CREATE USER | YES | + | 'root'@'localhost' | def | EVENT | YES | + | 'root'@'localhost' | def | TRIGGER | YES | + | 'root'@'localhost' | def | CREATE TABLESPACE | YES | + | 'root'@'localhost' | def | CREATE ROLE | YES | + | 'root'@'localhost' | def | DROP ROLE | YES | + | 'root'@'localhost' | def | ALLOW_NONEXISTENT_DEFINER | YES | + | 'root'@'localhost' | def | APPLICATION_PASSWORD_ADMIN | YES | + | 'root'@'localhost' | def | AUDIT_ABORT_EXEMPT | YES | + | 'root'@'localhost' | def | AUDIT_ADMIN | YES | + | 'root'@'localhost' | def | AUTHENTICATION_POLICY_ADMIN | YES | + | 'root'@'localhost' | def | BACKUP_ADMIN | YES | + | 'root'@'localhost' | def | BINLOG_ADMIN | YES | + | 'root'@'localhost' | def | BINLOG_ENCRYPTION_ADMIN | YES | + | 'root'@'localhost' | def | CLONE_ADMIN | YES | + | 'root'@'localhost' | def | CONNECTION_ADMIN | YES | + | 'root'@'localhost' | def | CREATE_SPATIAL_REFERENCE_SYSTEM | YES | + | 'root'@'localhost' | def | ENCRYPTION_KEY_ADMIN | YES | + | 'root'@'localhost' | def | FIREWALL_EXEMPT | YES | + | 'root'@'localhost' | def | FLUSH_OPTIMIZER_COSTS | YES | + | 'root'@'localhost' | def | FLUSH_PRIVILEGES | YES | + | 'root'@'localhost' | def | FLUSH_STATUS | YES | + | 'root'@'localhost' | def | FLUSH_TABLES | YES | + | 'root'@'localhost' | def | FLUSH_USER_RESOURCES | YES | + | 'root'@'localhost' | def | GROUP_REPLICATION_ADMIN | YES | + | 'root'@'localhost' | def | GROUP_REPLICATION_STREAM | YES | + | 'root'@'localhost' | def | INNODB_REDO_LOG_ARCHIVE | YES | + | 'root'@'localhost' | def | INNODB_REDO_LOG_ENABLE | YES | + | 'root'@'localhost' | def | OPTIMIZE_LOCAL_TABLE | YES | + | 'root'@'localhost' | def | PASSWORDLESS_USER_ADMIN | YES | + | 'root'@'localhost' | def | PERSIST_RO_VARIABLES_ADMIN | YES | + | 'root'@'localhost' | def | REPLICATION_APPLIER | YES | + | 'root'@'localhost' | def | REPLICATION_SLAVE_ADMIN | YES | + | 'root'@'localhost' | def | RESOURCE_GROUP_ADMIN | YES | + | 'root'@'localhost' | def | RESOURCE_GROUP_USER | YES | + | 'root'@'localhost' | def | ROLE_ADMIN | YES | + | 'root'@'localhost' | def | SENSITIVE_VARIABLES_OBSERVER | YES | + | 'root'@'localhost' | def | SERVICE_CONNECTION_ADMIN | YES | + | 'root'@'localhost' | def | SESSION_VARIABLES_ADMIN | YES | + | 'root'@'localhost' | def | SET_ANY_DEFINER | YES | + | 'root'@'localhost' | def | SHOW_ROUTINE | YES | + | 'root'@'localhost' | def | SYSTEM_USER | YES | + | 'root'@'localhost' | def | SYSTEM_VARIABLES_ADMIN | YES | + | 'root'@'localhost' | def | TABLE_ENCRYPTION_ADMIN | YES | + | 'root'@'localhost' | def | TELEMETRY_LOG_ADMIN | YES | + | 'root'@'localhost' | def | TRANSACTION_GTID_TAG | YES | + | 'root'@'localhost' | def | XA_RECOVER_ADMIN | YES | + | 'cmc'@'%' | def | USAGE | NO | + +--------------------------------+---------------+---------------------------------+--------------+ + 92 rows in set (0.001 sec) + +# `passwords.sql` + +``` sql +SELECT user, host, plugin FROM mysql.user; +``` + + mysql> SELECT user, host, plugin FROM mysql.user; + +------------------+-----------+-----------------------+ + | user | host | plugin | + +------------------+-----------+-----------------------+ + | cmc | % | caching_sha2_password | + | mysql.infoschema | localhost | caching_sha2_password | + | mysql.session | localhost | caching_sha2_password | + | mysql.sys | localhost | caching_sha2_password | + | root | localhost | caching_sha2_password | + +------------------+-----------+-----------------------+ + 5 rows in set (0.001 sec) + +``` sql +SHOW GLOBAL VARIABLES LIKE 'validate_password%'; +SHOW VARIABLES LIKE 'validate_password%'; +``` + + mysql> SHOW GLOBAL VARIABLES LIKE 'validate_password%'; + +-------------------------------------------------+--------+ + | Variable_name | Value | + +-------------------------------------------------+--------+ + | validate_password.changed_characters_percentage | 0 | + | validate_password.check_user_name | ON | + | validate_password.dictionary_file | | + | validate_password.length | 8 | + | validate_password.mixed_case_count | 1 | + | validate_password.number_count | 1 | + | validate_password.policy | MEDIUM | + | validate_password.special_char_count | 1 | + +-------------------------------------------------+--------+ + 8 rows in set (0.004 sec) + + mysql> SHOW VARIABLES LIKE 'validate_password%'; + +-------------------------------------------------+--------+ + | Variable_name | Value | + +-------------------------------------------------+--------+ + | validate_password.changed_characters_percentage | 0 | + | validate_password.check_user_name | ON | + | validate_password.dictionary_file | | + | validate_password.length | 8 | + | validate_password.mixed_case_count | 1 | + | validate_password.number_count | 1 | + | validate_password.policy | MEDIUM | + | validate_password.special_char_count | 1 | + +-------------------------------------------------+--------+ + 8 rows in set (0.004 sec) + +``` sql +SELECT * FROM mysql.user +``` + + MySQL [(none)]> SELECT * FROM mysql.user; + +-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ + | Host | User | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | password_expired | password_last_changed | password_lifetime | account_locked | Create_role_priv | Drop_role_priv | Password_reuse_history | Password_reuse_time | Password_require_current | User_attributes | + +-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ + | % | cmc | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | | N | 2025-04-25 16:28:52 | NULL | N | N | N | NULL | NULL | NULL | NULL | + | localhost | mysql.infoschema | Y | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | + | localhost | mysql.session | N | N | N | N | N | N | N | Y | N | N | N | N | N | N | N | Y | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | + | localhost | mysql.sys | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | + | localhost | root | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | | N | 2025-04-25 15:51:53 | NULL | N | Y | Y | NULL | NULL | NULL | NULL | + +-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ + 5 rows in set (0.005 sec) diff --git a/databases/mysql/README.org b/databases/mysql/README.org deleted file mode 100644 index ce7c438..0000000 --- a/databases/mysql/README.org +++ /dev/null @@ -1,183 +0,0 @@ -#+title: MySQL - -* =mysql_admins.sql= - -#+begin_src sql -SELECT * FROM information_schema.user_privileges; -#+end_src - -#+begin_src -MySQL [(none)]> SELECT * FROM information_schema.user_privileges; -+--------------------------------+---------------+---------------------------------+--------------+ -| GRANTEE | TABLE_CATALOG | PRIVILEGE_TYPE | IS_GRANTABLE | -+--------------------------------+---------------+---------------------------------+--------------+ -| 'mysql.infoschema'@'localhost' | def | SELECT | NO | -| 'mysql.infoschema'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO | -| 'mysql.infoschema'@'localhost' | def | FIREWALL_EXEMPT | NO | -| 'mysql.infoschema'@'localhost' | def | SYSTEM_USER | NO | -| 'mysql.session'@'localhost' | def | SHUTDOWN | NO | -| 'mysql.session'@'localhost' | def | SUPER | NO | -| 'mysql.session'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO | -| 'mysql.session'@'localhost' | def | AUTHENTICATION_POLICY_ADMIN | NO | -| 'mysql.session'@'localhost' | def | BACKUP_ADMIN | NO | -| 'mysql.session'@'localhost' | def | CLONE_ADMIN | NO | -| 'mysql.session'@'localhost' | def | CONNECTION_ADMIN | NO | -| 'mysql.session'@'localhost' | def | FIREWALL_EXEMPT | NO | -| 'mysql.session'@'localhost' | def | PERSIST_RO_VARIABLES_ADMIN | NO | -| 'mysql.session'@'localhost' | def | SESSION_VARIABLES_ADMIN | NO | -| 'mysql.session'@'localhost' | def | SYSTEM_USER | NO | -| 'mysql.session'@'localhost' | def | SYSTEM_VARIABLES_ADMIN | NO | -| 'mysql.sys'@'localhost' | def | USAGE | NO | -| 'mysql.sys'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO | -| 'mysql.sys'@'localhost' | def | FIREWALL_EXEMPT | NO | -| 'mysql.sys'@'localhost' | def | SYSTEM_USER | NO | -| 'root'@'localhost' | def | SELECT | YES | -| 'root'@'localhost' | def | INSERT | YES | -| 'root'@'localhost' | def | UPDATE | YES | -| 'root'@'localhost' | def | DELETE | YES | -| 'root'@'localhost' | def | CREATE | YES | -| 'root'@'localhost' | def | DROP | YES | -| 'root'@'localhost' | def | RELOAD | YES | -| 'root'@'localhost' | def | SHUTDOWN | YES | -| 'root'@'localhost' | def | PROCESS | YES | -| 'root'@'localhost' | def | FILE | YES | -| 'root'@'localhost' | def | REFERENCES | YES | -| 'root'@'localhost' | def | INDEX | YES | -| 'root'@'localhost' | def | ALTER | YES | -| 'root'@'localhost' | def | SHOW DATABASES | YES | -| 'root'@'localhost' | def | SUPER | YES | -| 'root'@'localhost' | def | CREATE TEMPORARY TABLES | YES | -| 'root'@'localhost' | def | LOCK TABLES | YES | -| 'root'@'localhost' | def | EXECUTE | YES | -| 'root'@'localhost' | def | REPLICATION SLAVE | YES | -| 'root'@'localhost' | def | REPLICATION CLIENT | YES | -| 'root'@'localhost' | def | CREATE VIEW | YES | -| 'root'@'localhost' | def | SHOW VIEW | YES | -| 'root'@'localhost' | def | CREATE ROUTINE | YES | -| 'root'@'localhost' | def | ALTER ROUTINE | YES | -| 'root'@'localhost' | def | CREATE USER | YES | -| 'root'@'localhost' | def | EVENT | YES | -| 'root'@'localhost' | def | TRIGGER | YES | -| 'root'@'localhost' | def | CREATE TABLESPACE | YES | -| 'root'@'localhost' | def | CREATE ROLE | YES | -| 'root'@'localhost' | def | DROP ROLE | YES | -| 'root'@'localhost' | def | ALLOW_NONEXISTENT_DEFINER | YES | -| 'root'@'localhost' | def | APPLICATION_PASSWORD_ADMIN | YES | -| 'root'@'localhost' | def | AUDIT_ABORT_EXEMPT | YES | -| 'root'@'localhost' | def | AUDIT_ADMIN | YES | -| 'root'@'localhost' | def | AUTHENTICATION_POLICY_ADMIN | YES | -| 'root'@'localhost' | def | BACKUP_ADMIN | YES | -| 'root'@'localhost' | def | BINLOG_ADMIN | YES | -| 'root'@'localhost' | def | BINLOG_ENCRYPTION_ADMIN | YES | -| 'root'@'localhost' | def | CLONE_ADMIN | YES | -| 'root'@'localhost' | def | CONNECTION_ADMIN | YES | -| 'root'@'localhost' | def | CREATE_SPATIAL_REFERENCE_SYSTEM | YES | -| 'root'@'localhost' | def | ENCRYPTION_KEY_ADMIN | YES | -| 'root'@'localhost' | def | FIREWALL_EXEMPT | YES | -| 'root'@'localhost' | def | FLUSH_OPTIMIZER_COSTS | YES | -| 'root'@'localhost' | def | FLUSH_PRIVILEGES | YES | -| 'root'@'localhost' | def | FLUSH_STATUS | YES | -| 'root'@'localhost' | def | FLUSH_TABLES | YES | -| 'root'@'localhost' | def | FLUSH_USER_RESOURCES | YES | -| 'root'@'localhost' | def | GROUP_REPLICATION_ADMIN | YES | -| 'root'@'localhost' | def | GROUP_REPLICATION_STREAM | YES | -| 'root'@'localhost' | def | INNODB_REDO_LOG_ARCHIVE | YES | -| 'root'@'localhost' | def | INNODB_REDO_LOG_ENABLE | YES | -| 'root'@'localhost' | def | OPTIMIZE_LOCAL_TABLE | YES | -| 'root'@'localhost' | def | PASSWORDLESS_USER_ADMIN | YES | -| 'root'@'localhost' | def | PERSIST_RO_VARIABLES_ADMIN | YES | -| 'root'@'localhost' | def | REPLICATION_APPLIER | YES | -| 'root'@'localhost' | def | REPLICATION_SLAVE_ADMIN | YES | -| 'root'@'localhost' | def | RESOURCE_GROUP_ADMIN | YES | -| 'root'@'localhost' | def | RESOURCE_GROUP_USER | YES | -| 'root'@'localhost' | def | ROLE_ADMIN | YES | -| 'root'@'localhost' | def | SENSITIVE_VARIABLES_OBSERVER | YES | -| 'root'@'localhost' | def | SERVICE_CONNECTION_ADMIN | YES | -| 'root'@'localhost' | def | SESSION_VARIABLES_ADMIN | YES | -| 'root'@'localhost' | def | SET_ANY_DEFINER | YES | -| 'root'@'localhost' | def | SHOW_ROUTINE | YES | -| 'root'@'localhost' | def | SYSTEM_USER | YES | -| 'root'@'localhost' | def | SYSTEM_VARIABLES_ADMIN | YES | -| 'root'@'localhost' | def | TABLE_ENCRYPTION_ADMIN | YES | -| 'root'@'localhost' | def | TELEMETRY_LOG_ADMIN | YES | -| 'root'@'localhost' | def | TRANSACTION_GTID_TAG | YES | -| 'root'@'localhost' | def | XA_RECOVER_ADMIN | YES | -| 'cmc'@'%' | def | USAGE | NO | -+--------------------------------+---------------+---------------------------------+--------------+ -92 rows in set (0.001 sec) -#+end_src - -* =passwords.sql= - -#+begin_src sql -SELECT user, host, plugin FROM mysql.user; -#+end_src - -#+begin_src -mysql> SELECT user, host, plugin FROM mysql.user; -+------------------+-----------+-----------------------+ -| user | host | plugin | -+------------------+-----------+-----------------------+ -| cmc | % | caching_sha2_password | -| mysql.infoschema | localhost | caching_sha2_password | -| mysql.session | localhost | caching_sha2_password | -| mysql.sys | localhost | caching_sha2_password | -| root | localhost | caching_sha2_password | -+------------------+-----------+-----------------------+ -5 rows in set (0.001 sec) -#+end_src - -#+begin_src sql -SHOW GLOBAL VARIABLES LIKE 'validate_password%'; -SHOW VARIABLES LIKE 'validate_password%'; -#+end_src - -#+begin_src -mysql> SHOW GLOBAL VARIABLES LIKE 'validate_password%'; -+-------------------------------------------------+--------+ -| Variable_name | Value | -+-------------------------------------------------+--------+ -| validate_password.changed_characters_percentage | 0 | -| validate_password.check_user_name | ON | -| validate_password.dictionary_file | | -| validate_password.length | 8 | -| validate_password.mixed_case_count | 1 | -| validate_password.number_count | 1 | -| validate_password.policy | MEDIUM | -| validate_password.special_char_count | 1 | -+-------------------------------------------------+--------+ -8 rows in set (0.004 sec) - -mysql> SHOW VARIABLES LIKE 'validate_password%'; -+-------------------------------------------------+--------+ -| Variable_name | Value | -+-------------------------------------------------+--------+ -| validate_password.changed_characters_percentage | 0 | -| validate_password.check_user_name | ON | -| validate_password.dictionary_file | | -| validate_password.length | 8 | -| validate_password.mixed_case_count | 1 | -| validate_password.number_count | 1 | -| validate_password.policy | MEDIUM | -| validate_password.special_char_count | 1 | -+-------------------------------------------------+--------+ -8 rows in set (0.004 sec) -#+end_src - -#+begin_src sql -SELECT * FROM mysql.user -#+end_src - -#+begin_src -MySQL [(none)]> SELECT * FROM mysql.user; -+-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ -| Host | User | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | password_expired | password_last_changed | password_lifetime | account_locked | Create_role_priv | Drop_role_priv | Password_reuse_history | Password_reuse_time | Password_require_current | User_attributes | -+-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ -| % | cmc | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | | N | 2025-04-25 16:28:52 | NULL | N | N | N | NULL | NULL | NULL | NULL | -| localhost | mysql.infoschema | Y | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | -| localhost | mysql.session | N | N | N | N | N | N | N | Y | N | N | N | N | N | N | N | Y | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | -| localhost | mysql.sys | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | -| localhost | root | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | | N | 2025-04-25 15:51:53 | NULL | N | Y | Y | NULL | NULL | NULL | NULL | -+-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ -5 rows in set (0.005 sec) -#+end_src diff --git a/databases/oracle/README.org b/databases/oracle/README.md index f2bc680..3afa2e7 100644 --- a/databases/oracle/README.org +++ b/databases/oracle/README.md @@ -1,6 +1,6 @@ -* =oracle_admins.sql= +# `oracle_admins.sql` -#+begin_src sql +``` sql SELECT grantee AS "User", privilege AS "Privilege" @@ -16,9 +16,9 @@ FROM dba_tab_privs WHERE grantee IN (SELECT DISTINCT grantee FROM dba_tab_privs); -#+end_src +``` -#+begin_src text +``` text | User | Privilege | |----------+---------------------| | SCOTT | CREATE SESSION | @@ -39,18 +39,18 @@ WHERE | APP_USER | SELECT ON EMPLOYEES | | APP_USER | INSERT ON EMPLOYEES | | APP_USER | UPDATE ON EMPLOYEES | -#+end_src +``` -* =oracle_admins_alt.sql= +# `oracle_admins_alt.sql` -#+begin_src sql +``` sql SELECT ** FROM sys.dba_role_privs; SELECT ** FROM sys.dba_sys_privs; SELECT ** FROM sys.dba_tab_privs; SELECT ** FROM sys.dba_users; -#+end_src +``` -#+begin_src text +``` text | Grantee | Granted_Role | Admin_Option | |----------+--------------+--------------| | SCOTT | DBA | NO | @@ -78,4 +78,4 @@ SELECT ** FROM sys.dba_users; | SYS | OPEN | SYSTEM | TEMP | | SYSTEM | OPEN | SYSTEM | TEMP | | APP_USER | OPEN | USERS | TEMP | -#+end_src +``` diff --git a/databases/postgres/README.md b/databases/postgres/README.md new file mode 100644 index 0000000..0e4f0fc --- /dev/null +++ b/databases/postgres/README.md @@ -0,0 +1,67 @@ +# `passwords.sql` + +``` sql +SELECT * +FROM pg_settings +WHERE name LIKE 'password_%'; +``` + + | name | setting | unit | category | short_desc | extra_desc | context | vartype | source | min_val | max_val | enumvals | boot_val | reset_val | sourcefile | sourceline | pending_restart | + |---------------------+---------------+------+-------------------------------------------------+-------------------------------------------------+------------+---------+---------+---------+---------+---------+---------------------+---------------+---------------+------------+------------+-----------------| + | password_encryption | scram-sha-256 | | Connections and Authentication / Authentication | Chooses the algorithm for encrypting passwords. | | user | enum | default | | | {md5,scram-sha-256} | scram-sha-256 | scram-sha-256 | | | false | + +``` sql +SELECT + usename AS user_name, + passwd AS password, + valuntil AS valid_until, + useconfig AS user_config +FROM pg_shadow; +``` + + | user_name | password | valid_until | user_config | + |-----------+---------------------------------------------------------------------------------------------------------------------------------------+------------------------+-------------| + | cmc | | | | + | testuser | SCRAM-SHA-256$4096:+NSpEU+8afhJ4BUTkzdKeg==$FGIRcTWr89b42qkLUl4Ntfp4RUpoc3GIpLHqJl/fWZE=:o1UM8YiEj5SLV5l/geMuqXMRi6onWazryn/l+LXYMxU= | 2025-12-31 00:00:00-06 | | + +# `admins.sql` + +``` sql +SELECT + r.rolname AS role_name, + r.rolsuper AS is_superuser, + r.rolinherit AS inherits_privileges, + r.rolcreaterole AS can_create_roles, + r.rolcreatedb AS can_create_db, + r.rolcanlogin AS can_login, + r.rolreplication AS can_replication, + r.rolconnlimit AS connection_limit, + r.rolvaliduntil AS valid_until, + ARRAY( + SELECT b.rolname + FROM pg_auth_members m + JOIN pg_roles b ON (m.roleid = b.oid) + WHERE m.member = r.oid + ) AS member_of +FROM pg_roles r; +``` + + | role_name | is_superuser | inherits_privileges | can_create_roles | can_create_db | can_login | can_replication | connection_limit | valid_until | member_of | + |-----------------------------+--------------+---------------------+------------------+---------------+-----------+-----------------+------------------+------------------------+--------------------------------------------------------------| + | cmc | true | true | true | true | true | true | -1 | | {} | + | pg_database_owner | false | true | false | false | false | false | -1 | | {} | + | pg_read_all_data | false | true | false | false | false | false | -1 | | {} | + | pg_write_all_data | false | true | false | false | false | false | -1 | | {} | + | pg_monitor | false | true | false | false | false | false | -1 | | {pg_read_all_settings,pg_read_all_stats,pg_stat_scan_tables} | + | pg_read_all_settings | false | true | false | false | false | false | -1 | | {} | + | pg_read_all_stats | false | true | false | false | false | false | -1 | | {} | + | pg_stat_scan_tables | false | true | false | false | false | false | -1 | | {} | + | pg_read_server_files | false | true | false | false | false | false | -1 | | {} | + | pg_write_server_files | false | true | false | false | false | false | -1 | | {} | + | pg_execute_server_program | false | true | false | false | false | false | -1 | | {} | + | pg_signal_backend | false | true | false | false | false | false | -1 | | {} | + | pg_checkpoint | false | true | false | false | false | false | -1 | | {} | + | pg_maintain | false | true | false | false | false | false | -1 | | {} | + | pg_use_reserved_connections | false | true | false | false | false | false | -1 | | {} | + | pg_create_subscription | false | true | false | false | false | false | -1 | | {} | + | testuser | false | true | false | false | true | false | -1 | 2025-12-31 00:00:00-06 | {} | diff --git a/databases/postgres/README.org b/databases/postgres/README.org deleted file mode 100644 index e7cd062..0000000 --- a/databases/postgres/README.org +++ /dev/null @@ -1,75 +0,0 @@ -#+title: Postgres - -* =passwords.sql= - -#+begin_src sql -SELECT * -FROM pg_settings -WHERE name LIKE 'password_%'; -#+end_src - -#+begin_src -| name | setting | unit | category | short_desc | extra_desc | context | vartype | source | min_val | max_val | enumvals | boot_val | reset_val | sourcefile | sourceline | pending_restart | -|---------------------+---------------+------+-------------------------------------------------+-------------------------------------------------+------------+---------+---------+---------+---------+---------+---------------------+---------------+---------------+------------+------------+-----------------| -| password_encryption | scram-sha-256 | | Connections and Authentication / Authentication | Chooses the algorithm for encrypting passwords. | | user | enum | default | | | {md5,scram-sha-256} | scram-sha-256 | scram-sha-256 | | | false | -#+end_src - -#+begin_src sql -SELECT - usename AS user_name, - passwd AS password, - valuntil AS valid_until, - useconfig AS user_config -FROM pg_shadow; -#+end_src - -#+begin_src -| user_name | password | valid_until | user_config | -|-----------+---------------------------------------------------------------------------------------------------------------------------------------+------------------------+-------------| -| cmc | | | | -| testuser | SCRAM-SHA-256$4096:+NSpEU+8afhJ4BUTkzdKeg==$FGIRcTWr89b42qkLUl4Ntfp4RUpoc3GIpLHqJl/fWZE=:o1UM8YiEj5SLV5l/geMuqXMRi6onWazryn/l+LXYMxU= | 2025-12-31 00:00:00-06 | | -#+end_src - -* =admins.sql= - -#+begin_src sql -SELECT - r.rolname AS role_name, - r.rolsuper AS is_superuser, - r.rolinherit AS inherits_privileges, - r.rolcreaterole AS can_create_roles, - r.rolcreatedb AS can_create_db, - r.rolcanlogin AS can_login, - r.rolreplication AS can_replication, - r.rolconnlimit AS connection_limit, - r.rolvaliduntil AS valid_until, - ARRAY( - SELECT b.rolname - FROM pg_auth_members m - JOIN pg_roles b ON (m.roleid = b.oid) - WHERE m.member = r.oid - ) AS member_of -FROM pg_roles r; -#+end_src - -#+begin_src -| role_name | is_superuser | inherits_privileges | can_create_roles | can_create_db | can_login | can_replication | connection_limit | valid_until | member_of | -|-----------------------------+--------------+---------------------+------------------+---------------+-----------+-----------------+------------------+------------------------+--------------------------------------------------------------| -| cmc | true | true | true | true | true | true | -1 | | {} | -| pg_database_owner | false | true | false | false | false | false | -1 | | {} | -| pg_read_all_data | false | true | false | false | false | false | -1 | | {} | -| pg_write_all_data | false | true | false | false | false | false | -1 | | {} | -| pg_monitor | false | true | false | false | false | false | -1 | | {pg_read_all_settings,pg_read_all_stats,pg_stat_scan_tables} | -| pg_read_all_settings | false | true | false | false | false | false | -1 | | {} | -| pg_read_all_stats | false | true | false | false | false | false | -1 | | {} | -| pg_stat_scan_tables | false | true | false | false | false | false | -1 | | {} | -| pg_read_server_files | false | true | false | false | false | false | -1 | | {} | -| pg_write_server_files | false | true | false | false | false | false | -1 | | {} | -| pg_execute_server_program | false | true | false | false | false | false | -1 | | {} | -| pg_signal_backend | false | true | false | false | false | false | -1 | | {} | -| pg_checkpoint | false | true | false | false | false | false | -1 | | {} | -| pg_maintain | false | true | false | false | false | false | -1 | | {} | -| pg_use_reserved_connections | false | true | false | false | false | false | -1 | | {} | -| pg_create_subscription | false | true | false | false | false | false | -1 | | {} | -| testuser | false | true | false | false | true | false | -1 | 2025-12-31 00:00:00-06 | {} | -#+end_src diff --git a/databases/sql/README.org b/databases/sql/README.md index 82b8911..3abfa39 100644 --- a/databases/sql/README.org +++ b/databases/sql/README.md @@ -1,10 +1,10 @@ -* =admins.sql= +# `admins.sql` -#+begin_src sql +``` sql :r admins.sql -#+end_src +``` -#+begin_src text +``` text | UserName | UserType | DatabaseUserName | Role | PermissionType | PermissionState | ObjectType | ObjectName | ColumnName | |-------------+--------------+------------------+-----------------+----------------+-----------------+----------------------+--------------------+------------| | SCOTT | SQL User | SCOTT | NULL | SELECT | GRANT | USER_TABLE | EMPLOYEES | NULL | @@ -14,15 +14,15 @@ | APP_USER | Windows User | APP_USER | ApplicationRole | INSERT | GRANT | USER_TABLE | EMPLOYEES | NULL | | {All Users} | {All Users} | {All Users} | public | SELECT | GRANT | USER_TABLE | EMPLOYEES | NULL | | {All Users} | {All Users} | {All Users} | public | EXECUTE | GRANT | SQL_STORED_PROCEDURE | SP_GET_EMPLOYEE | NULL | -#+end_src +``` -* =passwords.py= +# `passwords.py` -#+begin_src shell +``` shell python passwords.py -#+end_src +``` -#+begin_src text +``` text | Name | Type | Check Policy | Check Expiration | Reason | |-------+-----------+--------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------| | user1 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | @@ -33,4 +33,4 @@ python passwords.py | user6 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | | user7 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | | user8 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | -#+end_src +``` diff --git a/os/linux/README.md b/os/linux/README.md new file mode 100644 index 0000000..c7578eb --- /dev/null +++ b/os/linux/README.md @@ -0,0 +1,56 @@ +# `report/linux.sh` + +``` shell +./report/linux.sh +``` + + _ ___ _ _ _ ___ __ ___ ____ ____ _____ ____ ___ ____ _____ + | | |_ _| \ | | | | \ \/ / / _ \/ ___| | _ \| ____| _ \ / _ \| _ \_ _| + | | | || \| | | | |\ / | | | \___ \ | |_) | _| | |_) | | | | |_) || | + | |___ | || |\ | |_| |/ \ | |_| |___) | | _ <| |___| __/| |_| | _ < | | + |_____|___|_| \_|\___//_/\_\ \___/|____/ |_| \_\_____|_| \___/|_| \_\|_| + + + + ========================================== + # SECTION 00: Script Info + ========================================== + Execution Date and Time: Wed May 7 11:35:52 AM CDT 2025 + Script Name: ./linux.sh + User Running the Script: root (called by: cmc) + + + + ========================================== + # SECTION 01: System Info + ========================================== + ## Hostname + hera + ## Kernel Version + 6.14.4-400.asahi.fc42.aarch64+16k + ## os-release + NAME="Fedora Linux Asahi Remix" + VERSION="42 (Forty Two [Adams])" + RELEASE_TYPE=stable + ID=fedora-asahi-remix + ID_LIKE=fedora + +# `ssh_root_login.sh` + +``` shell +./ssh_root_login.sh +``` + + PermitRootLogin no + +# `passwords.sh` + +``` shell +./passwords.sh +``` + + Starting analysis of authentication and login parameters... + Checking /etc/pam.d/system-auth for password parameters... + /etc/pam.d/system-auth file not found. + Analyzing /etc/login.defs... + Contents of /etc/login.defs: diff --git a/os/linux/README.org b/os/linux/README.org deleted file mode 100644 index 67f8169..0000000 --- a/os/linux/README.org +++ /dev/null @@ -1,64 +0,0 @@ -#+title: Linux - -* =report/linux.sh= - -#+begin_src shell -./report/linux.sh -#+end_src - -#+begin_src -_ ___ _ _ _ ___ __ ___ ____ ____ _____ ____ ___ ____ _____ -| | |_ _| \ | | | | \ \/ / / _ \/ ___| | _ \| ____| _ \ / _ \| _ \_ _| -| | | || \| | | | |\ / | | | \___ \ | |_) | _| | |_) | | | | |_) || | -| |___ | || |\ | |_| |/ \ | |_| |___) | | _ <| |___| __/| |_| | _ < | | -|_____|___|_| \_|\___//_/\_\ \___/|____/ |_| \_\_____|_| \___/|_| \_\|_| - - - -========================================== -# SECTION 00: Script Info -========================================== -Execution Date and Time: Wed May 7 11:35:52 AM CDT 2025 -Script Name: ./linux.sh -User Running the Script: root (called by: cmc) - - - -========================================== -# SECTION 01: System Info -========================================== -## Hostname -hera -## Kernel Version -6.14.4-400.asahi.fc42.aarch64+16k -## os-release -NAME="Fedora Linux Asahi Remix" -VERSION="42 (Forty Two [Adams])" -RELEASE_TYPE=stable -ID=fedora-asahi-remix -ID_LIKE=fedora -#+end_src - -* =ssh_root_login.sh= - -#+begin_src shell -./ssh_root_login.sh -#+end_src - -#+begin_src -PermitRootLogin no -#+end_src - -* =passwords.sh= - -#+begin_src shell -./passwords.sh -#+end_src - -#+begin_src -Starting analysis of authentication and login parameters... -Checking /etc/pam.d/system-auth for password parameters... -/etc/pam.d/system-auth file not found. -Analyzing /etc/login.defs... -Contents of /etc/login.defs: -#+end_src diff --git a/sampling/README.org b/sampling/README.md index 6307ed1..005424a 100644 --- a/sampling/README.org +++ b/sampling/README.md @@ -1,12 +1,10 @@ -#+title: Sampling Tools +# `sample.py` -* =sample.py= - -#+begin_src sh +``` bash python ./sample.py -#+end_src +``` -#+begin_src text +``` text Dataframe size (rows, columns): (100, 9) Sample size: 5 Sample: @@ -18,15 +16,16 @@ Sample: 70 71 32BB9Ff4d939788 ... Wireless 6146 [5 rows x 9 columns] -#+end_src +``` -* =sample.html= +# `sample.html` -This is an interactive web page that allows users to submit their population -size, sample size(s), and generate a psuedo-random sample list of numbers to use -when sampling against their population. +This is an interactive web page that allows users to submit their +population size, sample size(s), and generate a psuedo-random sample +list of numbers to use when sampling against their population. -Samples can be re-generated and validated using the seed numbers provided during -the original generation. +Samples can be re-generated and validated using the seed numbers +provided during the original generation. -[[sample-html.png]] +<span class="spurious-link" +target="sample-html.png">*sample-html.png*</span> |