add and update READMEs (#7)

* add and update READMEs

* Commit from GitHub Actions (Ruff)

---------

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>

6 files changed, 142 insertions, 19 deletions

diff --git a/README.md b/README.org
index 12eacc2..c30029b 100644
--- a/README.md
+++ b/README.org
@@ -1,17 +1,17 @@
-# Background
+* Background
 
 I have been an auditor for years, starting with operational/financial
 audits and quickly transitioning to technology audits early in my
 career.
 
 While performing technology audits, attestations, etc., you will find
-that it requires a lot of manual effort if you don\'t use the right
-tools to automate as much as possible.
+that it requires a lot of manual effort if you don't use the right tools
+to automate as much as possible.
 
 This repository serves as my personal collection of audit tools that I
 want to save and re-use later.
 
-## Scope
+** Scope
 
 While I created the scripts and tools within this repository
 specifically for the applications I use, I am working to include
@@ -19,11 +19,11 @@ edge-cases and niche tools as I can.
 
 For now, refer to the tree below for application coverage.
 
-```shell
+#+begin_src shell
 tree -I ".git*|venv"
-```
+#+end_src
 
-```text
+#+begin_src text
 .
 ├── applications
 │   ├── github
@@ -53,17 +53,19 @@ tree -I ".git*|venv"
 │   │   └── README.org
 │   ├── oracle
 │   │   ├── oracle_admins_alt.sql
-│   │   └── oracle_admins.sql
+│   │   ├── oracle_admins.sql
+│   │   └── README.org
 │   ├── postgres
 │   │   ├── admins.sql
 │   │   ├── passwords.sql
 │   │   └── README.org
 │   └── sql
 │       ├── admins.sql
-│       └── passwords
-│           ├── data.csv
-│           ├── get_data.sql
-│           └── test.py
+│       ├── passwords
+│       │   ├── example_data.csv
+│       │   ├── passwords.py
+│       │   └── query.sql
+│       └── README.org
 ├── LICENSE
 ├── os
 │   └── linux
@@ -79,25 +81,24 @@ tree -I ".git*|venv"
 │       └── project_dashboard
 │           ├── project_dashboard.pbix
 │           └── project_data.xlsx
-├── README.md
+├── README.org
 ├── requirements.txt
 └── sampling
     ├── README.org
     ├── sample.html
     ├── sample-html.png
     └── sample.py
-```
-
-# Development
+#+end_src
 
-## Python
+* Development
+** Python
 
 For the Python scripts, use the following to activate a virtual
 environment for consistent packing:
 
-```shell
+#+begin_src shell
 python3 -m venv venv
 source ./venv/bin/activate
 pip install PACKAGE_NAME
 python3 ./PYTHON_SCRIPT.py
-```
+#+end_src
diff --git a/databases/oracle/README.org b/databases/oracle/README.org
new file mode 100644
index 0000000..f2bc680
--- /dev/null
+++ b/databases/oracle/README.org
@@ -0,0 +1,81 @@
+* =oracle_admins.sql=
+
+#+begin_src sql
+SELECT
+    grantee AS "User",
+    privilege AS "Privilege"
+FROM
+    dba_sys_privs
+WHERE
+    grantee IN (SELECT DISTINCT grantee FROM dba_sys_privs)
+UNION ALL
+SELECT
+    grantee AS "User",
+    privilege AS "Privilege"
+FROM
+    dba_tab_privs
+WHERE
+    grantee IN (SELECT DISTINCT grantee FROM dba_tab_privs);
+#+end_src
+
+#+begin_src text
+| User     | Privilege           |
+|----------+---------------------|
+| SCOTT    | CREATE SESSION      |
+| SCOTT    | CREATE TABLE        |
+| SCOTT    | SELECT              |
+| SCOTT    | INSERT              |
+| HR       | CREATE SESSION      |
+| HR       | SELECT              |
+| HR       | INSERT              |
+| HR       | UPDATE              |
+| SYS      | CREATE USER         |
+| SYS      | GRANT ANY PRIVILEGE |
+| SYS      | DROP USER           |
+| SYSTEM   | CREATE TABLESPACE   |
+| SYSTEM   | CREATE USER         |
+| SYSTEM   | ALTER USER          |
+| SYSTEM   | DROP USER           |
+| APP_USER | SELECT ON EMPLOYEES |
+| APP_USER | INSERT ON EMPLOYEES |
+| APP_USER | UPDATE ON EMPLOYEES |
+#+end_src
+
+* =oracle_admins_alt.sql=
+
+#+begin_src sql
+SELECT ** FROM sys.dba_role_privs;
+SELECT ** FROM sys.dba_sys_privs;
+SELECT ** FROM sys.dba_tab_privs;
+SELECT ** FROM sys.dba_users;
+#+end_src
+
+#+begin_src text
+| Grantee  | Granted_Role | Admin_Option |
+|----------+--------------+--------------|
+| SCOTT    | DBA          | NO           |
+| HR       | RESOURCE     | YES          |
+| APP_USER | DATA_ANALYST | NO           |
+
+| Grantee | Privilege           |
+|---------+---------------------|
+| SCOTT   | CREATE SESSION      |
+| HR      | CREATE TABLE        |
+| SYS     | GRANT ANY PRIVILEGE |
+| SYSTEM  | CREATE USER         |
+
+| Grantee  | Table_Name  | Privilege |
+|----------+-------------+-----------|
+| SCOTT    | EMPLOYEES   | SELECT    |
+| SCOTT    | EMPLOYEES   | INSERT    |
+| HR       | DEPARTMENTS | SELECT    |
+| APP_USER | EMPLOYEES   | UPDATE    |
+
+| Username | Account_Status | Default_Tablespace | Temporary_Tablespace |
+|----------+----------------+--------------------+----------------------|
+| SCOTT    | OPEN           | USERS              | TEMP                 |
+| HR       | OPEN           | USERS              | TEMP                 |
+| SYS      | OPEN           | SYSTEM             | TEMP                 |
+| SYSTEM   | OPEN           | SYSTEM             | TEMP                 |
+| APP_USER | OPEN           | USERS              | TEMP                 |
+#+end_src
diff --git a/databases/sql/README.org b/databases/sql/README.org
new file mode 100644
index 0000000..b2a2285
--- /dev/null
+++ b/databases/sql/README.org
@@ -0,0 +1,36 @@
+* =admins.sql=
+
+#+begin_src sql
+:r admins.sql
+#+end_src
+
+,#+begin_src text
+| UserName    | UserType     | DatabaseUserName | Role            | PermissionType | PermissionState | ObjectType           | ObjectName         | ColumnName |
+|-------------+--------------+------------------+-----------------+----------------+-----------------+----------------------+--------------------+------------|
+| SCOTT       | SQL User     | SCOTT            | NULL            | SELECT         | GRANT           | USER_TABLE           | EMPLOYEES          | NULL       |
+| SCOTT       | SQL User     | SCOTT            | NULL            | INSERT         | GRANT           | USER_TABLE           | EMPLOYEES          | NULL       |
+| HR          | SQL User     | HR               | NULL            | EXECUTE        | GRANT           | SQL_STORED_PROCEDURE | SP_GET_EMPLOYEE    | NULL       |
+| APP_USER    | Windows User | APP_USER         | ApplicationRole | SELECT         | GRANT           | VIEW                 | vw_EmployeeDetails | NULL       |
+| APP_USER    | Windows User | APP_USER         | ApplicationRole | INSERT         | GRANT           | USER_TABLE           | EMPLOYEES          | NULL       |
+| {All Users} | {All Users}  | {All Users}      | public          | SELECT         | GRANT           | USER_TABLE           | EMPLOYEES          | NULL       |
+| {All Users} | {All Users}  | {All Users}      | public          | EXECUTE        | GRANT           | SQL_STORED_PROCEDURE | SP_GET_EMPLOYEE    | NULL       |
+#+end_src
+
+* =passwords.py=
+
+#+begin_src shell
+python passwords.py
+#+end_src
+
+#+begin_src text
+| Name  | Type      | Check Policy | Check Expiration | Reason                                                                                                                                        |
+|-------+-----------+--------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------|
+| user1 | SQL_LOGIN | PASS         | FAIL             | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced.                                      |
+| user2 | SQL_LOGIN | FAIL         | FAIL             | Password policy is not enforced. Password expiration is not enforced.                                                                         |
+| user3 | SQL_LOGIN | PASS         | FAIL             | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced.                                      |
+| user4 | SQL_LOGIN | PASS         | FAIL             | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced.                                      |
+| user5 | SQL_LOGIN | PASS         | FAIL             | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced.                                      |
+| user6 | SQL_LOGIN | PASS         | PASS             | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. |
+| user7 | SQL_LOGIN | PASS         | PASS             | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. |
+| user8 | SQL_LOGIN | PASS         | PASS             | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. |
+#+end_src
diff --git a/databases/sql/passwords/data.csv b/databases/sql/passwords/example_data.csv
index fc925ea..fc925ea 100644
--- a/databases/sql/passwords/data.csv
+++ b/databases/sql/passwords/example_data.csv
diff --git a/databases/sql/passwords/test.py b/databases/sql/passwords/passwords.py
index 81c1138..eed41cc 100644
--- a/databases/sql/passwords/test.py
+++ b/databases/sql/passwords/passwords.py
@@ -72,6 +72,11 @@ def main():
     report = apply_rules_and_report(df_input)
     report_df = pd.DataFrame(report)
 
+    # Do not truncate output
+    pd.set_option("display.expand_frame_repr", True)
+    pd.set_option("display.width", 1000)
+    pd.set_option("display.max_colwidth", 1000)
+
     # Print the report
     print(report_df)
 
diff --git a/databases/sql/passwords/get_data.sql b/databases/sql/passwords/query.sql
index b5bef36..b5bef36 100644
--- a/databases/sql/passwords/get_data.sql
+++ b/databases/sql/passwords/query.sql