diff options
| author | Christian Cleberg <hello@cleberg.net> | 2025-05-06 21:54:18 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-06 21:54:18 -0500 |
| commit | f351e70fbdf72ec14f335aa74ad3e7f0bc6da5bc (patch) | |
| tree | 4a43c4a8f23d001b3277e7668400b8f270946291 /databases | |
| parent | 95bf612c338dec8235e89ca6a1d9e5e8cad3f997 (diff) | |
| download | audit-tools-f351e70fbdf72ec14f335aa74ad3e7f0bc6da5bc.tar.gz audit-tools-f351e70fbdf72ec14f335aa74ad3e7f0bc6da5bc.tar.bz2 audit-tools-f351e70fbdf72ec14f335aa74ad3e7f0bc6da5bc.zip | |
add and update READMEs (#7)
* add and update READMEs
* Commit from GitHub Actions (Ruff)
---------
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Diffstat (limited to 'databases')
| -rw-r--r-- | databases/oracle/README.org | 81 | ||||
| -rw-r--r-- | databases/sql/README.org | 36 | ||||
| -rw-r--r-- | databases/sql/passwords/example_data.csv (renamed from databases/sql/passwords/data.csv) | 0 | ||||
| -rw-r--r-- | databases/sql/passwords/passwords.py (renamed from databases/sql/passwords/test.py) | 5 | ||||
| -rw-r--r-- | databases/sql/passwords/query.sql (renamed from databases/sql/passwords/get_data.sql) | 0 |
5 files changed, 122 insertions, 0 deletions
diff --git a/databases/oracle/README.org b/databases/oracle/README.org new file mode 100644 index 0000000..f2bc680 --- /dev/null +++ b/databases/oracle/README.org @@ -0,0 +1,81 @@ +* =oracle_admins.sql= + +#+begin_src sql +SELECT + grantee AS "User", + privilege AS "Privilege" +FROM + dba_sys_privs +WHERE + grantee IN (SELECT DISTINCT grantee FROM dba_sys_privs) +UNION ALL +SELECT + grantee AS "User", + privilege AS "Privilege" +FROM + dba_tab_privs +WHERE + grantee IN (SELECT DISTINCT grantee FROM dba_tab_privs); +#+end_src + +#+begin_src text +| User | Privilege | +|----------+---------------------| +| SCOTT | CREATE SESSION | +| SCOTT | CREATE TABLE | +| SCOTT | SELECT | +| SCOTT | INSERT | +| HR | CREATE SESSION | +| HR | SELECT | +| HR | INSERT | +| HR | UPDATE | +| SYS | CREATE USER | +| SYS | GRANT ANY PRIVILEGE | +| SYS | DROP USER | +| SYSTEM | CREATE TABLESPACE | +| SYSTEM | CREATE USER | +| SYSTEM | ALTER USER | +| SYSTEM | DROP USER | +| APP_USER | SELECT ON EMPLOYEES | +| APP_USER | INSERT ON EMPLOYEES | +| APP_USER | UPDATE ON EMPLOYEES | +#+end_src + +* =oracle_admins_alt.sql= + +#+begin_src sql +SELECT ** FROM sys.dba_role_privs; +SELECT ** FROM sys.dba_sys_privs; +SELECT ** FROM sys.dba_tab_privs; +SELECT ** FROM sys.dba_users; +#+end_src + +#+begin_src text +| Grantee | Granted_Role | Admin_Option | +|----------+--------------+--------------| +| SCOTT | DBA | NO | +| HR | RESOURCE | YES | +| APP_USER | DATA_ANALYST | NO | + +| Grantee | Privilege | +|---------+---------------------| +| SCOTT | CREATE SESSION | +| HR | CREATE TABLE | +| SYS | GRANT ANY PRIVILEGE | +| SYSTEM | CREATE USER | + +| Grantee | Table_Name | Privilege | +|----------+-------------+-----------| +| SCOTT | EMPLOYEES | SELECT | +| SCOTT | EMPLOYEES | INSERT | +| HR | DEPARTMENTS | SELECT | +| APP_USER | EMPLOYEES | UPDATE | + +| Username | Account_Status | Default_Tablespace | Temporary_Tablespace | +|----------+----------------+--------------------+----------------------| +| SCOTT | OPEN | USERS | TEMP | +| HR | OPEN | USERS | TEMP | +| SYS | OPEN | SYSTEM | TEMP | +| SYSTEM | OPEN | SYSTEM | TEMP | +| APP_USER | OPEN | USERS | TEMP | +#+end_src diff --git a/databases/sql/README.org b/databases/sql/README.org new file mode 100644 index 0000000..b2a2285 --- /dev/null +++ b/databases/sql/README.org @@ -0,0 +1,36 @@ +* =admins.sql= + +#+begin_src sql +:r admins.sql +#+end_src + +,#+begin_src text +| UserName | UserType | DatabaseUserName | Role | PermissionType | PermissionState | ObjectType | ObjectName | ColumnName | +|-------------+--------------+------------------+-----------------+----------------+-----------------+----------------------+--------------------+------------| +| SCOTT | SQL User | SCOTT | NULL | SELECT | GRANT | USER_TABLE | EMPLOYEES | NULL | +| SCOTT | SQL User | SCOTT | NULL | INSERT | GRANT | USER_TABLE | EMPLOYEES | NULL | +| HR | SQL User | HR | NULL | EXECUTE | GRANT | SQL_STORED_PROCEDURE | SP_GET_EMPLOYEE | NULL | +| APP_USER | Windows User | APP_USER | ApplicationRole | SELECT | GRANT | VIEW | vw_EmployeeDetails | NULL | +| APP_USER | Windows User | APP_USER | ApplicationRole | INSERT | GRANT | USER_TABLE | EMPLOYEES | NULL | +| {All Users} | {All Users} | {All Users} | public | SELECT | GRANT | USER_TABLE | EMPLOYEES | NULL | +| {All Users} | {All Users} | {All Users} | public | EXECUTE | GRANT | SQL_STORED_PROCEDURE | SP_GET_EMPLOYEE | NULL | +#+end_src + +* =passwords.py= + +#+begin_src shell +python passwords.py +#+end_src + +#+begin_src text +| Name | Type | Check Policy | Check Expiration | Reason | +|-------+-----------+--------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------| +| user1 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | +| user2 | SQL_LOGIN | FAIL | FAIL | Password policy is not enforced. Password expiration is not enforced. | +| user3 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | +| user4 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | +| user5 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | +| user6 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | +| user7 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | +| user8 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | +#+end_src diff --git a/databases/sql/passwords/data.csv b/databases/sql/passwords/example_data.csv index fc925ea..fc925ea 100644 --- a/databases/sql/passwords/data.csv +++ b/databases/sql/passwords/example_data.csv diff --git a/databases/sql/passwords/test.py b/databases/sql/passwords/passwords.py index 81c1138..eed41cc 100644 --- a/databases/sql/passwords/test.py +++ b/databases/sql/passwords/passwords.py @@ -72,6 +72,11 @@ def main(): report = apply_rules_and_report(df_input) report_df = pd.DataFrame(report) + # Do not truncate output + pd.set_option("display.expand_frame_repr", True) + pd.set_option("display.width", 1000) + pd.set_option("display.max_colwidth", 1000) + # Print the report print(report_df) diff --git a/databases/sql/passwords/get_data.sql b/databases/sql/passwords/query.sql index b5bef36..b5bef36 100644 --- a/databases/sql/passwords/get_data.sql +++ b/databases/sql/passwords/query.sql |