From b598a79d270b3a91b0e6d5f3b9dca4aecca2dd4c Mon Sep 17 00:00:00 2001 From: Christian Cleberg Date: Sat, 2 Aug 2025 13:02:43 -0500 Subject: fix: convert README.org to README.md --- README.md | 112 +++++++++++++++++++++++++ README.org | 102 ----------------------- applications/github/README.md | 113 +++++++++++++++++++++++++ applications/github/README.org | 112 ------------------------- applications/gitlab/README.md | 160 +++++++++++++++++++++++++++++++++++ applications/gitlab/README.org | 161 ------------------------------------ databases/mongo/README.md | 102 +++++++++++++++++++++++ databases/mongo/README.org | 104 ----------------------- databases/mysql/README.md | 173 ++++++++++++++++++++++++++++++++++++++ databases/mysql/README.org | 183 ----------------------------------------- databases/oracle/README.md | 81 ++++++++++++++++++ databases/oracle/README.org | 81 ------------------ databases/postgres/README.md | 67 +++++++++++++++ databases/postgres/README.org | 75 ----------------- databases/sql/README.md | 36 ++++++++ databases/sql/README.org | 36 -------- os/linux/README.md | 56 +++++++++++++ os/linux/README.org | 64 -------------- sampling/README.md | 31 +++++++ sampling/README.org | 32 ------- 20 files changed, 931 insertions(+), 950 deletions(-) create mode 100644 README.md delete mode 100644 README.org create mode 100644 applications/github/README.md delete mode 100644 applications/github/README.org create mode 100644 applications/gitlab/README.md delete mode 100644 applications/gitlab/README.org create mode 100644 databases/mongo/README.md delete mode 100644 databases/mongo/README.org create mode 100644 databases/mysql/README.md delete mode 100644 databases/mysql/README.org create mode 100644 databases/oracle/README.md delete mode 100644 databases/oracle/README.org create mode 100644 databases/postgres/README.md delete mode 100644 databases/postgres/README.org create mode 100644 databases/sql/README.md delete mode 100644 databases/sql/README.org create mode 100644 os/linux/README.md delete mode 100644 os/linux/README.org create mode 100644 sampling/README.md delete mode 100644 sampling/README.org diff --git a/README.md b/README.md new file mode 100644 index 0000000..f2be0d7 --- /dev/null +++ b/README.md @@ -0,0 +1,112 @@ +# 📊 Audit Tools by Christian Cleberg + +Welcome to **Audit Tools** — a collection of open-source Python scripts +and resources designed to help auditors, risk professionals, and data +analysts automate common audit tasks and analytics. + +Whether you're new to audit automation or an experienced tech-enabled +auditor, this toolkit offers practical, real-world examples you can use, +customize, and build upon. + +# 📦 What's Inside + +This repository contains Python scripts and templates for common audit +procedures and control testing activities, including: + +- ✅ **Pseudo-Random Sampling** +- ✅ **GITC Extractions and Analysis** +- ✅ **Project Management Tracking & Visualizations** +- ✅ **Cloud Platform Analysis (planned)** +- ✅ **Audit AI Prompts & Guides (planned)** + +The goal is to provide practical, easy-to-understand tools that auditors +and analysts can quickly deploy in their environments. + +# 🚀 Getting Started + +****Clone the Repository**** + +``` bash +git clone https://git.sr.ht/~cxc/audit-tools +cd audit-tools +``` + +****Install Dependencies**** + +*Required for Python scripts* + +``` bash +pip install -r requirements.txt +``` + +****Run a Sample Script**** + +Example: Run the **Linux OS Report** tool. + +``` bash +./os/linux/report/linux.sh +``` + +View the results in your terminal or within the file created by the +script. + +# 📖 Learn More + +If you're new to audit analytics or Python scripting, start here: + +- [Python for Auditors](https://realpython.com) +- [Audit Analytics 101](https://audit-analytics.com) +- [Intro to Pandas + Documentation](https://pandas.pydata.org/docs/getting_started/) + +Also, check out the `notebooks/` folder for interactive tutorials and +use cases. + +# 🤝 How to Contribute + +Want to add your own audit scripts or improve existing ones? +Contributions are welcome! + +****Ways to Help**** + +- Submit new Python scripts for audit use cases. +- Suggest enhancements or new features. +- Improve documentation or write beginner-friendly tutorials. +- Test existing tools on new datasets and report issues. + +****To Contribute**** + +1. Fork this repo + +2. Create a new branch: + + ``` bash + git checkout -b my-feature + ``` + +3. Commit your changes: + + ``` bash + git commit -m 'Added new audit test' + ``` + +4. Push to the branch: + + ``` bash + git push origin my-feature + ``` + +5. Open a Pull Request + +# 👤 About the Creator + +Made with ❤️ by [Christian Cleberg](https://cleberg.net/). + +I'm a technology assurance leader passionate about audit innovation, AI +in audit, and building practical tools for auditors and risk +professionals. + +# 📜 License + +This project is licensed under the **GNU General Public License v3.0** — +see the [LICENSE](LICENSE) file for details. diff --git a/README.org b/README.org deleted file mode 100644 index 6e33faf..0000000 --- a/README.org +++ /dev/null @@ -1,102 +0,0 @@ -#+TITLE: Audit Tools by Christian Cleberg -#+AUTHOR: Christian Cleberg -#+OPTIONS: toc:nil - -* 📊 Audit Tools by Christian Cleberg - -Welcome to *Audit Tools* — a collection of open-source Python scripts and -resources designed to help auditors, risk professionals, and data analysts -automate common audit tasks and analytics. - -Whether you're new to audit automation or an experienced tech-enabled auditor, -this toolkit offers practical, real-world examples you can use, customize, and -build upon. - -* 📦 What's Inside - -This repository contains Python scripts and templates for common audit -procedures and control testing activities, including: - -- ✅ *Pseudo-Random Sampling* -- ✅ *GITC Extractions and Analysis* -- ✅ *Project Management Tracking & Visualizations* -- ✅ *Cloud Platform Analysis (planned)* -- ✅ *Audit AI Prompts & Guides (planned)* - -The goal is to provide practical, easy-to-understand tools that auditors and -analysts can quickly deploy in their environments. - -* 🚀 Getting Started - -**Clone the Repository** - -#+begin_src bash -git clone https://git.sr.ht/~cxc/audit-tools -cd audit-tools -#+end_src - -**Install Dependencies** - -/Required for Python scripts/ - -#+begin_src bash -pip install -r requirements.txt -#+end_src - -**Run a Sample Script** - -Example: Run the *Linux OS Report* tool. - -#+begin_src bash -./os/linux/report/linux.sh -#+end_src - -View the results in your terminal or within the file created by the script. - -* 📖 Learn More - -If you're new to audit analytics or Python scripting, start here: -- [[https://realpython.com][Python for Auditors]] -- [[https://audit-analytics.com][Audit Analytics 101]] -- [[https://pandas.pydata.org/docs/getting_started/][Intro to Pandas Documentation]] - -Also, check out the =notebooks/= folder for interactive tutorials and use cases. - -* 🤝 How to Contribute - -Want to add your own audit scripts or improve existing ones? Contributions are -welcome! - -**Ways to Help** -- Submit new Python scripts for audit use cases. -- Suggest enhancements or new features. -- Improve documentation or write beginner-friendly tutorials. -- Test existing tools on new datasets and report issues. - -**To Contribute** -1. Fork this repo -2. Create a new branch: - #+begin_src bash - git checkout -b my-feature - #+end_src -3. Commit your changes: - #+begin_src bash - git commit -m 'Added new audit test' - #+end_src -4. Push to the branch: - #+begin_src bash - git push origin my-feature - #+end_src -5. Open a Pull Request - -* 👤 About the Creator - -Made with ❤️ by [[https://cleberg.net/][Christian Cleberg]]. - -I'm a technology assurance leader passionate about audit innovation, AI in -audit, and building practical tools for auditors and risk professionals. - -* 📜 License - -This project is licensed under the *GNU General Public License v3.0* — see the -[[file:LICENSE][LICENSE]] file for details. diff --git a/applications/github/README.md b/applications/github/README.md new file mode 100644 index 0000000..3ea076b --- /dev/null +++ b/applications/github/README.md @@ -0,0 +1,113 @@ +**NOTE**: I used the same +[PAT](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) +for all scripts within this folder. Note that you can likely reduce +permissions for certain scripts - it's best practice to define a PAT for +a specific purpose and avoid using a single PAT with broad permissions. + +- Personal Access Token: + - \[x\] Repository Permissions + - \[x\] Actions: read-only + - \[x\] Contents: read-only + - \[x\] Metadata: read-only + - \[x\] Workflows: read-only + - \[x\] Organization Permissions + - \[x\] Administration: read-only + +# `github_admins.py` + +``` bash +python ./github_admins.py +``` + +``` text +Members of the organization 'your_organization': + +Repositories in the organization 'your_organization': +- demo-repository + +Collaborators for the repository 'demo-repository': +- user1: admin +``` + +# `github_audit_log.py` + +**NOTE**: Requires an active GitHub Enterprise subscription. + +``` bash +python ./github_audit_log.py +``` + +``` text +TODO: Need to get an Enterprise subscription to test this script. +``` + +# `github_branch_protections.py` + +``` bash +python ./github_branch_protections.py +``` + +``` text +Total branches in the repository 'demo-repository': 1 + +Branch: main +No protection settings + +Repository rulesets for 'demo-repository': +[{'id': 2311373, 'name': 'default', 'target': 'branch', 'source_type': 'Repository', 'source': 'phryq/demo-repository', 'enforcement': 'active', 'node_id': 'RRS_lACqUmVwb3NpdG9yec40LV1PzgAjRM0', '_links': {'self': {'href': 'https://api.github.com/repos/phryq/demo-repository/rulesets/2311373'}, 'html': {'href': 'https://github.com/phryq/demo-repository/rules/2311373'}}, 'created_at': '2024-10-19T15:59:35.200-05:00', 'updated_at': '2024-10-19T15:59:35.200-05:00'}] +``` + +# `github_commits.py` + +``` bash +python ./github_commits.py +``` + +``` text +Total commits in the repository 'demo-repository' on branch 'main': 3 + +Commit SHA: 13c488a2cdda08e4043f8ef36ced5fdd429e9718 +Author: Christian Cleberg <156287552+ccleberg@users.noreply.github.com> +Date: 2024-10-19T20:57:55Z +Message: Merge pull request #2 from phryq/1-test-issue + +fixes +URL: https://github.com/phryq/demo-repository/commit/13c488a2cdda08e4043f8ef36ced5fdd429e9718 +Files changed: + - .gitignore (added) + Additions: 0, Deletions: 0, Changes: 0 + - README.md (removed) + Additions: 0, Deletions: 4, Changes: 4 + - README.org (added) + Additions: 7, Deletions: 0, Changes: 7 + +Commit SHA: 6bfde238a2a34a93ce8ee02082eaf4ab3c189368 +Author: Christian Cleberg +Date: 2024-10-19T20:56:50Z +Message: fixes +URL: https://github.com/phryq/demo-repository/commit/6bfde238a2a34a93ce8ee02082eaf4ab3c189368 +Files changed: + - .gitignore (added) + Additions: 0, Deletions: 0, Changes: 0 + - README.md (removed) + Additions: 0, Deletions: 4, Changes: 4 + - README.org (added) + Additions: 7, Deletions: 0, Changes: 7 + +Commit SHA: be1ddf31e08fc790f54d68f8067b7b2f3805f999 +Author: Christian Cleberg <156287552+ccleberg@users.noreply.github.com> +Date: 2024-10-19T20:54:08Z +Message: Initial commit +URL: https://github.com/phryq/demo-repository/commit/be1ddf31e08fc790f54d68f8067b7b2f3805f999 +Files changed: + - .github/workflows/auto-assign.yml (added) + Additions: 19, Deletions: 0, Changes: 19 + - .github/workflows/proof-html.yml (added) + Additions: 11, Deletions: 0, Changes: 11 + - README.md (added) + Additions: 4, Deletions: 0, Changes: 4 + - index.html (added) + Additions: 1, Deletions: 0, Changes: 1 + - package.json (added) + Additions: 9, Deletions: 0, Changes: 9 +``` diff --git a/applications/github/README.org b/applications/github/README.org deleted file mode 100644 index d707277..0000000 --- a/applications/github/README.org +++ /dev/null @@ -1,112 +0,0 @@ -#+title: GitHub Scripts - -*NOTE*: I used the same [[https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens][PAT]] for all scripts within this folder. Note that you can likely reduce permissions for certain scripts - it's best practice to define a PAT for a specific purpose and avoid using a single PAT with broad permissions. - -- Personal Access Token: - - [x] Repository Permissions - - [x] Actions: read-only - - [x] Contents: read-only - - [x] Metadata: read-only - - [x] Workflows: read-only - - [x] Organization Permissions - - [x] Administration: read-only - -* =github_admins.py= - -#+begin_src sh -python ./github_admins.py -#+end_src - -#+begin_src text -Members of the organization 'your_organization': - -Repositories in the organization 'your_organization': -- demo-repository - -Collaborators for the repository 'demo-repository': -- user1: admin -#+end_src - -* =github_audit_log.py= - -*NOTE*: Requires an active GitHub Enterprise subscription. - -#+begin_src sh -python ./github_audit_log.py -#+end_src - -#+begin_src text -TODO: Need to get an Enterprise subscription to test this script. -#+end_src - -* =github_branch_protections.py= - - -#+begin_src sh -python ./github_branch_protections.py -#+end_src - -#+begin_src text -Total branches in the repository 'demo-repository': 1 - -Branch: main -No protection settings - -Repository rulesets for 'demo-repository': -[{'id': 2311373, 'name': 'default', 'target': 'branch', 'source_type': 'Repository', 'source': 'phryq/demo-repository', 'enforcement': 'active', 'node_id': 'RRS_lACqUmVwb3NpdG9yec40LV1PzgAjRM0', '_links': {'self': {'href': 'https://api.github.com/repos/phryq/demo-repository/rulesets/2311373'}, 'html': {'href': 'https://github.com/phryq/demo-repository/rules/2311373'}}, 'created_at': '2024-10-19T15:59:35.200-05:00', 'updated_at': '2024-10-19T15:59:35.200-05:00'}] -#+end_src - -* =github_commits.py= - -#+begin_src sh -python ./github_commits.py -#+end_src - -#+begin_src text -Total commits in the repository 'demo-repository' on branch 'main': 3 - -Commit SHA: 13c488a2cdda08e4043f8ef36ced5fdd429e9718 -Author: Christian Cleberg <156287552+ccleberg@users.noreply.github.com> -Date: 2024-10-19T20:57:55Z -Message: Merge pull request #2 from phryq/1-test-issue - -fixes -URL: https://github.com/phryq/demo-repository/commit/13c488a2cdda08e4043f8ef36ced5fdd429e9718 -Files changed: - - .gitignore (added) - Additions: 0, Deletions: 0, Changes: 0 - - README.md (removed) - Additions: 0, Deletions: 4, Changes: 4 - - README.org (added) - Additions: 7, Deletions: 0, Changes: 7 - -Commit SHA: 6bfde238a2a34a93ce8ee02082eaf4ab3c189368 -Author: Christian Cleberg -Date: 2024-10-19T20:56:50Z -Message: fixes -URL: https://github.com/phryq/demo-repository/commit/6bfde238a2a34a93ce8ee02082eaf4ab3c189368 -Files changed: - - .gitignore (added) - Additions: 0, Deletions: 0, Changes: 0 - - README.md (removed) - Additions: 0, Deletions: 4, Changes: 4 - - README.org (added) - Additions: 7, Deletions: 0, Changes: 7 - -Commit SHA: be1ddf31e08fc790f54d68f8067b7b2f3805f999 -Author: Christian Cleberg <156287552+ccleberg@users.noreply.github.com> -Date: 2024-10-19T20:54:08Z -Message: Initial commit -URL: https://github.com/phryq/demo-repository/commit/be1ddf31e08fc790f54d68f8067b7b2f3805f999 -Files changed: - - .github/workflows/auto-assign.yml (added) - Additions: 19, Deletions: 0, Changes: 19 - - .github/workflows/proof-html.yml (added) - Additions: 11, Deletions: 0, Changes: 11 - - README.md (added) - Additions: 4, Deletions: 0, Changes: 4 - - index.html (added) - Additions: 1, Deletions: 0, Changes: 1 - - package.json (added) - Additions: 9, Deletions: 0, Changes: 9 -#+end_src diff --git a/applications/gitlab/README.md b/applications/gitlab/README.md new file mode 100644 index 0000000..a564f13 --- /dev/null +++ b/applications/gitlab/README.md @@ -0,0 +1,160 @@ +# `approvals.py` + +\\This script requires an active Premium or Ultimate subscription.\*\\ + +``` bash +python ./approvals.py +``` + +``` text +Rule: All Members + Approvals Required: 1 + Rule type: any_approver +Rule: Default + Approvals Required: 1 + Rule type: regular + Protected Branch: master + Eligible Approver: Christian Cleberg +``` + +# `branch_protections.py` + +``` bash +python ./branch_protections.py +``` + +``` json +[ + { + "id": 148448212, + "name": "main", + "push_access_levels": [ + { + "id": 185900194, + "access_level": 40, + "access_level_description": "Maintainers", + "deploy_key_id": null, + "user_id": null, + "group_id": null + } + ], + "merge_access_levels": [ + { + "id": 156461000, + "access_level": 40, + "access_level_description": "Maintainers", + "user_id": null, + "group_id": null + } + ], + "allow_force_push": false, + "unprotect_access_levels": [], + "code_owner_approval_required": false, + "inherited": false + } +] +``` + +# `passwords.py` + +**This script does not apply to GitLab.com. This is for self-hosted +instances only.** + +``` bash +python ./passwords.py +``` + +``` text +# TODO: Need access to a self-hosted version of GitLab to test this out. +``` + +# `pipelines.py` + +``` bash +python ./pipelines.py +``` + +``` text +Pipeline ID: 1754222228 + Status: failed + Ref: master + Created At: 2025-04-06T03:39:15.065Z + Duration: N/A seconds + Configuration: N/A +Pipeline ID: 1754221831 + Status: failed + Ref: pr-1 + Created At: 2025-04-06T03:37:42.333Z + Duration: N/A seconds + Configuration: N/A +Pipeline ID: 1754220271 + Status: failed + Ref: pr-1 + Created At: 2025-04-06T03:33:38.606Z + Duration: N/A seconds + Configuration: N/A +Pipeline ID: 1754214637 + Status: failed + Ref: master + Created At: 2025-04-06T03:21:39.902Z + Duration: N/A seconds + Configuration: N/A +``` + +# `provisioning.py` + +\\This script requires an active Premium or Ultimate subscription.\*\\ + +``` bash +python ./provisioning.py +``` + +``` text +Group: 105300140 + 2025-04-08T03:33:17.055Z : Action: member_created, Member: 128029250, Author: 24608590 +``` + +# `repositories.py` + +``` shell +python ./repositories.py +``` + +``` text +# User ID Example +Projects under ID: ccleberg: +- audit-tools (ID: 68757698) +- cleberg.net (ID: 68701468) + +# Group ID Example +Projects under ID: phryq: +- Yoshi Cli (ID: 68757750) +- pages-demo (ID: 68757186) +``` + +# `users.py` + +``` bash +python ./users.py +``` + +``` text +Access Level Roles: + 0 : No access + 5 : Minimal access + 10 : Guest + 15 : Planner + 20 : Reporter + 30 : Developer + 40 : Maintainer + 50 : Owner + 60 : Admin + + +Group 97083755 Members: +Username: ccleberg, Access Level: 50 + +Project 68701468 Members: +Username: ccleberg, Access Level: 50 +Username: project_68701468_bot_2c7ee010a479c0e48cdb4c7c5cfae886, Access Level: 40 +``` diff --git a/applications/gitlab/README.org b/applications/gitlab/README.org deleted file mode 100644 index d137497..0000000 --- a/applications/gitlab/README.org +++ /dev/null @@ -1,161 +0,0 @@ -#+title: GitLab Scripts - -* =approvals.py= - -\*This script requires an active Premium or Ultimate subscription.*\ - -#+begin_src sh -python ./approvals.py -#+end_src - -#+begin_src text -Rule: All Members - Approvals Required: 1 - Rule type: any_approver -Rule: Default - Approvals Required: 1 - Rule type: regular - Protected Branch: master - Eligible Approver: Christian Cleberg -#+end_src - -* =branch_protections.py= - -#+begin_src sh -python ./branch_protections.py -#+end_src - -#+begin_src json -[ - { - "id": 148448212, - "name": "main", - "push_access_levels": [ - { - "id": 185900194, - "access_level": 40, - "access_level_description": "Maintainers", - "deploy_key_id": null, - "user_id": null, - "group_id": null - } - ], - "merge_access_levels": [ - { - "id": 156461000, - "access_level": 40, - "access_level_description": "Maintainers", - "user_id": null, - "group_id": null - } - ], - "allow_force_push": false, - "unprotect_access_levels": [], - "code_owner_approval_required": false, - "inherited": false - } -] -#+end_src - -* =passwords.py= - -*This script does not apply to GitLab.com. This is for self-hosted instances only.* - -#+begin_src sh -python ./passwords.py -#+end_src - -#+begin_src text -# TODO: Need access to a self-hosted version of GitLab to test this out. -#+end_src - -* =pipelines.py= - -#+begin_src sh -python ./pipelines.py -#+end_src - -#+begin_src text -Pipeline ID: 1754222228 - Status: failed - Ref: master - Created At: 2025-04-06T03:39:15.065Z - Duration: N/A seconds - Configuration: N/A -Pipeline ID: 1754221831 - Status: failed - Ref: pr-1 - Created At: 2025-04-06T03:37:42.333Z - Duration: N/A seconds - Configuration: N/A -Pipeline ID: 1754220271 - Status: failed - Ref: pr-1 - Created At: 2025-04-06T03:33:38.606Z - Duration: N/A seconds - Configuration: N/A -Pipeline ID: 1754214637 - Status: failed - Ref: master - Created At: 2025-04-06T03:21:39.902Z - Duration: N/A seconds - Configuration: N/A -#+end_src - -* =provisioning.py= - -\*This script requires an active Premium or Ultimate subscription.*\ - -#+begin_src sh -python ./provisioning.py -#+end_src - -#+begin_src text -Group: 105300140 - 2025-04-08T03:33:17.055Z : Action: member_created, Member: 128029250, Author: 24608590 -#+end_src - -* =repositories.py= - -#+begin_src shell -python ./repositories.py -#+end_src - -#+begin_src text -# User ID Example -Projects under ID: ccleberg: -- audit-tools (ID: 68757698) -- cleberg.net (ID: 68701468) - -# Group ID Example -Projects under ID: phryq: -- Yoshi Cli (ID: 68757750) -- pages-demo (ID: 68757186) -#+end_src - -* =users.py= - -#+begin_src sh -python ./users.py -#+end_src - -#+begin_src text -Access Level Roles: - 0 : No access - 5 : Minimal access - 10 : Guest - 15 : Planner - 20 : Reporter - 30 : Developer - 40 : Maintainer - 50 : Owner - 60 : Admin - - -Group 97083755 Members: -Username: ccleberg, Access Level: 50 - -Project 68701468 Members: -Username: ccleberg, Access Level: 50 -Username: project_68701468_bot_2c7ee010a479c0e48cdb4c7c5cfae886, Access Level: 40 -#+end_src diff --git a/databases/mongo/README.md b/databases/mongo/README.md new file mode 100644 index 0000000..99e1c68 --- /dev/null +++ b/databases/mongo/README.md @@ -0,0 +1,102 @@ +# `admins.py` + +Dependency: + +``` shell +pip install pymongo +``` + +``` python +python ./admins.py +``` + +Example output: + +``` json +[ + { + "_id": "admin.admin", + "user": "admin", + "db": "admin", + "roles": [ + { + "role": "userAdminAnyDatabase", + "db": "admin" + }, + { + "role": "readWriteAnyDatabase", + "db": "admin" + }, + { + "role": "dbAdminAnyDatabase", + "db": "admin" + }, + { + "role": "clusterAdmin", + "db": "admin" + } + ], + "credentials": { + "SCRAM-SHA-1": { + "iterationCount": 10000, + "salt": "abc123", + "storedKey": "storedKeyHash", + "serverKey": "serverKeyHash" + }, + "SCRAM-SHA-256": { + "iterationCount": 15000, + "salt": "def456", + "storedKey": "storedKeyHash256", + "serverKey": "serverKeyHash256" + } + } + }, + { + "_id": "test.user1", + "user": "user1", + "db": "test", + "roles": [ + { + "role": "readWrite", + "db": "test" + } + ], + "credentials": { + "SCRAM-SHA-1": { + "iterationCount": 10000, + "salt": "ghi789", + "storedKey": "storedKeyHashUser1", + "serverKey": "serverKeyHashUser1" + } + } + }, + { + "_id": "test.ldapUser", + "user": "ldapUser", + "db": "test", + "roles": [ + { + "role": "read", + "db": "test" + } + ], + "userSource": "ldap" + }, + { + "_id": "admin.x509User", + "user": "x509User", + "db": "$external", + "roles": [ + { + "role": "readWrite", + "db": "admin" + } + ], + "credentials": { + "MONGODB-X509": { + "subject": "CN=x509User,OU=OrgUnit,O=Org,L=City,ST=State,C=Country" + } + } + } +] +``` diff --git a/databases/mongo/README.org b/databases/mongo/README.org deleted file mode 100644 index 689d37d..0000000 --- a/databases/mongo/README.org +++ /dev/null @@ -1,104 +0,0 @@ -#+title: MongoDB Scripts - -* =admins.py= - -Dependency: - -#+begin_src shell -pip install pymongo -#+end_src - -#+begin_src python -python ./admins.py -#+end_src - -Example output: - -#+begin_src json -[ - { - "_id": "admin.admin", - "user": "admin", - "db": "admin", - "roles": [ - { - "role": "userAdminAnyDatabase", - "db": "admin" - }, - { - "role": "readWriteAnyDatabase", - "db": "admin" - }, - { - "role": "dbAdminAnyDatabase", - "db": "admin" - }, - { - "role": "clusterAdmin", - "db": "admin" - } - ], - "credentials": { - "SCRAM-SHA-1": { - "iterationCount": 10000, - "salt": "abc123", - "storedKey": "storedKeyHash", - "serverKey": "serverKeyHash" - }, - "SCRAM-SHA-256": { - "iterationCount": 15000, - "salt": "def456", - "storedKey": "storedKeyHash256", - "serverKey": "serverKeyHash256" - } - } - }, - { - "_id": "test.user1", - "user": "user1", - "db": "test", - "roles": [ - { - "role": "readWrite", - "db": "test" - } - ], - "credentials": { - "SCRAM-SHA-1": { - "iterationCount": 10000, - "salt": "ghi789", - "storedKey": "storedKeyHashUser1", - "serverKey": "serverKeyHashUser1" - } - } - }, - { - "_id": "test.ldapUser", - "user": "ldapUser", - "db": "test", - "roles": [ - { - "role": "read", - "db": "test" - } - ], - "userSource": "ldap" - }, - { - "_id": "admin.x509User", - "user": "x509User", - "db": "$external", - "roles": [ - { - "role": "readWrite", - "db": "admin" - } - ], - "credentials": { - "MONGODB-X509": { - "subject": "CN=x509User,OU=OrgUnit,O=Org,L=City,ST=State,C=Country" - } - } - } -] -#+end_src diff --git a/databases/mysql/README.md b/databases/mysql/README.md new file mode 100644 index 0000000..cc05311 --- /dev/null +++ b/databases/mysql/README.md @@ -0,0 +1,173 @@ +# `mysql_admins.sql` + +``` sql +SELECT * FROM information_schema.user_privileges; +``` + + MySQL [(none)]> SELECT * FROM information_schema.user_privileges; + +--------------------------------+---------------+---------------------------------+--------------+ + | GRANTEE | TABLE_CATALOG | PRIVILEGE_TYPE | IS_GRANTABLE | + +--------------------------------+---------------+---------------------------------+--------------+ + | 'mysql.infoschema'@'localhost' | def | SELECT | NO | + | 'mysql.infoschema'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO | + | 'mysql.infoschema'@'localhost' | def | FIREWALL_EXEMPT | NO | + | 'mysql.infoschema'@'localhost' | def | SYSTEM_USER | NO | + | 'mysql.session'@'localhost' | def | SHUTDOWN | NO | + | 'mysql.session'@'localhost' | def | SUPER | NO | + | 'mysql.session'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO | + | 'mysql.session'@'localhost' | def | AUTHENTICATION_POLICY_ADMIN | NO | + | 'mysql.session'@'localhost' | def | BACKUP_ADMIN | NO | + | 'mysql.session'@'localhost' | def | CLONE_ADMIN | NO | + | 'mysql.session'@'localhost' | def | CONNECTION_ADMIN | NO | + | 'mysql.session'@'localhost' | def | FIREWALL_EXEMPT | NO | + | 'mysql.session'@'localhost' | def | PERSIST_RO_VARIABLES_ADMIN | NO | + | 'mysql.session'@'localhost' | def | SESSION_VARIABLES_ADMIN | NO | + | 'mysql.session'@'localhost' | def | SYSTEM_USER | NO | + | 'mysql.session'@'localhost' | def | SYSTEM_VARIABLES_ADMIN | NO | + | 'mysql.sys'@'localhost' | def | USAGE | NO | + | 'mysql.sys'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO | + | 'mysql.sys'@'localhost' | def | FIREWALL_EXEMPT | NO | + | 'mysql.sys'@'localhost' | def | SYSTEM_USER | NO | + | 'root'@'localhost' | def | SELECT | YES | + | 'root'@'localhost' | def | INSERT | YES | + | 'root'@'localhost' | def | UPDATE | YES | + | 'root'@'localhost' | def | DELETE | YES | + | 'root'@'localhost' | def | CREATE | YES | + | 'root'@'localhost' | def | DROP | YES | + | 'root'@'localhost' | def | RELOAD | YES | + | 'root'@'localhost' | def | SHUTDOWN | YES | + | 'root'@'localhost' | def | PROCESS | YES | + | 'root'@'localhost' | def | FILE | YES | + | 'root'@'localhost' | def | REFERENCES | YES | + | 'root'@'localhost' | def | INDEX | YES | + | 'root'@'localhost' | def | ALTER | YES | + | 'root'@'localhost' | def | SHOW DATABASES | YES | + | 'root'@'localhost' | def | SUPER | YES | + | 'root'@'localhost' | def | CREATE TEMPORARY TABLES | YES | + | 'root'@'localhost' | def | LOCK TABLES | YES | + | 'root'@'localhost' | def | EXECUTE | YES | + | 'root'@'localhost' | def | REPLICATION SLAVE | YES | + | 'root'@'localhost' | def | REPLICATION CLIENT | YES | + | 'root'@'localhost' | def | CREATE VIEW | YES | + | 'root'@'localhost' | def | SHOW VIEW | YES | + | 'root'@'localhost' | def | CREATE ROUTINE | YES | + | 'root'@'localhost' | def | ALTER ROUTINE | YES | + | 'root'@'localhost' | def | CREATE USER | YES | + | 'root'@'localhost' | def | EVENT | YES | + | 'root'@'localhost' | def | TRIGGER | YES | + | 'root'@'localhost' | def | CREATE TABLESPACE | YES | + | 'root'@'localhost' | def | CREATE ROLE | YES | + | 'root'@'localhost' | def | DROP ROLE | YES | + | 'root'@'localhost' | def | ALLOW_NONEXISTENT_DEFINER | YES | + | 'root'@'localhost' | def | APPLICATION_PASSWORD_ADMIN | YES | + | 'root'@'localhost' | def | AUDIT_ABORT_EXEMPT | YES | + | 'root'@'localhost' | def | AUDIT_ADMIN | YES | + | 'root'@'localhost' | def | AUTHENTICATION_POLICY_ADMIN | YES | + | 'root'@'localhost' | def | BACKUP_ADMIN | YES | + | 'root'@'localhost' | def | BINLOG_ADMIN | YES | + | 'root'@'localhost' | def | BINLOG_ENCRYPTION_ADMIN | YES | + | 'root'@'localhost' | def | CLONE_ADMIN | YES | + | 'root'@'localhost' | def | CONNECTION_ADMIN | YES | + | 'root'@'localhost' | def | CREATE_SPATIAL_REFERENCE_SYSTEM | YES | + | 'root'@'localhost' | def | ENCRYPTION_KEY_ADMIN | YES | + | 'root'@'localhost' | def | FIREWALL_EXEMPT | YES | + | 'root'@'localhost' | def | FLUSH_OPTIMIZER_COSTS | YES | + | 'root'@'localhost' | def | FLUSH_PRIVILEGES | YES | + | 'root'@'localhost' | def | FLUSH_STATUS | YES | + | 'root'@'localhost' | def | FLUSH_TABLES | YES | + | 'root'@'localhost' | def | FLUSH_USER_RESOURCES | YES | + | 'root'@'localhost' | def | GROUP_REPLICATION_ADMIN | YES | + | 'root'@'localhost' | def | GROUP_REPLICATION_STREAM | YES | + | 'root'@'localhost' | def | INNODB_REDO_LOG_ARCHIVE | YES | + | 'root'@'localhost' | def | INNODB_REDO_LOG_ENABLE | YES | + | 'root'@'localhost' | def | OPTIMIZE_LOCAL_TABLE | YES | + | 'root'@'localhost' | def | PASSWORDLESS_USER_ADMIN | YES | + | 'root'@'localhost' | def | PERSIST_RO_VARIABLES_ADMIN | YES | + | 'root'@'localhost' | def | REPLICATION_APPLIER | YES | + | 'root'@'localhost' | def | REPLICATION_SLAVE_ADMIN | YES | + | 'root'@'localhost' | def | RESOURCE_GROUP_ADMIN | YES | + | 'root'@'localhost' | def | RESOURCE_GROUP_USER | YES | + | 'root'@'localhost' | def | ROLE_ADMIN | YES | + | 'root'@'localhost' | def | SENSITIVE_VARIABLES_OBSERVER | YES | + | 'root'@'localhost' | def | SERVICE_CONNECTION_ADMIN | YES | + | 'root'@'localhost' | def | SESSION_VARIABLES_ADMIN | YES | + | 'root'@'localhost' | def | SET_ANY_DEFINER | YES | + | 'root'@'localhost' | def | SHOW_ROUTINE | YES | + | 'root'@'localhost' | def | SYSTEM_USER | YES | + | 'root'@'localhost' | def | SYSTEM_VARIABLES_ADMIN | YES | + | 'root'@'localhost' | def | TABLE_ENCRYPTION_ADMIN | YES | + | 'root'@'localhost' | def | TELEMETRY_LOG_ADMIN | YES | + | 'root'@'localhost' | def | TRANSACTION_GTID_TAG | YES | + | 'root'@'localhost' | def | XA_RECOVER_ADMIN | YES | + | 'cmc'@'%' | def | USAGE | NO | + +--------------------------------+---------------+---------------------------------+--------------+ + 92 rows in set (0.001 sec) + +# `passwords.sql` + +``` sql +SELECT user, host, plugin FROM mysql.user; +``` + + mysql> SELECT user, host, plugin FROM mysql.user; + +------------------+-----------+-----------------------+ + | user | host | plugin | + +------------------+-----------+-----------------------+ + | cmc | % | caching_sha2_password | + | mysql.infoschema | localhost | caching_sha2_password | + | mysql.session | localhost | caching_sha2_password | + | mysql.sys | localhost | caching_sha2_password | + | root | localhost | caching_sha2_password | + +------------------+-----------+-----------------------+ + 5 rows in set (0.001 sec) + +``` sql +SHOW GLOBAL VARIABLES LIKE 'validate_password%'; +SHOW VARIABLES LIKE 'validate_password%'; +``` + + mysql> SHOW GLOBAL VARIABLES LIKE 'validate_password%'; + +-------------------------------------------------+--------+ + | Variable_name | Value | + +-------------------------------------------------+--------+ + | validate_password.changed_characters_percentage | 0 | + | validate_password.check_user_name | ON | + | validate_password.dictionary_file | | + | validate_password.length | 8 | + | validate_password.mixed_case_count | 1 | + | validate_password.number_count | 1 | + | validate_password.policy | MEDIUM | + | validate_password.special_char_count | 1 | + +-------------------------------------------------+--------+ + 8 rows in set (0.004 sec) + + mysql> SHOW VARIABLES LIKE 'validate_password%'; + +-------------------------------------------------+--------+ + | Variable_name | Value | + +-------------------------------------------------+--------+ + | validate_password.changed_characters_percentage | 0 | + | validate_password.check_user_name | ON | + | validate_password.dictionary_file | | + | validate_password.length | 8 | + | validate_password.mixed_case_count | 1 | + | validate_password.number_count | 1 | + | validate_password.policy | MEDIUM | + | validate_password.special_char_count | 1 | + +-------------------------------------------------+--------+ + 8 rows in set (0.004 sec) + +``` sql +SELECT * FROM mysql.user +``` + + MySQL [(none)]> SELECT * FROM mysql.user; + +-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ + | Host | User | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | password_expired | password_last_changed | password_lifetime | account_locked | Create_role_priv | Drop_role_priv | Password_reuse_history | Password_reuse_time | Password_require_current | User_attributes | + +-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ + | % | cmc | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | | N | 2025-04-25 16:28:52 | NULL | N | N | N | NULL | NULL | NULL | NULL | + | localhost | mysql.infoschema | Y | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | + | localhost | mysql.session | N | N | N | N | N | N | N | Y | N | N | N | N | N | N | N | Y | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | + | localhost | mysql.sys | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | + | localhost | root | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | | N | 2025-04-25 15:51:53 | NULL | N | Y | Y | NULL | NULL | NULL | NULL | + +-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ + 5 rows in set (0.005 sec) diff --git a/databases/mysql/README.org b/databases/mysql/README.org deleted file mode 100644 index ce7c438..0000000 --- a/databases/mysql/README.org +++ /dev/null @@ -1,183 +0,0 @@ -#+title: MySQL - -* =mysql_admins.sql= - -#+begin_src sql -SELECT * FROM information_schema.user_privileges; -#+end_src - -#+begin_src -MySQL [(none)]> SELECT * FROM information_schema.user_privileges; -+--------------------------------+---------------+---------------------------------+--------------+ -| GRANTEE | TABLE_CATALOG | PRIVILEGE_TYPE | IS_GRANTABLE | -+--------------------------------+---------------+---------------------------------+--------------+ -| 'mysql.infoschema'@'localhost' | def | SELECT | NO | -| 'mysql.infoschema'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO | -| 'mysql.infoschema'@'localhost' | def | FIREWALL_EXEMPT | NO | -| 'mysql.infoschema'@'localhost' | def | SYSTEM_USER | NO | -| 'mysql.session'@'localhost' | def | SHUTDOWN | NO | -| 'mysql.session'@'localhost' | def | SUPER | NO | -| 'mysql.session'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO | -| 'mysql.session'@'localhost' | def | AUTHENTICATION_POLICY_ADMIN | NO | -| 'mysql.session'@'localhost' | def | BACKUP_ADMIN | NO | -| 'mysql.session'@'localhost' | def | CLONE_ADMIN | NO | -| 'mysql.session'@'localhost' | def | CONNECTION_ADMIN | NO | -| 'mysql.session'@'localhost' | def | FIREWALL_EXEMPT | NO | -| 'mysql.session'@'localhost' | def | PERSIST_RO_VARIABLES_ADMIN | NO | -| 'mysql.session'@'localhost' | def | SESSION_VARIABLES_ADMIN | NO | -| 'mysql.session'@'localhost' | def | SYSTEM_USER | NO | -| 'mysql.session'@'localhost' | def | SYSTEM_VARIABLES_ADMIN | NO | -| 'mysql.sys'@'localhost' | def | USAGE | NO | -| 'mysql.sys'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO | -| 'mysql.sys'@'localhost' | def | FIREWALL_EXEMPT | NO | -| 'mysql.sys'@'localhost' | def | SYSTEM_USER | NO | -| 'root'@'localhost' | def | SELECT | YES | -| 'root'@'localhost' | def | INSERT | YES | -| 'root'@'localhost' | def | UPDATE | YES | -| 'root'@'localhost' | def | DELETE | YES | -| 'root'@'localhost' | def | CREATE | YES | -| 'root'@'localhost' | def | DROP | YES | -| 'root'@'localhost' | def | RELOAD | YES | -| 'root'@'localhost' | def | SHUTDOWN | YES | -| 'root'@'localhost' | def | PROCESS | YES | -| 'root'@'localhost' | def | FILE | YES | -| 'root'@'localhost' | def | REFERENCES | YES | -| 'root'@'localhost' | def | INDEX | YES | -| 'root'@'localhost' | def | ALTER | YES | -| 'root'@'localhost' | def | SHOW DATABASES | YES | -| 'root'@'localhost' | def | SUPER | YES | -| 'root'@'localhost' | def | CREATE TEMPORARY TABLES | YES | -| 'root'@'localhost' | def | LOCK TABLES | YES | -| 'root'@'localhost' | def | EXECUTE | YES | -| 'root'@'localhost' | def | REPLICATION SLAVE | YES | -| 'root'@'localhost' | def | REPLICATION CLIENT | YES | -| 'root'@'localhost' | def | CREATE VIEW | YES | -| 'root'@'localhost' | def | SHOW VIEW | YES | -| 'root'@'localhost' | def | CREATE ROUTINE | YES | -| 'root'@'localhost' | def | ALTER ROUTINE | YES | -| 'root'@'localhost' | def | CREATE USER | YES | -| 'root'@'localhost' | def | EVENT | YES | -| 'root'@'localhost' | def | TRIGGER | YES | -| 'root'@'localhost' | def | CREATE TABLESPACE | YES | -| 'root'@'localhost' | def | CREATE ROLE | YES | -| 'root'@'localhost' | def | DROP ROLE | YES | -| 'root'@'localhost' | def | ALLOW_NONEXISTENT_DEFINER | YES | -| 'root'@'localhost' | def | APPLICATION_PASSWORD_ADMIN | YES | -| 'root'@'localhost' | def | AUDIT_ABORT_EXEMPT | YES | -| 'root'@'localhost' | def | AUDIT_ADMIN | YES | -| 'root'@'localhost' | def | AUTHENTICATION_POLICY_ADMIN | YES | -| 'root'@'localhost' | def | BACKUP_ADMIN | YES | -| 'root'@'localhost' | def | BINLOG_ADMIN | YES | -| 'root'@'localhost' | def | BINLOG_ENCRYPTION_ADMIN | YES | -| 'root'@'localhost' | def | CLONE_ADMIN | YES | -| 'root'@'localhost' | def | CONNECTION_ADMIN | YES | -| 'root'@'localhost' | def | CREATE_SPATIAL_REFERENCE_SYSTEM | YES | -| 'root'@'localhost' | def | ENCRYPTION_KEY_ADMIN | YES | -| 'root'@'localhost' | def | FIREWALL_EXEMPT | YES | -| 'root'@'localhost' | def | FLUSH_OPTIMIZER_COSTS | YES | -| 'root'@'localhost' | def | FLUSH_PRIVILEGES | YES | -| 'root'@'localhost' | def | FLUSH_STATUS | YES | -| 'root'@'localhost' | def | FLUSH_TABLES | YES | -| 'root'@'localhost' | def | FLUSH_USER_RESOURCES | YES | -| 'root'@'localhost' | def | GROUP_REPLICATION_ADMIN | YES | -| 'root'@'localhost' | def | GROUP_REPLICATION_STREAM | YES | -| 'root'@'localhost' | def | INNODB_REDO_LOG_ARCHIVE | YES | -| 'root'@'localhost' | def | INNODB_REDO_LOG_ENABLE | YES | -| 'root'@'localhost' | def | OPTIMIZE_LOCAL_TABLE | YES | -| 'root'@'localhost' | def | PASSWORDLESS_USER_ADMIN | YES | -| 'root'@'localhost' | def | PERSIST_RO_VARIABLES_ADMIN | YES | -| 'root'@'localhost' | def | REPLICATION_APPLIER | YES | -| 'root'@'localhost' | def | REPLICATION_SLAVE_ADMIN | YES | -| 'root'@'localhost' | def | RESOURCE_GROUP_ADMIN | YES | -| 'root'@'localhost' | def | RESOURCE_GROUP_USER | YES | -| 'root'@'localhost' | def | ROLE_ADMIN | YES | -| 'root'@'localhost' | def | SENSITIVE_VARIABLES_OBSERVER | YES | -| 'root'@'localhost' | def | SERVICE_CONNECTION_ADMIN | YES | -| 'root'@'localhost' | def | SESSION_VARIABLES_ADMIN | YES | -| 'root'@'localhost' | def | SET_ANY_DEFINER | YES | -| 'root'@'localhost' | def | SHOW_ROUTINE | YES | -| 'root'@'localhost' | def | SYSTEM_USER | YES | -| 'root'@'localhost' | def | SYSTEM_VARIABLES_ADMIN | YES | -| 'root'@'localhost' | def | TABLE_ENCRYPTION_ADMIN | YES | -| 'root'@'localhost' | def | TELEMETRY_LOG_ADMIN | YES | -| 'root'@'localhost' | def | TRANSACTION_GTID_TAG | YES | -| 'root'@'localhost' | def | XA_RECOVER_ADMIN | YES | -| 'cmc'@'%' | def | USAGE | NO | -+--------------------------------+---------------+---------------------------------+--------------+ -92 rows in set (0.001 sec) -#+end_src - -* =passwords.sql= - -#+begin_src sql -SELECT user, host, plugin FROM mysql.user; -#+end_src - -#+begin_src -mysql> SELECT user, host, plugin FROM mysql.user; -+------------------+-----------+-----------------------+ -| user | host | plugin | -+------------------+-----------+-----------------------+ -| cmc | % | caching_sha2_password | -| mysql.infoschema | localhost | caching_sha2_password | -| mysql.session | localhost | caching_sha2_password | -| mysql.sys | localhost | caching_sha2_password | -| root | localhost | caching_sha2_password | -+------------------+-----------+-----------------------+ -5 rows in set (0.001 sec) -#+end_src - -#+begin_src sql -SHOW GLOBAL VARIABLES LIKE 'validate_password%'; -SHOW VARIABLES LIKE 'validate_password%'; -#+end_src - -#+begin_src -mysql> SHOW GLOBAL VARIABLES LIKE 'validate_password%'; -+-------------------------------------------------+--------+ -| Variable_name | Value | -+-------------------------------------------------+--------+ -| validate_password.changed_characters_percentage | 0 | -| validate_password.check_user_name | ON | -| validate_password.dictionary_file | | -| validate_password.length | 8 | -| validate_password.mixed_case_count | 1 | -| validate_password.number_count | 1 | -| validate_password.policy | MEDIUM | -| validate_password.special_char_count | 1 | -+-------------------------------------------------+--------+ -8 rows in set (0.004 sec) - -mysql> SHOW VARIABLES LIKE 'validate_password%'; -+-------------------------------------------------+--------+ -| Variable_name | Value | -+-------------------------------------------------+--------+ -| validate_password.changed_characters_percentage | 0 | -| validate_password.check_user_name | ON | -| validate_password.dictionary_file | | -| validate_password.length | 8 | -| validate_password.mixed_case_count | 1 | -| validate_password.number_count | 1 | -| validate_password.policy | MEDIUM | -| validate_password.special_char_count | 1 | -+-------------------------------------------------+--------+ -8 rows in set (0.004 sec) -#+end_src - -#+begin_src sql -SELECT * FROM mysql.user -#+end_src - -#+begin_src -MySQL [(none)]> SELECT * FROM mysql.user; -+-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ -| Host | User | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | password_expired | password_last_changed | password_lifetime | account_locked | Create_role_priv | Drop_role_priv | Password_reuse_history | Password_reuse_time | Password_require_current | User_attributes | -+-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ -| % | cmc | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | | N | 2025-04-25 16:28:52 | NULL | N | N | N | NULL | NULL | NULL | NULL | -| localhost | mysql.infoschema | Y | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | -| localhost | mysql.session | N | N | N | N | N | N | N | Y | N | N | N | N | N | N | N | Y | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | -| localhost | mysql.sys | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | -| localhost | root | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | | N | 2025-04-25 15:51:53 | NULL | N | Y | Y | NULL | NULL | NULL | NULL | -+-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ -5 rows in set (0.005 sec) -#+end_src diff --git a/databases/oracle/README.md b/databases/oracle/README.md new file mode 100644 index 0000000..3afa2e7 --- /dev/null +++ b/databases/oracle/README.md @@ -0,0 +1,81 @@ +# `oracle_admins.sql` + +``` sql +SELECT + grantee AS "User", + privilege AS "Privilege" +FROM + dba_sys_privs +WHERE + grantee IN (SELECT DISTINCT grantee FROM dba_sys_privs) +UNION ALL +SELECT + grantee AS "User", + privilege AS "Privilege" +FROM + dba_tab_privs +WHERE + grantee IN (SELECT DISTINCT grantee FROM dba_tab_privs); +``` + +``` text +| User | Privilege | +|----------+---------------------| +| SCOTT | CREATE SESSION | +| SCOTT | CREATE TABLE | +| SCOTT | SELECT | +| SCOTT | INSERT | +| HR | CREATE SESSION | +| HR | SELECT | +| HR | INSERT | +| HR | UPDATE | +| SYS | CREATE USER | +| SYS | GRANT ANY PRIVILEGE | +| SYS | DROP USER | +| SYSTEM | CREATE TABLESPACE | +| SYSTEM | CREATE USER | +| SYSTEM | ALTER USER | +| SYSTEM | DROP USER | +| APP_USER | SELECT ON EMPLOYEES | +| APP_USER | INSERT ON EMPLOYEES | +| APP_USER | UPDATE ON EMPLOYEES | +``` + +# `oracle_admins_alt.sql` + +``` sql +SELECT ** FROM sys.dba_role_privs; +SELECT ** FROM sys.dba_sys_privs; +SELECT ** FROM sys.dba_tab_privs; +SELECT ** FROM sys.dba_users; +``` + +``` text +| Grantee | Granted_Role | Admin_Option | +|----------+--------------+--------------| +| SCOTT | DBA | NO | +| HR | RESOURCE | YES | +| APP_USER | DATA_ANALYST | NO | + +| Grantee | Privilege | +|---------+---------------------| +| SCOTT | CREATE SESSION | +| HR | CREATE TABLE | +| SYS | GRANT ANY PRIVILEGE | +| SYSTEM | CREATE USER | + +| Grantee | Table_Name | Privilege | +|----------+-------------+-----------| +| SCOTT | EMPLOYEES | SELECT | +| SCOTT | EMPLOYEES | INSERT | +| HR | DEPARTMENTS | SELECT | +| APP_USER | EMPLOYEES | UPDATE | + +| Username | Account_Status | Default_Tablespace | Temporary_Tablespace | +|----------+----------------+--------------------+----------------------| +| SCOTT | OPEN | USERS | TEMP | +| HR | OPEN | USERS | TEMP | +| SYS | OPEN | SYSTEM | TEMP | +| SYSTEM | OPEN | SYSTEM | TEMP | +| APP_USER | OPEN | USERS | TEMP | +``` diff --git a/databases/oracle/README.org b/databases/oracle/README.org deleted file mode 100644 index f2bc680..0000000 --- a/databases/oracle/README.org +++ /dev/null @@ -1,81 +0,0 @@ -* =oracle_admins.sql= - -#+begin_src sql -SELECT - grantee AS "User", - privilege AS "Privilege" -FROM - dba_sys_privs -WHERE - grantee IN (SELECT DISTINCT grantee FROM dba_sys_privs) -UNION ALL -SELECT - grantee AS "User", - privilege AS "Privilege" -FROM - dba_tab_privs -WHERE - grantee IN (SELECT DISTINCT grantee FROM dba_tab_privs); -#+end_src - -#+begin_src text -| User | Privilege | -|----------+---------------------| -| SCOTT | CREATE SESSION | -| SCOTT | CREATE TABLE | -| SCOTT | SELECT | -| SCOTT | INSERT | -| HR | CREATE SESSION | -| HR | SELECT | -| HR | INSERT | -| HR | UPDATE | -| SYS | CREATE USER | -| SYS | GRANT ANY PRIVILEGE | -| SYS | DROP USER | -| SYSTEM | CREATE TABLESPACE | -| SYSTEM | CREATE USER | -| SYSTEM | ALTER USER | -| SYSTEM | DROP USER | -| APP_USER | SELECT ON EMPLOYEES | -| APP_USER | INSERT ON EMPLOYEES | -| APP_USER | UPDATE ON EMPLOYEES | -#+end_src - -* =oracle_admins_alt.sql= - -#+begin_src sql -SELECT ** FROM sys.dba_role_privs; -SELECT ** FROM sys.dba_sys_privs; -SELECT ** FROM sys.dba_tab_privs; -SELECT ** FROM sys.dba_users; -#+end_src - -#+begin_src text -| Grantee | Granted_Role | Admin_Option | -|----------+--------------+--------------| -| SCOTT | DBA | NO | -| HR | RESOURCE | YES | -| APP_USER | DATA_ANALYST | NO | - -| Grantee | Privilege | -|---------+---------------------| -| SCOTT | CREATE SESSION | -| HR | CREATE TABLE | -| SYS | GRANT ANY PRIVILEGE | -| SYSTEM | CREATE USER | - -| Grantee | Table_Name | Privilege | -|----------+-------------+-----------| -| SCOTT | EMPLOYEES | SELECT | -| SCOTT | EMPLOYEES | INSERT | -| HR | DEPARTMENTS | SELECT | -| APP_USER | EMPLOYEES | UPDATE | - -| Username | Account_Status | Default_Tablespace | Temporary_Tablespace | -|----------+----------------+--------------------+----------------------| -| SCOTT | OPEN | USERS | TEMP | -| HR | OPEN | USERS | TEMP | -| SYS | OPEN | SYSTEM | TEMP | -| SYSTEM | OPEN | SYSTEM | TEMP | -| APP_USER | OPEN | USERS | TEMP | -#+end_src diff --git a/databases/postgres/README.md b/databases/postgres/README.md new file mode 100644 index 0000000..0e4f0fc --- /dev/null +++ b/databases/postgres/README.md @@ -0,0 +1,67 @@ +# `passwords.sql` + +``` sql +SELECT * +FROM pg_settings +WHERE name LIKE 'password_%'; +``` + + | name | setting | unit | category | short_desc | extra_desc | context | vartype | source | min_val | max_val | enumvals | boot_val | reset_val | sourcefile | sourceline | pending_restart | + |---------------------+---------------+------+-------------------------------------------------+-------------------------------------------------+------------+---------+---------+---------+---------+---------+---------------------+---------------+---------------+------------+------------+-----------------| + | password_encryption | scram-sha-256 | | Connections and Authentication / Authentication | Chooses the algorithm for encrypting passwords. | | user | enum | default | | | {md5,scram-sha-256} | scram-sha-256 | scram-sha-256 | | | false | + +``` sql +SELECT + usename AS user_name, + passwd AS password, + valuntil AS valid_until, + useconfig AS user_config +FROM pg_shadow; +``` + + | user_name | password | valid_until | user_config | + |-----------+---------------------------------------------------------------------------------------------------------------------------------------+------------------------+-------------| + | cmc | | | | + | testuser | SCRAM-SHA-256$4096:+NSpEU+8afhJ4BUTkzdKeg==$FGIRcTWr89b42qkLUl4Ntfp4RUpoc3GIpLHqJl/fWZE=:o1UM8YiEj5SLV5l/geMuqXMRi6onWazryn/l+LXYMxU= | 2025-12-31 00:00:00-06 | | + +# `admins.sql` + +``` sql +SELECT + r.rolname AS role_name, + r.rolsuper AS is_superuser, + r.rolinherit AS inherits_privileges, + r.rolcreaterole AS can_create_roles, + r.rolcreatedb AS can_create_db, + r.rolcanlogin AS can_login, + r.rolreplication AS can_replication, + r.rolconnlimit AS connection_limit, + r.rolvaliduntil AS valid_until, + ARRAY( + SELECT b.rolname + FROM pg_auth_members m + JOIN pg_roles b ON (m.roleid = b.oid) + WHERE m.member = r.oid + ) AS member_of +FROM pg_roles r; +``` + + | role_name | is_superuser | inherits_privileges | can_create_roles | can_create_db | can_login | can_replication | connection_limit | valid_until | member_of | + |-----------------------------+--------------+---------------------+------------------+---------------+-----------+-----------------+------------------+------------------------+--------------------------------------------------------------| + | cmc | true | true | true | true | true | true | -1 | | {} | + | pg_database_owner | false | true | false | false | false | false | -1 | | {} | + | pg_read_all_data | false | true | false | false | false | false | -1 | | {} | + | pg_write_all_data | false | true | false | false | false | false | -1 | | {} | + | pg_monitor | false | true | false | false | false | false | -1 | | {pg_read_all_settings,pg_read_all_stats,pg_stat_scan_tables} | + | pg_read_all_settings | false | true | false | false | false | false | -1 | | {} | + | pg_read_all_stats | false | true | false | false | false | false | -1 | | {} | + | pg_stat_scan_tables | false | true | false | false | false | false | -1 | | {} | + | pg_read_server_files | false | true | false | false | false | false | -1 | | {} | + | pg_write_server_files | false | true | false | false | false | false | -1 | | {} | + | pg_execute_server_program | false | true | false | false | false | false | -1 | | {} | + | pg_signal_backend | false | true | false | false | false | false | -1 | | {} | + | pg_checkpoint | false | true | false | false | false | false | -1 | | {} | + | pg_maintain | false | true | false | false | false | false | -1 | | {} | + | pg_use_reserved_connections | false | true | false | false | false | false | -1 | | {} | + | pg_create_subscription | false | true | false | false | false | false | -1 | | {} | + | testuser | false | true | false | false | true | false | -1 | 2025-12-31 00:00:00-06 | {} | diff --git a/databases/postgres/README.org b/databases/postgres/README.org deleted file mode 100644 index e7cd062..0000000 --- a/databases/postgres/README.org +++ /dev/null @@ -1,75 +0,0 @@ -#+title: Postgres - -* =passwords.sql= - -#+begin_src sql -SELECT * -FROM pg_settings -WHERE name LIKE 'password_%'; -#+end_src - -#+begin_src -| name | setting | unit | category | short_desc | extra_desc | context | vartype | source | min_val | max_val | enumvals | boot_val | reset_val | sourcefile | sourceline | pending_restart | -|---------------------+---------------+------+-------------------------------------------------+-------------------------------------------------+------------+---------+---------+---------+---------+---------+---------------------+---------------+---------------+------------+------------+-----------------| -| password_encryption | scram-sha-256 | | Connections and Authentication / Authentication | Chooses the algorithm for encrypting passwords. | | user | enum | default | | | {md5,scram-sha-256} | scram-sha-256 | scram-sha-256 | | | false | -#+end_src - -#+begin_src sql -SELECT - usename AS user_name, - passwd AS password, - valuntil AS valid_until, - useconfig AS user_config -FROM pg_shadow; -#+end_src - -#+begin_src -| user_name | password | valid_until | user_config | -|-----------+---------------------------------------------------------------------------------------------------------------------------------------+------------------------+-------------| -| cmc | | | | -| testuser | SCRAM-SHA-256$4096:+NSpEU+8afhJ4BUTkzdKeg==$FGIRcTWr89b42qkLUl4Ntfp4RUpoc3GIpLHqJl/fWZE=:o1UM8YiEj5SLV5l/geMuqXMRi6onWazryn/l+LXYMxU= | 2025-12-31 00:00:00-06 | | -#+end_src - -* =admins.sql= - -#+begin_src sql -SELECT - r.rolname AS role_name, - r.rolsuper AS is_superuser, - r.rolinherit AS inherits_privileges, - r.rolcreaterole AS can_create_roles, - r.rolcreatedb AS can_create_db, - r.rolcanlogin AS can_login, - r.rolreplication AS can_replication, - r.rolconnlimit AS connection_limit, - r.rolvaliduntil AS valid_until, - ARRAY( - SELECT b.rolname - FROM pg_auth_members m - JOIN pg_roles b ON (m.roleid = b.oid) - WHERE m.member = r.oid - ) AS member_of -FROM pg_roles r; -#+end_src - -#+begin_src -| role_name | is_superuser | inherits_privileges | can_create_roles | can_create_db | can_login | can_replication | connection_limit | valid_until | member_of | -|-----------------------------+--------------+---------------------+------------------+---------------+-----------+-----------------+------------------+------------------------+--------------------------------------------------------------| -| cmc | true | true | true | true | true | true | -1 | | {} | -| pg_database_owner | false | true | false | false | false | false | -1 | | {} | -| pg_read_all_data | false | true | false | false | false | false | -1 | | {} | -| pg_write_all_data | false | true | false | false | false | false | -1 | | {} | -| pg_monitor | false | true | false | false | false | false | -1 | | {pg_read_all_settings,pg_read_all_stats,pg_stat_scan_tables} | -| pg_read_all_settings | false | true | false | false | false | false | -1 | | {} | -| pg_read_all_stats | false | true | false | false | false | false | -1 | | {} | -| pg_stat_scan_tables | false | true | false | false | false | false | -1 | | {} | -| pg_read_server_files | false | true | false | false | false | false | -1 | | {} | -| pg_write_server_files | false | true | false | false | false | false | -1 | | {} | -| pg_execute_server_program | false | true | false | false | false | false | -1 | | {} | -| pg_signal_backend | false | true | false | false | false | false | -1 | | {} | -| pg_checkpoint | false | true | false | false | false | false | -1 | | {} | -| pg_maintain | false | true | false | false | false | false | -1 | | {} | -| pg_use_reserved_connections | false | true | false | false | false | false | -1 | | {} | -| pg_create_subscription | false | true | false | false | false | false | -1 | | {} | -| testuser | false | true | false | false | true | false | -1 | 2025-12-31 00:00:00-06 | {} | -#+end_src diff --git a/databases/sql/README.md b/databases/sql/README.md new file mode 100644 index 0000000..3abfa39 --- /dev/null +++ b/databases/sql/README.md @@ -0,0 +1,36 @@ +# `admins.sql` + +``` sql +:r admins.sql +``` + +``` text +| UserName | UserType | DatabaseUserName | Role | PermissionType | PermissionState | ObjectType | ObjectName | ColumnName | +|-------------+--------------+------------------+-----------------+----------------+-----------------+----------------------+--------------------+------------| +| SCOTT | SQL User | SCOTT | NULL | SELECT | GRANT | USER_TABLE | EMPLOYEES | NULL | +| SCOTT | SQL User | SCOTT | NULL | INSERT | GRANT | USER_TABLE | EMPLOYEES | NULL | +| HR | SQL User | HR | NULL | EXECUTE | GRANT | SQL_STORED_PROCEDURE | SP_GET_EMPLOYEE | NULL | +| APP_USER | Windows User | APP_USER | ApplicationRole | SELECT | GRANT | VIEW | vw_EmployeeDetails | NULL | +| APP_USER | Windows User | APP_USER | ApplicationRole | INSERT | GRANT | USER_TABLE | EMPLOYEES | NULL | +| {All Users} | {All Users} | {All Users} | public | SELECT | GRANT | USER_TABLE | EMPLOYEES | NULL | +| {All Users} | {All Users} | {All Users} | public | EXECUTE | GRANT | SQL_STORED_PROCEDURE | SP_GET_EMPLOYEE | NULL | +``` + +# `passwords.py` + +``` shell +python passwords.py +``` + +``` text +| Name | Type | Check Policy | Check Expiration | Reason | +|-------+-----------+--------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------| +| user1 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | +| user2 | SQL_LOGIN | FAIL | FAIL | Password policy is not enforced. Password expiration is not enforced. | +| user3 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | +| user4 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | +| user5 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | +| user6 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | +| user7 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | +| user8 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | +``` diff --git a/databases/sql/README.org b/databases/sql/README.org deleted file mode 100644 index 82b8911..0000000 --- a/databases/sql/README.org +++ /dev/null @@ -1,36 +0,0 @@ -* =admins.sql= - -#+begin_src sql -:r admins.sql -#+end_src - -#+begin_src text -| UserName | UserType | DatabaseUserName | Role | PermissionType | PermissionState | ObjectType | ObjectName | ColumnName | -|-------------+--------------+------------------+-----------------+----------------+-----------------+----------------------+--------------------+------------| -| SCOTT | SQL User | SCOTT | NULL | SELECT | GRANT | USER_TABLE | EMPLOYEES | NULL | -| SCOTT | SQL User | SCOTT | NULL | INSERT | GRANT | USER_TABLE | EMPLOYEES | NULL | -| HR | SQL User | HR | NULL | EXECUTE | GRANT | SQL_STORED_PROCEDURE | SP_GET_EMPLOYEE | NULL | -| APP_USER | Windows User | APP_USER | ApplicationRole | SELECT | GRANT | VIEW | vw_EmployeeDetails | NULL | -| APP_USER | Windows User | APP_USER | ApplicationRole | INSERT | GRANT | USER_TABLE | EMPLOYEES | NULL | -| {All Users} | {All Users} | {All Users} | public | SELECT | GRANT | USER_TABLE | EMPLOYEES | NULL | -| {All Users} | {All Users} | {All Users} | public | EXECUTE | GRANT | SQL_STORED_PROCEDURE | SP_GET_EMPLOYEE | NULL | -#+end_src - -* =passwords.py= - -#+begin_src shell -python passwords.py -#+end_src - -#+begin_src text -| Name | Type | Check Policy | Check Expiration | Reason | -|-------+-----------+--------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------| -| user1 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | -| user2 | SQL_LOGIN | FAIL | FAIL | Password policy is not enforced. Password expiration is not enforced. | -| user3 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | -| user4 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | -| user5 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | -| user6 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | -| user7 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | -| user8 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | -#+end_src diff --git a/os/linux/README.md b/os/linux/README.md new file mode 100644 index 0000000..c7578eb --- /dev/null +++ b/os/linux/README.md @@ -0,0 +1,56 @@ +# `report/linux.sh` + +``` shell +./report/linux.sh +``` + + _ ___ _ _ _ ___ __ ___ ____ ____ _____ ____ ___ ____ _____ + | | |_ _| \ | | | | \ \/ / / _ \/ ___| | _ \| ____| _ \ / _ \| _ \_ _| + | | | || \| | | | |\ / | | | \___ \ | |_) | _| | |_) | | | | |_) || | + | |___ | || |\ | |_| |/ \ | |_| |___) | | _ <| |___| __/| |_| | _ < | | + |_____|___|_| \_|\___//_/\_\ \___/|____/ |_| \_\_____|_| \___/|_| \_\|_| + + + + ========================================== + # SECTION 00: Script Info + ========================================== + Execution Date and Time: Wed May 7 11:35:52 AM CDT 2025 + Script Name: ./linux.sh + User Running the Script: root (called by: cmc) + + + + ========================================== + # SECTION 01: System Info + ========================================== + ## Hostname + hera + ## Kernel Version + 6.14.4-400.asahi.fc42.aarch64+16k + ## os-release + NAME="Fedora Linux Asahi Remix" + VERSION="42 (Forty Two [Adams])" + RELEASE_TYPE=stable + ID=fedora-asahi-remix + ID_LIKE=fedora + +# `ssh_root_login.sh` + +``` shell +./ssh_root_login.sh +``` + + PermitRootLogin no + +# `passwords.sh` + +``` shell +./passwords.sh +``` + + Starting analysis of authentication and login parameters... + Checking /etc/pam.d/system-auth for password parameters... + /etc/pam.d/system-auth file not found. + Analyzing /etc/login.defs... + Contents of /etc/login.defs: diff --git a/os/linux/README.org b/os/linux/README.org deleted file mode 100644 index 67f8169..0000000 --- a/os/linux/README.org +++ /dev/null @@ -1,64 +0,0 @@ -#+title: Linux - -* =report/linux.sh= - -#+begin_src shell -./report/linux.sh -#+end_src - -#+begin_src -_ ___ _ _ _ ___ __ ___ ____ ____ _____ ____ ___ ____ _____ -| | |_ _| \ | | | | \ \/ / / _ \/ ___| | _ \| ____| _ \ / _ \| _ \_ _| -| | | || \| | | | |\ / | | | \___ \ | |_) | _| | |_) | | | | |_) || | -| |___ | || |\ | |_| |/ \ | |_| |___) | | _ <| |___| __/| |_| | _ < | | -|_____|___|_| \_|\___//_/\_\ \___/|____/ |_| \_\_____|_| \___/|_| \_\|_| - - - -========================================== -# SECTION 00: Script Info -========================================== -Execution Date and Time: Wed May 7 11:35:52 AM CDT 2025 -Script Name: ./linux.sh -User Running the Script: root (called by: cmc) - - - -========================================== -# SECTION 01: System Info -========================================== -## Hostname -hera -## Kernel Version -6.14.4-400.asahi.fc42.aarch64+16k -## os-release -NAME="Fedora Linux Asahi Remix" -VERSION="42 (Forty Two [Adams])" -RELEASE_TYPE=stable -ID=fedora-asahi-remix -ID_LIKE=fedora -#+end_src - -* =ssh_root_login.sh= - -#+begin_src shell -./ssh_root_login.sh -#+end_src - -#+begin_src -PermitRootLogin no -#+end_src - -* =passwords.sh= - -#+begin_src shell -./passwords.sh -#+end_src - -#+begin_src -Starting analysis of authentication and login parameters... -Checking /etc/pam.d/system-auth for password parameters... -/etc/pam.d/system-auth file not found. -Analyzing /etc/login.defs... -Contents of /etc/login.defs: -#+end_src diff --git a/sampling/README.md b/sampling/README.md new file mode 100644 index 0000000..005424a --- /dev/null +++ b/sampling/README.md @@ -0,0 +1,31 @@ +# `sample.py` + +``` bash +python ./sample.py +``` + +``` text +Dataframe size (rows, columns): (100, 9) +Sample size: 5 +Sample: + Index Organization Id ... Industry Number of employees +79 80 cBa7EFe5D05Adaf ... Online Publishing 7805 +97 98 E7df80C60Abd7f9 ... Broadcast Media 236 +3 4 2bFC1Be8a4ce42f ... Automotive 921 +42 43 A2D89Ab9bCcAd4e ... Capital Markets / Hedge Fund / Private Equity 3816 +70 71 32BB9Ff4d939788 ... Wireless 6146 + +[5 rows x 9 columns] +``` + +# `sample.html` + +This is an interactive web page that allows users to submit their +population size, sample size(s), and generate a psuedo-random sample +list of numbers to use when sampling against their population. + +Samples can be re-generated and validated using the seed numbers +provided during the original generation. + +*sample-html.png* diff --git a/sampling/README.org b/sampling/README.org deleted file mode 100644 index 6307ed1..0000000 --- a/sampling/README.org +++ /dev/null @@ -1,32 +0,0 @@ -#+title: Sampling Tools - -* =sample.py= - -#+begin_src sh -python ./sample.py -#+end_src - -#+begin_src text -Dataframe size (rows, columns): (100, 9) -Sample size: 5 -Sample: - Index Organization Id ... Industry Number of employees -79 80 cBa7EFe5D05Adaf ... Online Publishing 7805 -97 98 E7df80C60Abd7f9 ... Broadcast Media 236 -3 4 2bFC1Be8a4ce42f ... Automotive 921 -42 43 A2D89Ab9bCcAd4e ... Capital Markets / Hedge Fund / Private Equity 3816 -70 71 32BB9Ff4d939788 ... Wireless 6146 - -[5 rows x 9 columns] -#+end_src - -* =sample.html= - -This is an interactive web page that allows users to submit their population -size, sample size(s), and generate a psuedo-random sample list of numbers to use -when sampling against their population. - -Samples can be re-generated and validated using the seed numbers provided during -the original generation. - -[[sample-html.png]] -- cgit v1.2.3-70-g09d2