lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: msconzo at tamu.edu (Michael Sconzo)
Subject: Vulnerability Scans

There is a really nice tool, that works quite well on various Unix flavors.
It was originally released by Texas A&M University, and is now
maintained over at http://savannah.nongnu.org/projects/tiger

I would suggest looking at some of their checks, as well as seeing
how they are done for unix.

As for windows I have a bit less knowledge about..but the MSBA is
seems to work reasonably well for the basics.

Hope this provides some good starting points.

-=Mike

On Tue, Dec 02, 2003 at 01:28:05PM -0700, Robert Raver wrote:
> Hey,
> 
>  
> 
> I am doing a report on vulnerability scans and what should be included in
> it.  I came up with a list of what I think should be included in a scan for
> in different operating systems.  Wondering if you guys could direct me to
> pages that can inform me or give me your ideas.  Below is the lists I
> created.  This is for a scan on a single machine and is mostly targeted
> towards Unix/Linux machines.  Let me know.
> 
>  
> 
>             This section lists the Unix system security criteria:
> 
> 1.      /etc/passwd not world-writable
> 
> 2.      No unnecessary services running
> 
> 3.      FTP directory not writable by user anonymous
> 
> 4.      NFS not configured to be world-writable
> 
> 5.      Passwords not crackable by dictionary attack
> 
> 6.      .
> 
> 7.      .
> 
>  
> 
> 
> 1.1.1   Windows System Security Criteria
> 
> 
>             This section lists the Windows system security criteria:
> 
> 1.      guest account disabled
> 
> 2.      No unnecessary services running
> 
> 3.      System patched with most recent applicable hot fixes
> 
> 4.      Passwords not crackable by dictionary attack
> 
>  
> 
> I have also included a port/services scan using nessus and the SANS Top 20
> list.
> 
>  
> 
>  
> 
> Thanks,
> 
> Robert Raver
> 
>  
> 

-- 
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
        But let your communication be Yea, yea; nay, nay: for
        whatsoever is more than these cometh of evil.
                -- Matthew 5:37

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ