You are hereBlogs / sean's blog / Unix auditing, password and ssh key strength

Unix auditing, password and ssh key strength

By sean - Posted on 01 November 2008

I had a project this week to audit 50 Linux/Unix systems, so after making some improvements to the scripts I re-wrote the documention for my auditing scripts: see http://sean.boran.com/audit

It was required to also check SSH private key files and list those that had no passphrases. A search of the net found two solutions, when were added to the audit SVN respository above.

Trivial Unix passwwords also had to be investigated, the old favourite 'john'  http://www.openwall.com/john still works really well (compiled with 'generic' on Suse11/i386).

Tags

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
I've now created a Google
Submitted by sean on Fri, 11/21/2008 - 17:07.

I've now created a Google Code project for these scripts:
 http://code.google.com/p/lusas/

So SVN, wiki, issue tracker etc. are all there!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.