Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Novell utility for Audit report??

Status
Not open for further replies.
kuzkuz

kuzkuz

IS-IT--Management
Joined
Oct 8, 2002
Messages
49
Location
US
Hi,

I need to prepre to an Audit :( and I need to create a report of all users and their privileges on my Novell 5 server.

is there a utility I can download who would gather this data from novell, and create reports?

if I would not find something like I would:
1. start to cry :(
2. open a start-up for it :)

please help

KuzKuz

Hey, make your did for today!
help a Newbie! (That's me :D)
 
Sort by date Sort by votes
SECURITY.EXE equivalent information in NetWare 4.x and 5.x - TID10024879 (last modified 09OCT2002)





Click here if this does not solve your problem


Reader Rating from 5 ratings





10024879 10024879 10024879 goal


SECURITY.EXE equivalent information in NetWare 4.x and 5.x




fix


The following is a batch file to collect administration information on security issues on a server and tree. This is meant to be similar information that was obtained from the SECURITY.EXE utility that shipped with netware 3.x and was found in the SYS:SYSTEM directory.

The following information was returned from the security utility: Accounts with password expired, No full name, No password, Account disabled, Last login older then 3 weeks, Security equal to supervisor, Supervisor rights to file system.

How to show users that have no password expiration date.
How to show expired dates on passwords before a certain date.
How to show users with No Full name.
How to show users that had require a password set to YES at some point and it was changed to NO
How to show users that were created and had no password required.
How to show users where the account disabled was never created.
How to show users that have their account disabled whether NO or YES
How to show user account expiration dates before a certain date.
How to show user accounts that have an expiration date and the dates.
How to show user accounts that have never logged in.
How to show users accounts that have not logged in since a certain date.
How to show any user that has a security equal to the admin (Other objects that can give users full rights and are useful to check are [root] and containers and server object and volume objects etc.)
How to list all explicit ACL trustees, (requires you to look in text for supervisor or write rights.)
How to find explicit file system granted Trustee rights

The following commands will collect this information, login as admin and CX to [ROOT] and use the /S command to get more then current container.
NLIST User SHOW "Date Password Expires" ;This will show user that have no password expiration date.
NLIST User WHERE "Date Password Expires" LT 01/10/2000 ;This shows passwords expired dates before 01/10/2000 modify this date per needs.
NLIST User WHERE "Full Name" NEXISTS ; This will show users with No Full name.
NLIST User SHOW "Require a Password" ; This will show users that had require set to YES at some point and it was changed to NO
NLIST User WHERE "Require a Password" NEXISTS ; This will show users that were created and had no password required.
NLIST User WHERE "Account Disabled" NEXISTS ; This will show users where the account disabled was never created.
NLIST User SHOW "Account Disabled" ; This will show all users that have the account disabled whether NO or YES
NLIST User WHERE "Account Has Expiration Date" LT 01/10/2000 ; This will show expiration dates before that date.
NLIST User SHOW "Account Has Expiration Date" ; This will show accounts if they have an expiration date and the dates.
NLIST User WHERE "Last Login Time" NEXISTS ;This is useful to show accounts that have never logged in.
NLIST User WHERE "Last Login Time" LT 12/12/1999 ;This will show users that have not logged in since that date.
NLIST User WHERE "Security Equal To" EQ .admin.novell ;This shows any user that has a security equal to the admin Other objects that can give users full rights and are useful to check are [root] and containers and server object and volume objects etc.
NLIST User WHERE "Security Equal To" EQ .NW411_LAB148.NOVELL /S >> C:\secure.txt ;Change the server object to match your server
NLIST User WHERE "Security Equal To" EQ .NW411_LAB148_SYS.NOVELL /S >> C:\secure.txt ;Change the volume object to match yours
NLIST Organization SHOW "Object Trustees (ACL) /S >> C:\secure.txt ;This will list all explicit trustees, requires you to look in text for supervisor or write rights.
NLIST "Organizational Unit" SHOW "Object Trustees (ACL)" /S >> C:\SECURE.TXT ;Same as above
Rights /T /S ;This will show explicit granted file system rights.

**Again remember that with the NLIST commands you can change context to [ROOT] or any level of container with CX.exe and then use the /S at the end of the command to search down the tree from there. Also you can pipe the results of these commands to a file using > C:\secure.txt or append with >>.


 
Upvote 0 Downvote
Hi Taord,

I'm mainly looking for some utility that will extract the access rights for directories and group membership to any DB (Excel, text, MDB)

do you know any if any utility is available for this action?

Thanks
Kuz Hey, make your did for today!
help a Newbie! (That's me :D)
 
Upvote 0 Downvote
You could try using the RIGHTS.EXE file with the /T switch? -----------------------------------------------------
"It's true, its damn true!"
-----------------------------------------------------
 
Upvote 0 Downvote
Hey,
I found some kind of solution, I used Tbackup.exe and took the info form Trestore and placed in Excel, it produces all directories and the kind of rights users\groups have.

TheLad thanks for the lead... still I think there should have been some utility that will extract all this simple data and draw them nicelly....

Kuz Hey, make your did for today!
help a Newbie! (That's me :D)
 
Upvote 0 Downvote
I searced the industry and found the correct tool!

try and get BindView, it's suppose to be quite expansive but I think it worth it, I was amazed when I saw how many things were wrong on my Network...
lots of work now :)

Good luck!
Kuz

Hey, make your did for today!
help a Newbie! (That's me :D)
 
Upvote 0 Downvote
I found a tool even better than Bindview - and MUCH less expensive. It's Pedestal Software SecurityExpressions. It's an agentless system security software that provides comprehensive auditing of workstations and servers against a system security policy. It has saved me on countless audits! I highly recommend it...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MartijnNL
  • Locked
  • Question Question
searching for files reaching file version limit
Replies
2
Views
595
MartijnNL
MartijnNL
MartijnNL
  • Locked
  • Question Question
DCL: Counting number of user processes for a period of time
Replies
1
Views
512
yamyam
yamyam
jimbo2364
  • Locked
  • Question Question
Novell NetWare Server 65. Server name locations
Replies
2
Views
403
lgarner
lgarner
one2web
  • Locked
  • Question Question
Novell 5.1SP8 Arcserve 7
Replies
5
Views
499
goombawaho
goombawaho
sneakerware
  • Locked
  • Question Question
Need Picker Belt for RW530 Optical Jukebox on VAX
Replies
2
Views
456
sneakerware
sneakerware

Part and Inventory Search

Sponsor

Back
Top