@echo offfor /f "tokens=4" %%a in ('route print^|findstr 0.0.0.0.*0.0.0.0') do ( if not "%%a" == "默認" set IPaddress=%%a)cd C:\md %IPaddress%cd %IPaddress%echo 1.系統(tǒng)信息(CreatedbyG) > %IPaddress% systeminfo >> %IPaddress%echo 2.網(wǎng)卡信息(CreatedbyG) >> %IPaddress% ipconfig >> %IPaddress%echo 3.監(jiān)聽端口(CreatedbyG) >> %IPaddress% netstat -an | find "LISTENING" >> %IPaddress%echo 4.系統(tǒng)服務(CreatedbyG) >> %IPaddress% net start >> %IPaddress%echo 5.系統(tǒng)進程(CreatedbyG) >> %IPaddress% tasklist >> %IPaddress%echo 6.軟件列表(CreatedbyG) >> %IPaddress% for /f "tokens=3 delims=\" %%i in ('reg query HKLM\SOFTWARE') do ( >> %IPaddress%                echo  ****************** >> %IPaddress%                echo  軟件名稱:%%i >> %IPaddress%                echo  ****************** if not "%%i"=="Classes" for /f "tokens=4 delims=\" %%j in ('reg query HKLM\SOFTWARE\%%i 2^>nul') do (echo 軟件信息: %%j>> %IPaddress%) ) echo 7.本地策略(CreatedbyG) >> %IPaddress% secedit /export /cfg C:\temp.txt echo ---密碼策略--- >> %IPaddress% echo "0表示禁用，1表示啟用" >> %IPaddress% echo *密碼必須符合復雜性要求* >> %IPaddress% find "PasswordComplexity" C:\temp.txt |find "PasswordComplexity = ">> %IPaddress% echo *密碼長度最小值* >> %IPaddress% find "MinimumPasswordLength" C:\temp.txt|find "MinimumPasswordLength = " >> %IPaddress% echo *密碼最短使用期限* >> %IPaddress% find "MinimumPasswordAge" C:\temp.txt|find "MinimumPasswordAge = " >> %IPaddress% echo *密碼最長使用期限* >> %IPaddress% find "MaximumPasswordAge" C:\temp.txt|find "MaximumPasswordAge = " >> %IPaddress% echo *強制密碼歷史* >> %IPaddress% find "PasswordHistorySize" C:\temp.txt|find "PasswordHistorySize = " >> %IPaddress% echo *用可還原的加密來存儲密碼* >> %IPaddress% find "ClearTextPassword" C:\temp.txt|find "ClearTextPassword = " >> %IPaddress% echo ---賬戶鎖定策略（無結(jié)果表示未開啟）--- >> %IPaddress% echo *賬戶鎖定時間* >> %IPaddress% find "LockoutDuration" C:\temp.txt |find "LockoutDuration" >> %IPaddress% echo *復位賬戶鎖定計時器* >> %IPaddress% find "ResetLockoutCount" C:\temp.txt |find "ResetLockoutCount">> %IPaddress% echo *賬戶鎖定閾值* >> %IPaddress% find "LockoutBadCount" C:\temp.txt |find "LockoutBadCount" >> %IPaddress% echo ---審核策略--- >> %IPaddress% echo ---0表示無審核，1表示成功審核，2表示失敗審核，3表示成功和失敗審核--- >> %IPaddress% echo *審核帳戶管理* >> %IPaddress% find "AuditAccountManage" C:\temp.txt | find "AuditAccountManage" >> %IPaddress% echo *審核帳戶登錄事件* >> %IPaddress% find "AuditAccountLogon" C:\temp.txt | find "AuditAccountLogon" >> %IPaddress% echo *審核系統(tǒng)事件* >> %IPaddress% find "AuditSystemEvents" C:\temp.txt | find "AuditSystemEvents" >> %IPaddress% echo *審核目錄服務訪問* >> %IPaddress% find "AuditDSAccess" C:\temp.txt | find "AuditDSAccess" >> %IPaddress% echo *審核過程跟蹤* >> %IPaddress% find "AuditProcessTracking" C:\temp.txt | find "AuditProcessTracking" >> %IPaddress% echo *審核特權(quán)使用* >> %IPaddress% find "AuditPrivilegeUse" C:\temp.txt | find "AuditPrivilegeUse" >> %IPaddress% echo *審核對象訪問* >> %IPaddress% find "AuditObjectAccess" C:\temp.txt | find "AuditObjectAccess" >> %IPaddress% echo *審核登錄事件* >> %IPaddress% find "AuditLogonEvents" C:\temp.txt | find "AuditLogonEvents" >> %IPaddress% echo *審核策略更改* >> %IPaddress% find "AuditPolicyChange" C:\temp.txt | find "AuditPolicyChange" >> %IPaddress% echo ---安全選項--- >> %IPaddress% echo *0表示已停用，1表示已啟用* >> %IPaddress% echo *在掛起會話之前所需的空閑時間* >> %IPaddress% find "AutoDisconnect" C:\temp.txt | find "AutoDisconnect" >> %IPaddress% echo *不顯示上次登錄的用戶名* >> %IPaddress% find "DontDisplayLastUserName" C:\temp.txt | find "DontDisplayLastUserName" >> %IPaddress% echo *關(guān)機前清理虛擬內(nèi)存頁面* >> %IPaddress% find "ClearPageFileAtShutdown" C:\temp.txt | find "ClearPageFileAtShutdown" >> %IPaddress% echo *允許在未登錄前關(guān)機* >> %IPaddress% find "ShutdownWithoutLogon" C:\temp.txt | find "ShutdownWithoutLogon" >> %IPaddress% echo ---用戶權(quán)利分配---  >> %IPaddress% echo (Everyone:*S-1-1-0  Administrators:*S-1-5-32-544  Users:*S-1-5-32-545  Power Users:*S-1-5-32-547  Backup Operators:*S-1-5-32-551) >> %IPaddress% echo *從遠程系統(tǒng)強制關(guān)機* >> %IPaddress% find "SeRemoteShutdownPrivilege" C:\temp.txt | find "SeRemoteShutdownPrivilege" >> %IPaddress% echo *取得文件或其他對象所有權(quán)* >> %IPaddress% find "SeTakeOwnershipPrivilege" C:\temp.txt | find "SeTakeOwnershipPrivilege" >> %IPaddress% echo *從本地登錄此計算機* >> %IPaddress% find "SeInteractiveLogonRight" C:\temp.txt | find "SeInteractiveLogonRight" >> %IPaddress% echo *允許通過遠程桌面服務登錄* >> %IPaddress% find "SeRemoteInteractiveLogonRight" C:\temp.txt | find "SeRemoteInteractiveLogonRight" >> %IPaddress% echo *調(diào)試程序* >> %IPaddress% find "SeDebugPrivilege" C:\temp.txt | find "SeDebugPrivilege" >> %IPaddress% echo *更改系統(tǒng)時間* >> %IPaddress% find "SeSystemtimePrivilege" C:\temp.txt | find "SeSystemtimePrivilege" >> %IPaddress% echo *管理審核和安全日志* >> %IPaddress% find "SeSecurityPrivilege" C:\temp.txt | find "SeSecurityPrivilege" >> %IPaddress% del C:\temp.txtecho 8.系統(tǒng)用戶(CreatedbyG) >> %IPaddress% net user >> %IPaddress% for /f "skip=4 delims=" %%a in ('net user^|findstr /vx "命令成功完成。"') do for %%i in (%%a) do net user %%i >> %IPaddress% net localgroup >> %IPaddress% net localgroup Administrators >> %IPaddress%  net localgroup Guests >> %IPaddress% echo 9.其它選項(CreatedbyG) >> %IPaddress%  echo *自動播放* （oxff為關(guān)閉全部自動播放，無結(jié)果則開啟） >> %IPaddress% reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDriveTypeAutoRun |find "NoDriveTypeAutoRun" >> %IPaddress% echo ---屏幕保護程序--- >> %IPaddress% echo *是否開啟屏保* （0關(guān)，1開）>> %IPaddress% reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveActive |find "ScreenSaveActive" >> %IPaddress% echo *屏保時間*（單位秒）>> %IPaddress% reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveTimeOut |find "ScreenSaveTimeOut" >> %IPaddress% echo *屏?；謴蜁r使用密碼保護* （0否，1是）>> %IPaddress% reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaverIsSecure |find "ScreenSaverIsSecure" >> %IPaddress% echo *防火墻狀態(tài)*（1開，0關(guān)）>> %IPaddress% reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v EnableFirewall |find "EnableFirewall" >> %IPaddress% echo *遠程桌面* (0開，1關(guān)) >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections |find "fDenyTSConnections" >> %IPaddress% echo *3389端口* (d3d:3389) >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber |find "PortNumber" >> %IPaddress% echo *遠程協(xié)助* (0關(guān)（合規(guī)），1開) >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Remote Assistance" /v fAllowToGetHelp |find "fAllowToGetHelp" >> %IPaddress% echo *日志文件大小*  >> %IPaddress% echo *應用日志文件大小*（0x2800000以上為合規(guī)）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application" /v MaxSize |find "MaxSize" >> %IPaddress% echo *達到事件日志最大大小時*（不存在或0均合規(guī)）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application" /v Retention |find "Retention" >> %IPaddress% echo *安全日志文件大小*（0x2800000以上為合規(guī)）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security" /v MaxSize |find "MaxSize" >> %IPaddress% echo *達到事件日志最大大小時*（不存在或0均合規(guī)）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security" /v Retention |find "Retention" >> %IPaddress% echo *系統(tǒng)日志文件大小*（0x2800000以上為合規(guī)）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System" /v MaxSize |find "MaxSize" >> %IPaddress% echo *達到事件日志最大大小時*（不存在或0均合規(guī)）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System" /v Retention |find "Retention" >> %IPaddress% echo *默認共享*（注冊表 + net share查看）  >> %IPaddress% echo *分區(qū)共享*（存在且為0，為合規(guī)）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" /v AutoShareServer |find "AutoShareServer" >> %IPaddress% echo *ADMIN共享*（存在且為0，為合規(guī)） >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" /v AutoShareWks |find "AutoShareWks" >> %IPaddress% echo *IPC共享* （存在且為1，為合規(guī)） >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous |find "restrictanonymous" >> %IPaddress% echo *共享列表*  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\shares" >> %IPaddress% echo *默認共享*  >> %IPaddress% net share >> %IPaddress% copy C:\Windows\WindowsUpdate.log .\ ren WindowsUpdate.log %IPaddress%.updatelog reg save hklm\sam %IPaddress%.sam reg save hklm\system %IPaddress%.systempause

calc                            計算器 notepad                         記事本 taskmgr                         任務管理器 osk                             打開屏幕鍵盤 gpedit.msc                      組策略 services.msc                    本地服務 compmgmt.msc                    計算機管理 devmgmt.msc                     設備管理器 winver                          查看系統(tǒng)版本 magnify                         放大鏡實用程序 eventvwr                        事件查看器 Regedit                         打開注冊表 resmon                          資源監(jiān)視器 WMIC BIOS get releasedate       查看電腦生產(chǎn)日期

#!/bin/sh#網(wǎng)絡信息echo -----------@ifconfig -a >> check.txtifconfig -a >> check.txt#系統(tǒng)內(nèi)核、名稱和版本echo -----------@uname -a >> check.txtuname -a >> check.txtecho -----------@cat /etc/redhat-release >> check.txtcat /etc/redhat-release >> check.txt#系統(tǒng)登錄是否需要密碼echo -----------@cat /etc/passwd >> check.txtcat /etc/passwd >> check.txt#系統(tǒng)hosts.equiv是否存在主機和用戶echo -----------@cat /etc/hosts.equiv >> check.txtcat /etc/hosts.equiv >> check.txt#密碼長度和更換周期echo -----------@cat /etc/login.defs >> check.txtcat /etc/login.defs >> check.txtecho -----------@cat /etc/security/pwquality.confcat /etc/security/pwquality.conf#密碼復雜度和登錄失敗處理功能echo -----------@cat /etc/pam.d/system-auth >> check.txtcat /etc/pam.d/system-auth >> check.txt#是否關(guān)閉telnetecho -----------@cat /etc/xinetd/krb5-telnet >> check.txtcat /etc/xinetd/krb5-telnet >> check.txt#查看主機運行端口echo -----------@netstat -an >> check.txtnetstat -an >> check.txt#查看是否有多余的、過期的賬戶echo -----------@cat /etc/shadow >> check.txtcat /etc/shadow >> check.txt#查看審計功能有沒有開啟echo -----------@service rsyslog status >> check.txtservice rsyslog status >> check.txt#查看審計功能有沒有開啟守護進程echo -----------@service auditd status >> check.txt service auditd status >> check.txt#查看審計功能記錄echo -----------@cat /etc/syslog.conf >> check.txtcat /etc/syslog.conf >> check.txt#版本不同查詢不同echo -----------@cat /etc/rsyslog.conf >> check.txtcat /etc/rsyslog.conf >> check.txt#系統(tǒng)啟動后的信息和錯誤日志及所在文件中的權(quán)限echo -----------@cat /var/log/message >> check.txtcat /var/log/message >> check.txtecho -----------@ls -l /var/log/message >> check.txtls -l /var/log/message >> check.txt#系統(tǒng)安全相關(guān)的日志信息及所在文件中的權(quán)限echo -----------@cat /var/log/secure >> check.txtcat /var/log/secure >> check.txtecho -----------@ls -l /var/log/secure >> check.txtls -l /var/log/secure >> check.txt#系統(tǒng)守護進程啟動和停止相關(guān)的日志消息及所在文件中的權(quán)限echo -----------@cat /var/log/boot.log >> check.txtcat /var/log/boot.log >> check.txtecho -----------@ls -l /var/log/ >> check.txtls -l /var/log/ >> check.txt#系統(tǒng)最小安裝原則echo -----------@cat /etc/redhat-release >> check.txtcat /etc/redhat-release >> check.txt#系統(tǒng)安裝的軟件包echo -----------@rpm -q redhat-release >> check.txtcat /etc/redhat-release >> check.txt#終端登錄方式echo -----------@cat /etc/securetty >> check.txtcat /etc/securetty >> check.txtecho -----------@cat /etc/ssh/sshd_config >> check.txtcat /etc/ssh/sshd_config >> check.txt#終端超時鎖定,查看TMOUTecho -----------@cat /etc/profile >> check.txtcat /etc/profile >> check.txt#最大最小資源使用限制echo -----------@cat /etc/security/limits.conf >> check.txtcat /etc/security/limits.conf >> check.txt#Linux系統(tǒng)主要目錄的權(quán)限設置情況echo -----------@ls -l /etc/passwd  >> check.txtecho -----------@ls -l /etc/shadow  >> check.txtecho -----------@ls -l /etc/login.defs  >> check.txtecho -----------@ls -l /etc/profile  >> check.txtecho -----------@ls -l /etc/group  >> check.txtecho -----------@ls -l /etc/xinetd.conf  >> check.txtecho -----------@ls -l /etc/security/limits.conf  >> check.txtecho -----------@ls -l /etc/ssh/sshd_config  >> check.txtls -l /etc/passwd  >> check.txtls -l /etc/shadow  >> check.txtls -l /etc/login.defs  >> check.txtls -l /etc/profile  >> check.txtls -l /etc/group  >> check.txtls -l /etc/xinetd.conf  >> check.txtls -l /etc/security/limits.conf  >> check.txtls -l /etc/ssh/sshd_config  >> check.txt #Linux系統(tǒng)主要目錄的權(quán)限設置情況echo -----------@ls -l /etc | grep pam.d >> check.txtls -l /etc | grep pam.d>> check.txt#Linux系統(tǒng)主要目錄的權(quán)限設置情況echo -----------@ls -l /etc | grep security >> check.txtls -l /etc | grep security>> check.txt#訪問控制列表echo -----------@iptables -L -n -v >> check.txtiptables -L -n -v >> check.txt#查看可登錄用戶名echo -----------@cat /etc/passwd|grep -v nologin|grep -v sync|grep -v halt|grep -v shutdown|awk -F":" '{ print $1"|"$3"|"$4 }'|more >> check.txtcat /etc/passwd|grep -v nologin|grep -v sync|grep -v halt|grep -v shutdown|awk -F":" '{ print $1"|"$3"|"$4 }'|more >> check.txt#三權(quán)分立echo -----------@cat /etc/sudoers >> check.txtcat /etc/sudoers >> check.txt#地址限定echo -----------@cat /etc/hosts.deny >> check.txtcat /etc/hosts.deny >> check.txtecho -----------@cat /etc/hosts.allow >> check.txtcat /etc/hosts.allow >> check.txt#密碼復雜度echo -----------@cat /etc/security/pwquality.conf >> check.txtcat /etc/security/pwquality.conf >> check.txt

####mssql數(shù)據(jù)庫測試相關(guān)命令######身份鑒別###1、右鍵點擊服務器，“屬性”-“安全性”，查看服務器身份驗證。#2、在Microsoft SQL Server Management Studio中選擇服務器組并展開，選擇“安全性->登錄名”項，右鍵點擊管理員用戶的“屬性”，在“常規(guī)”中 查看“強制實施密碼策略”和“強制密碼過期”#3、在Microsoft SQL Server Management Studio中登錄服務器并展開，右鍵點擊服務器，選擇“屬性”，選擇“高級”項，查看登錄超時設定或輸入“sp_configure”查看數(shù)據(jù)庫啟動的配置參數(shù)；其中remote login timeout為遠程登錄超時設定。 ##訪問控制###查看是否存在默認賬戶select * from syslogins#查看所有數(shù)據(jù)庫登錄用戶的信息及其權(quán)限exec sp_helplogins  ##安全審計##在Microsoft SQL Server Management Studio中登錄服務器并展開，右鍵點擊服務器，選擇“屬性”，選擇“安全性”項，查看登錄審核和是否啟用C2 審計跟蹤。#查看“c2 audit mode”項的值，“0”是未開啟C2審計，“1”是開啟C2審計sp_configure

#身份鑒別1)嘗試登錄數(shù)據(jù)庫，執(zhí)行mysql -u root -p查看是否提示輸入口令鑒別用戶身份2)使用如下命令查詢賬號select user, host FROM mysql.user 結(jié)果輸出用戶列表，查看是否存在相同用戶名 3)執(zhí)行如下語句查詢是否在空口令用：select * from mysql.user where length(password)= 0 or password is null輸出結(jié)果是否為空4)執(zhí)行如下語句查看用戶口令復雜度相關(guān)配置:show variables like 'validate%'; 或show VARIABLES like "%password“ 1)詢問管理員是否采取其他手段配置數(shù)據(jù)庫登錄失敗處理功能。2）執(zhí)行show variables like %max_connect_errors%";或核查my.cnf文件，應設置如下參數(shù)：max_connect_errors=1003) show variables like ”%timeout%“,查看返回值 1)是否采用加密等安全方式對系統(tǒng)進行遠程管理2)執(zhí)行show variables like %have_ssl%"查看是否支持ssl的連接特性,若為disabled說明此功能沒有激活,或執(zhí)行\(zhòng)s查看是否啟用SSL;3)如果采用本地管理方式，該項為不適用 #訪問控制1)執(zhí)行語句select user,host FROM mysql.user 輸出結(jié)果是否為網(wǎng)絡管理員，安全管理員，系統(tǒng)管理員創(chuàng)建了不同賬戶:2)執(zhí)行show grants for' XXXX'@' localhost'：查看網(wǎng)絡管理員，安全管理員、系統(tǒng)管理員用戶賬號的權(quán)限，權(quán)限間是否分離并相互制約 1)執(zhí)行select user,host FROM mysql.user 輸出結(jié)果查看root用戶是否被重命名或被刪除2)若root賬戶未被刪除，是否更改其默認口令，避免空口令或弱口令. 1)在sqlplus中執(zhí)行命令: select username,account_status from dba_users2)執(zhí)行下列語句:select * from mysql.user where user=""select user, host FROM mysql.user依次核查列出的賬戶，是否存在無關(guān)的賬戶。3)訪談網(wǎng)絡管理員，安全管理員、系統(tǒng)管理員不同用戶是否采用不同賬戶登錄系統(tǒng) "1.訪談管理員是否制定了訪問控制策略2.執(zhí)行語句：selcec * from mysql.user\G -檢查用戶權(quán)限列selcec * from mysql.db\G --檢查數(shù)據(jù)庫權(quán)限列selcec * from mysql.tables_priv\G 一檢查用戶表權(quán)限列selcec * from mysql.columns_privi\G -檢查列權(quán)限列管理員輸出的權(quán)限列是是否與管理員制定的訪問控制策略及規(guī)則一致3)登錄不同的用戶，驗證是否存在越權(quán)訪問的情形" "1）執(zhí)行下列語句：selcec * from mysql.user\G -檢查用戶權(quán)限列selcec * from mysql.db\G --檢查數(shù)據(jù)庫權(quán)限列2)訪談管理員并核查訪問控制粒度主體是否為用戶級，客體是否為數(shù)據(jù)庫表級" #安全審計 "1)執(zhí)行下列語句:show variables like 'log_%'查看輸出的日志內(nèi)容是否覆蓋到所有用戶，記錄審計記錄覆蓋內(nèi)容 2)核查是否采取第三方工具增強MySQL日志功能。若有，記錄第三方審計工具的審計內(nèi)容，查看是否包括事件的日期和時間、用戶、事件類型、事件是否成功及其他與審計相關(guān)的信息" #入侵防范 "訪談MySQL補丁升級機制，查看補丁安裝情況:1)執(zhí)行如下命令查看當前補于版本:show variables where  variable name like ""version""2)訪談數(shù)據(jù)庫是否為企業(yè)版，是否定期進行漏洞掃描，針對高風險漏洞是否評估補丁并經(jīng)測試后再進行安裝"  檢查是否對錯誤日志進行管理: show variables like 'log_error'; 檢查是否配置二進制日志： show variables like 'log_bin';show binary logs;檢查是否配置通用查詢?nèi)罩景踩?/span> show variables like '%general%';檢查是否設置禁止MySQL對本地文件存取： show variables like 'local_infile'; load data local infile 'sqlfile.txt' into table users fields terminated by ',';檢查test是否已被刪除： show databases;檢查是否對無關(guān)賬號進行管理： SELECT user,host FROM mysql.user WHERE user = '';檢查是否對user授權(quán)表進行控制： SELECT * FROM mysql.user\G;SELECT user,host from mysql.user where (select_priv='Y') or (insert_priv='Y') or (update_priv='Y') or (create_priv='Y') or (drop_priv='Y'); select user, host from mysql.user where File_priv = 'Y';select user, host from mysql.user where Process_priv = 'Y';select user, host from mysql.user where Super_priv = 'Y';SELECT user, host FROM mysql.user WHERE Shutdown_priv = 'Y';SELECT user, host FROM mysql.user WHERE Create_user_priv = 'Y';SELECT user, host FROM mysql.user WHERE Reload_priv = 'Y';SELECT user, host FROM mysql.db WHERE Grant_priv = 'Y';檢查是否對db授權(quán)表進行控制： SELECT * FROM mysql.db\G;SELECT user, host FROM mysql.db WHERE db='mysql' AND ((select_priv='Y') OR (insert_priv='Y') OR (update_priv='Y') OR (delete_priv='Y') OR (create_priv='Y') OR (drop_priv='Y')); SELECT user,host,db FROM mysql.db WHERE select_priv='Y' OR insert_priv='Y' OR update_priv='Y' OR delete_priv='Y' OR create_priv='Y' OR drop_priv='Y' OR alter_priv='Y';檢查是否對賬號運行權(quán)限進行管理： select * from mysql.user\G;show grants;檢查是否配置了單個用戶最大連接數(shù)： show variables like '%max_connections%'; //整個服務器show variables like 'max_user_connections'; //單個用戶最大連接數(shù)檢查默認管理員賬號是否已更名： SELECT * from MySQL.user where user='root';select user,host from user;檢查是否使用默認端口： show global variables like 'port';

###oracle數(shù)據(jù)庫檢測相關(guān)命令#### ##身份鑒別###查看數(shù)據(jù)庫所有用戶信息select * from sys.dba_profile；#查看賬戶修改時間(CTIME：創(chuàng)建時間、PTIME：修改時間、EXPTIME：過期時間、LTIME：鎖定時間）select * from dba_profiles, dba_users where dba_profiles.profile = dba_users.profile  and dba_users.account_status='OPEN'  and resource_name='PASSWORD_GRACE_TIME';#檢查Oracle是否啟用口令復雜度函數(shù)。select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_VERIFY_FUNCTION';#查看該口令復雜度函數(shù)的中對長度的要求：select text from dba_source where name= 'PASSWORD_VERIFY_FUNCTION' order by line;#查看管理員賬戶所對應概要文件的FAILED_LOGIN_ATTEMPTS（登錄失敗次數(shù)）的參數(shù)值select limit from dba_profiles where profile='DEFAULT' and resource_name='FAILED_LOGIN_ATTEMPTS'; select * from dba_profiles order by 1;#查看管理員賬戶所對應概要文件的PASSWORD_LOCK_TIME（鎖定時間）的參數(shù)值。select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_LOCK_TIME'; #超時的空閑遠程連接是否自動斷開根據(jù)實際需要設置合適的數(shù)值。在$ORACLE_HOME/network/admin/sqlnet.ora中設置下面參數(shù)：SQLNET.EXPIRE_TIME=10 ##訪問控制###查看所有賬戶（是否存在默認或空口令賬戶：sys,system,dbsnmp,sysman,mgmt_view5）select username,password from dba_users;##查看管理用戶權(quán)限分配情況###查看被賦予DBA角色的賬戶select * from DBA_ROLE_PRIVS where GRANTED_ROLE='DBA';#查看賬戶“USERNAME”所擁有的角色select * from dba_role_privs where GRANTEE='USERNAME';#查看賬戶“ROLENAME”所擁有的角色select * from dba_role_privs where GRANTEE='ROLENAME';#查看賬戶名為“USERNAME”以及該賬戶擁有的角色“ROLENAME”的系統(tǒng)權(quán)限；select * from DBA_SYS_PRIVS where GRANTEE='USERNAME’or GRANTEE='ROLENAME’;#查看賬戶名為“USERNAME”以及該賬戶擁有的角色“ROLENAME”的對象權(quán)限。select * from DBA_TAB_PRIVS where GRANTEE='USERNAME’or GRANTEE='ROLENAME’;#查看數(shù)據(jù)庫重要的表的訪問控制權(quán)限（A為表名）select * from dba_tab_privs where table_name = A; ##安全審計###查看系統(tǒng)的審計功能是否開啟（None/False未開啟，DB/TURE開啟，DB只記錄連接信息，DB,Extended除連接信#息還包含當時執(zhí)行的具體語句’，OS審計寫入一個操作系統(tǒng)文件）show parameters audit_trail;select value from v$parameter where name='audit_trail';#查看是否對所有sys用戶的操作進行了記錄；show parameter audit_sys_operations;#查看是否對sel,upd,del,ins操作進行了審計select sel,upd,del,ins from DBA_OBJ_AUDIT_OPTS;#查看針對權(quán)限的審計規(guī)則配置情況select * from DBA_PRIV_AUDIT_OPTS; ##入侵防范#設定信任IP集cat $ORACLE_HOME/network/admin/sqlnet.ora   1.限制超級管理員遠程登錄檢查方法：使用sqlplus檢查參數(shù)設置。SQL> show parameter REMOTE_LOGIN_PASSWORDFILE，參數(shù)REMOTE_LOGIN_PASSWORDFILE設置為NONE; 修訂算法：SQL> alter system set remote_login_passwordfile=none scope=spfile;SQL> shutdown immediateSQL> startup 2.用戶屬性控制檢查方法：查詢視圖dba_profiles和dba_users來檢查profile是否創(chuàng)建。SQL> Select profile from dba_profiles;SQL> Select profile from dba_users;存在default以外的profile即可 修訂算法：SQL> create profile maintenance limit  PASSWORD_VERIFY_FUNCTION F_PASSWORD_VERIFYPASSWORD_REUSE_MAX 5PASSWORD_GRACE_TIME 60FAILED_LOGIN_ATTEMPTS 6PASSWORD_LIFE_TIME 90; 3.數(shù)據(jù)字典訪問權(quán)限檢查方法：使用sqlplus檢查參數(shù)，SQL> show parameter O7_DICTIONARY_ACCESSIBILITY參數(shù)O7_DICTIONARY_ACCESSIBILITY設置為FALSE 修訂算法：SQL> alter system set O7_DICTIONARY_ACCESSIBILITY=FALSE scope=spfile;SQL> shutdown immediateSQL> startup 4.賬戶口令的生存期檢查方法：執(zhí)行select dba_profiles.profile,resource_name, limit from dba_profiles, dba_users where dba_profiles.profile = dba_users.profile  and dba_users.account_status='OPEN'  and resource_name='PASSWORD_GRACE_TIME';查詢結(jié)果中PASSWORD_GRACE_TIME小于等于90。 修訂算法：SQL> alter profile default limit PASSWORD_GRACE_TIME 60; 5.重復口令使用檢查方法：執(zhí)行select dba_profiles.profile,resource_name, limit from dba_profiles, dba_users where dba_profiles.profile = dba_users.profile  and dba_users.account_status='OPEN'  and resource_name='PASSWORD_REUSE_MAX';查詢結(jié)果中PASSWORD_REUSE_MAX大于等于5。 修訂算法：SQL> alter profile default limit PASSWORD_REUSE_MAX 5; 6.認證控制檢查方法：執(zhí)行select dba_profiles.profile,resource_name, limit from dba_profiles, dba_users where dba_profiles.profile = dba_users.profile  and dba_users.account_status='OPEN'  and resource_name='FAILED_LOGIN_ATTEMPTS';查詢結(jié)果中FAILED_LOGIN_ATTEMPTS等于6。 修訂算法：SQL>alter profile default limit FAILED_LOGIN_ATTEMPTS 6; 7.更改默認帳戶密碼檢查方法：sqlplus '/as sysdba'conn system/systemconn system/manager conn sys/sysconn sys/cHAnge_on_install conn scott/scottconn scott/tigerconn dbsnmp/dbsnmp conn rman/rmanconn xdb/xdb以上均不能成功登錄 修訂算法：不要有空口令和弱口令 8.密碼更改策略檢查方法：執(zhí)行select profile,limit from dba_profiles where resource_name='PASSWORD_LIFE_TIME'  and profile in (select profile from dba_users where account_status='OPEN');查詢結(jié)果中PASSWORD_LIFE_TIME小于等于90。 修訂算法：SQL> alter profile default limit PASSWORD_LIFE_TIME 90; 9.密碼復雜度策略檢查方法：執(zhí)行select limit from dba_profiles where resource_name = 'PASSWORD_VERIFY_FUNCTION' and profile in (select profile from dba_users where account_status = 'OPEN');select text from dba_source where name='PASSWORD_VERIFY_FUNCTION';查詢結(jié)果中不為“NULL”且策略為口令長度至少8位，并包括數(shù)字、小寫字母、大寫字母和特殊符號4類中至少3類 修訂算法：創(chuàng)建復雜度策略使用 sys 用戶登錄，執(zhí)行如下腳本：D:\app\administrator\product\11.2.0\dbhome_1\RDBMS\ADMIN\utlpwdmg.sqloracle 10g, 必須使用sys用戶登錄，oracle 11g，可以使用 system創(chuàng)建； 然后執(zhí)行如下腳本：ALTER PROFILE DEFAULT LIMITPASSWORD_LIFE_TIME 90PASSWORD_GRACE_TIME 60PASSWORD_REUSE_TIME UNLIMITEDPASSWORD_REUSE_MAX 5FAILED_LOGIN_ATTEMPTS 6PASSWORD_LOCK_TIME 1PASSWORD_VERIFY_FUNCTION verify_function;10.數(shù)據(jù)庫審計策略檢查方法：1.使用參數(shù)設置，SQL> show parameter audit_trail參數(shù)audit_trail不為NONE。檢查dba_audit_trail視圖中或$ORACLE_BASE/admin/adump目錄下是否有數(shù)據(jù)。2.查看審計表，檢查是否有用戶登錄、操作記錄select * from LOGON_AUDIT.LOGON_AUDIT; 修訂算法：SQL> alter system set audit_trail=os scope=spfile;SQL> shutdown immediateSQL> startup 11.設置監(jiān)聽器密碼檢查方法：檢查$ORACLE_HOME/network/admin/listener.ora文件中是否設置參數(shù)PASSWORDS_LISTENER。 修訂算法：$ ps -ef|grep tns$ lsnrctlLSNRCTL> set current_listener listener LSNRCTL> change_passwordLSNRCTL> save_configLSNRCTL> set password LSNRCTL> exit 12.限制用戶數(shù)量檢查方法：檢查文件/etc/group，確認除oracle安裝用戶無其它用戶在DBA組中。 修訂算法： 13.使用數(shù)據(jù)庫角色（ROLE）來管理對象的權(quán)限檢查方法：檢查應用用戶未授予dba角色：select * from dba_role_privs where granted_role='DBA'; 修訂算法：create rolegrant 角色 to username; revoke DBA from username;  14.連接超時設置檢查方法：檢查sqlnet.ora文件：$ cat $ORACLE_HOME/network/admin/sqlnet.ora查看文件中設置參數(shù)SQLNET.EXPIRE_TIME=15。 修訂算法：$ vi sqlnet.oraSQLNET.EXPIRE_TIME=10 15.安全補丁檢查方法：查看oracle補丁是否為最新，$ opatch lsinventory 修訂算法：升級為最新補丁，需要Oracle Metalink 帳號下載安全補丁。 16.可信IP地址訪問控制檢查方法：1.檢查sqlnet.ora中是否設置tcp.validnode_checking = yes，tcp.invited_nodes ：$ cat $ORACLE_HOME/network/admin/sqlnet.ora 修訂算法：$ vi sqlnet.oratcp.validnode_checking = yes tcp.invited_nodes = (ip1,ip2…)  17.資源控制檢查方法：查看空閑超時設置：select profile,limit from dba_profiles where profile='DEFAULT' and resource_name='IDLE_TIME'; 修訂算法：IDLE_TIME返回結(jié)果應大于0 18.重要信息資源設置敏感標記檢查方法：1、詢問數(shù)據(jù)庫管理員是否對重要數(shù)據(jù)設置了敏感標記2、檢查是否安裝Oracle Label Security 模塊：select username from dba_users;3、查看是否創(chuàng)建策略:select policy_name,status from dba_sa_policies;4、查看是否創(chuàng)建級別：select * from dba_sa_levels order by level_num;5、查看標簽創(chuàng)建情況：select * from dba_sa_labels;6、詢問重要數(shù)據(jù)存儲表格名稱7、查看策略與模式、表對應關(guān)系：select * from dba_sa_table_policies;判斷是否針對重要信息資源設置敏感標簽。 修訂算法：1、安裝了Oracle Label Security模塊2、可以查詢到Oracle Label Security對象的用戶LBACSYS3、創(chuàng)建了相應的策略4、創(chuàng)建了相應的級別5、創(chuàng)建了標簽6、針對重要數(shù)據(jù)設置了敏感標記

 #!/bin/bash #version 2.1 此腳本在rhel，centos，oel系統(tǒng)均已測試通過，適用于9i 10g 11g。但未在aix，solaris，unix測試，如果遇到問題請自行微調(diào)。 #Author: jn#Date: 2016.8HOSTNAME=`hostname`echo $HOSTNAME > orack.res.lstSQLPLUS=$ORACLE_HOME/bin/sqlplus $SQLPLUS "/ as sysdba" << EOF-------  設置行寬、葉寬  ----------set line 150set pagesize 1000set feed offspool orack.res.lst-------  腳本開始運行的時間  ------------select 'Started On ' || to_char(sysdate,'yyyy-mm-dd hh24:mi:ss') started_time from dual;-------  Oracle的版本  ------------select banner from v\$version;#select banner from v$version;------- 查看Oracle登錄認證方式 ----------show parameter remote_login_passwordfile------- 查看 oracle 用戶密碼HASH值 -----------select name,password from user\$;select name,password from user\$ where name in ( select username from dba_users where account_status='OPEN');-------  查看出于Active狀態(tài)的帳號  ------------col username for a20col profile for a20select username,profile from dba_users where account_status='OPEN';set line 150set pagesize 1000col profile for a20col resource_name for a30col resource for a25col limit for a30select * from dba_profiles;select * from dba_profiles where profile='DEFAULT';-------  查看是否開啟了資源限制  ------------show parameter resource_limit-------查看審計開啟情況-----show parameter audit-------  查看密碼方面的限制  ------------col resource_name for a40col limit for a20col profile for a40select resource_name,limit,profile from dba_profiles where resource_type='PASSWORD';------- 查看哪些用戶具有DBA權(quán)限  ---------------col grantee for a15col granted_role for a15col admin_option for a15col default_role for a15select * from dba_role_privs where grantee in ( select username from dba_users where account_status='OPEN') and granted_role='DBA' order by grantee;------- 查詢視圖dba_tab_privs被授予了public角色和執(zhí)行權(quán)限表的數(shù)量 -------select count(*) table_name from dba_tab_privs where grantee='PUBLIC' and privilege='EXECUTE' and table_name in ('UTL_FILE', 'UTL_TCP', 'UTL_HTTP', 'UTL_SMTP', 'DBMS_LOB', 'DBMS_SYS_SQL', 'DBMS_JOB');------- 查看激活用戶的配置情況 -------select * from dba_profiles where profile in (select profile from dba_users where account_status='OPEN') and  limit NOT IN('DEFAULT','UNLIMITED','NULL');------- 查看第三方審計工具的安裝情況 -------SELECT * FROM V\$OPTION WHERE PARAMETER = 'Oracle Database Vault';#SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';------- 查看oracle最大連接數(shù)-------show parameter processes;------- 查看非系統(tǒng)用戶角色被授予dba的用戶的數(shù)量 -------select count(a.username) from  dba_users a left join dba_role_privs b on a.username = b.grantee where granted_role = 'DBA' and a.username not in ('SYS','SYSMAN','SYSTEM');------- 查看數(shù)據(jù)庫會話 -------show parameter sessions;------- 當sql92_security被設置成TRUE時，對表執(zhí)行UPDATE/DELETE操作時會檢查當前用戶是否具備相應表的SELECT權(quán)限 --------show parameter sql92_security;------- O7_DICTIONARY_ACCESSIBILITY參數(shù)控制對數(shù)據(jù)字典的訪問.設置為true,如果用戶被授予了如select any table等any table權(quán)限,用戶即使不是dba或sysdba用戶也可以訪問數(shù)據(jù)字典，建議為false -------show parameter O7_DICTIONARY_ACCESSIBILITY;spool offEOF# Oracle Port Numberecho -e "\n\n" >> orack.res.lstecho "----------Port 1521 in listener.ora----------" >> orack.res.lstecho "" >> orack.res.lstLISTEN_ORA=$ORACLE_HOME/network/admin/listener.oraSQLNET_ORA=$ORACLE_HOME/network/admin/sqlnet.oraif [ -f $LISTEN_ORA ];then grep 1521 $LISTEN_ORA >> orack.res.lstelse echo "File $LISTEN_ORA Is Not Exists!!!" >> orack.res.lstfi # Listener Passwordecho -e "\n" >> orack.res.lstecho "----------Listener Password in listener.ora----------" >> orack.res.lstecho "" >> orack.res.lstif [ -f $LISTEN_ORA ];then grep -i PASSWORDS_LISTENER $LISTEN_ORA >> orack.res.lstelse echo "File $LISTEN_ORA Is Not Exists!!!" >> orack.res.lstfi # SQLNET TIMEOUTecho -e "\n" >> orack.res.lstecho "----------sqlnet timeout in sqlnet.ora----------" >> orack.res.lstecho "" >> orack.res.lstif [ -f $SQLNET_ORA ];then grep -i SQLNET.EXPIRE_TIME $SQLNET_ORA >> orack.res.lstelse echo "File $SQLNET_ORA Is Not Exists!!!" >> orack.res.lstfi # SQLNET Trusted IP echo -e "\n" >> orack.res.lstecho "----------sqlnet trusted IP in sqlnet.ora----------" >> orack.res.lstecho "" >> orack.res.lstif [ -f $SQLNET_ORA ];then egrep -i "tcp.validnode_checking|tcp.invited_nodes|tcp.excluded_nodes" $SQLNET_ORA >> orack.res.lstelse echo "File $SQLNET_ORA Is Not Exists!!!" >> orack.res.lstfi echo -e "\n\n" >> orack.res.lstecho "==========================  End On `date`  ==========================" >> orack.res.lst