Python scripts used for SOX ITGCs. These scripts are designed to assist in automating user security reviews for Unix based systems and Oracle databases. Other useful audits are included as well.
This project was started to automate user security reviews (and other audits) that may be taken as part of IT General Control testing for SOX compliance. Additional audits may be performed that may be useful to ensure that security controls (taken out of a purely SOX context) are functioning as intended. Automating these audits has the following benefits:
- Allows IT operations staff to focus on tasks more suited to their expertise.
- Increases confidence in the results of the audit by reducing or eliminating human error.
- Allows for "continuous" auditing, giving business leadership confidence that IT controls are being implemented and followed.
- Reduces the level of effort required to execute audit activities, resulting in financial savings.
$ git clone https://github.com/bentleygd/ITGC.git
In order to run the user security review scripts, run:
$ python3 itgc.py [OS]
Audit tests currently exist for: Active Directory (via LDAP), AIX, Linux and Oracle DB.
usage: itgc.py [-h] os
SOX ITGC User Security Reviewspositional arguments: os Linux, AIX or Oracle
optional arguments: -h, --help show this help message and exit
See DOCS.md for more detailed documentation.
- Automated security audits for Linux, AIX, MySQL DBs and Oracle DBs.
Oracle DB user accounts are compared to a list of accounts that are retrieved from Active Directory using ldap3. Any DB account that does not have a corresponding active directory account is flagged as an audit finding. A list of local DB accounts must be maintained for exceptions to the audit process (e.g., Oracle). Oracle DB users with the DBA granted role are compared to a list of users that are expected to have the DBA granted role. Any exceptions are noted as an audit finding. Any user that is considered an "air breather" that has SCHEMA_PROF is flagged as an audit finding. Additionally, any account with the DEFAULT profile is flagged as an audit finding as users should receive a distinct DB profile.
MySQL DB user accounts are compared to a list of accounts that are retrieved from Active Directory using ldap3. Any DB account that does not have a corresponding active directory account is flagged as an audit finding. A list of local DB accounts must be maintained for exceptions to the audit process. The accounts should be listed in the configuration file as ['mysql']['exceptions'] MySQL DB users with the all privileges grant with the grant option are compared to a list of users that are expected to have the elevated grant. Any exceptions are noted as an audit finding.
Currently, the audit results are parsed from CSV files and are emailed to an address specified in the [mail] section of the configuration file.
Automated test cases are included and use the pytest framework. Executing the tests is simple:
$ python3 -m pytest -v
This project is licensed under GPLv3.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent