- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Need something to scan for SSNs & CCNs
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-09-2008 09:08 AM
тАО05-09-2008 09:08 AM
Management wants IT to scan all servers for sensitive data. Right now sensitive data is defined as any file with Social Security No.s or Credit Card No.s in it. I've been able to find scripts for our *nix servers but haven't found anything for our one remaining VMS server (VAXstation 4000-90 running OpenVMS V6.2). I'm pretty sure it doesn't have sensitive data on it but for the auditors I need to do a scan somehow to make them happy.
Has anyone heard of such a thing for VMS?
Thanks,
Vic
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-09-2008 09:33 AM
тАО05-09-2008 09:33 AM
Re: Need something to scan for SSNs & CCNs
You could use the same "magic pixie dust" scanner used on Unix, either invoked under bash/GNV on OpenVMS, or after a quick port over of the core of the logic -- which is probably awk or grep or such -- and this port can use one of the existing ports of awk or grep.
I use "magic pixie dust" here as it is certain that the social security number scanner could miss these (no check digit), and it's certainly feasible for a credit card number to mis-fire due to the various formats and encodings that are feasible. Though a check digit is usually available, the exact formats can and do differ.
http://www.merriampark.com/anatomycc.htm
You could cover a fair amount of territory with little more than one of the available grep ports and a little time spent on the regular expressions needed. (The patterns are probably already in your "magic pixie dust" scanner, too.)
The basic command is grep -R -i "pattern"
And you can find grep ports on the Freeware.
http://mvb.saic.com/freeware/
http://www.google.com/search?hl=en&q=site%3Amvb.saic.com+grep&btnG=Google+Search
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-09-2008 09:59 AM
тАО05-09-2008 09:59 AM
Re: Need something to scan for SSNs & CCNs
I would agree with Hoff. If for no other reason, the auditors have blessed the patterns being used on the *IX platforms. The precise patterns that were scanned for can often be important in these situations.
Even if you are manually using GREP on OpenVMS, please use precisely the sanctioned patterns. It will save the effort of re-doing the scan.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-11-2008 08:06 PM
тАО05-11-2008 08:06 PM
Re: Need something to scan for SSNs & CCNs
Do you really expect to find any on an ancient VAX?
I don't know about SSNs, but credit card numbers are a fairly specific pattern, with predictable leading numbers, and there are fairly simple sanity check algorithms which you should be able to find using Google.
Use someting like grep to look for suspects, then apply the check algorithm to filter further.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2008 07:50 AM
тАО05-12-2008 07:50 AM
Re: Need something to scan for SSNs & CCNs
Hoff, I followed the link to freeware that you provided but didn't see any index on where grep & awk would be located. So what I did is go here:
http://www.openvms.compaq.com/openvms/freeware/
and download the CDs. So far I've tried installing grep but it fails when I ran @VMSMAKE.COM. I get this several times:
if (our_path == NULL && !gopher_setup)
.............................^
%CC-E-UNDECLARED, In this statement, "gopher_setup" is not declared.
At line number 393 in DKA200:[SEMASKA.FREE.1.GREP.UNZIP]SHELL_MUNG.C;1.
Never programmed in C so I don't know how to fix it. Any ideas? It has been such a long time since I've worked on VMS.
Does anyone have executables of grep & awk that I can get a copy of?
John,
I don't expect to find SSNs or CCNs on the VAXstation but the auditors said that all servers have to be scanned. They want evidence of this being done so I have no choice.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2008 01:53 PM
тАО05-12-2008 01:53 PM
Re: Need something to scan for SSNs & CCNs
http://www.google.com/search?hl=en&q=site%3Amvb.saic.com+grep&btnG=Google+
Search
The fourth hit in that Google search is this:
http://mvb.saic.com/freeware/freewarev40/grep/vax/
The HP site (compaq.com or otherwise) doesn't have a particularly good nor complete collection of Freeware for OpenVMS, which is centrally why I pointed you to what I consider a better and far more extensive site.
The other current option is the gnv kit, but I have no idea if gnv has made it as far back as OpenVMS VAX V6.2. (I'd guess not.) You are far enough back to have access to the POSIX kit however, and POSIX has many of these commands. POSIX was a POSIX Unix C shell for OpenVMS, and has many typical commands; it's the forerunner of the gnv
stuff.
Hunter has copies of both grep and gawk posted at the Process server, too.
http://vms.process.com/fileserv-software.html
I've posted up pointers to various tools in the OpenVMS Frequently Asked Questions (FAQ), which is available at:
http://www.hoffmanlabs.com/vmsfaq
The FAQ has a whole section on finding Unix tools. (I'm not pointing you at the copy of the FAQ over at the HP site here because that version is comparatively stale.)
Or you can fix the source code. Which particular grep did you try? This looks to be a fairly straightforward C syntax error.
Stephen Hoffman
HoffmanLabs LLC
--
NB: The "Need something to search for SSNs & CCNs" question here was is also cross-posted out into comp.os.vms.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2008 02:35 PM
тАО05-12-2008 02:35 PM
Re: Need something to scan for SSNs & CCNs
Ooh. There's a stroll down memory lane.
psx> man grep
grep
The grep utility searches for and matches patterns in a text
file.
[...]
Even the fancy ones:
psx> man egrep
egrep
The egrep and fgrep utilities search for and match patterns in a
text file.
[...]
psx> uname -a
POSIX_for_OpenVMS_VAX GIMP V2.0(V2.0) V6.2 VAX_4000-200 VAX
And the price is right, too, as I recall.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2008 09:29 PM
тАО05-12-2008 09:29 PM
Re: Need something to scan for SSNs & CCNs
Semi serious suggestion...
$ CREATE SCAN_FOR_SSN_CCN.COM
$ DECK
$ WRITE SYS$OUTPUT "Scanning for SSN's and CCN's at ",F$TIME()
$ SEARCH disk1:[000000...]*.* "CCN's in Standard Format","SSN's in Standard Format"
$ WRITE SYS$OUTPUT "Scan complete at ",F$TIME()
$ EOD
Repeat for each disk. Take a log of the run and submit it as a report to your auditors.
It's probably as accurate as anything other simple minded test, and you can honestly say you've performed a scan of all files on the system.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2008 11:21 PM
тАО05-12-2008 11:21 PM
Re: Need something to scan for SSNs & CCNs
And what if the data is split between lines or blocks ? Or with abnormal formatting ?
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2008 12:05 AM
тАО05-13-2008 12:05 AM
Re: Need something to scan for SSNs & CCNs
I guess this is not your data, as if it was, you would know what files are on the various disks, and how the data is organised.
May be a merge of companies ?
If the sensitive data is (more or less) crypted, using just a compression tool or something more serious, various search or grep will find nothing.