Operating System - OpenVMS
1748030 Members
5170 Online
108757 Solutions
New Discussion юеВ

Need something to scan for SSNs & CCNs

 
SOLVED
Go to solution
Victor Semaska_3
Esteemed Contributor

Need something to scan for SSNs & CCNs

Greetings,

Management wants IT to scan all servers for sensitive data. Right now sensitive data is defined as any file with Social Security No.s or Credit Card No.s in it. I've been able to find scripts for our *nix servers but haven't found anything for our one remaining VMS server (VAXstation 4000-90 running OpenVMS V6.2). I'm pretty sure it doesn't have sensitive data on it but for the auditors I need to do a scan somehow to make them happy.

Has anyone heard of such a thing for VMS?

Thanks,
Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
17 REPLIES 17
Hoff
Honored Contributor

Re: Need something to scan for SSNs & CCNs

I've not seen nor heard of such a tool.

You could use the same "magic pixie dust" scanner used on Unix, either invoked under bash/GNV on OpenVMS, or after a quick port over of the core of the logic -- which is probably awk or grep or such -- and this port can use one of the existing ports of awk or grep.

I use "magic pixie dust" here as it is certain that the social security number scanner could miss these (no check digit), and it's certainly feasible for a credit card number to mis-fire due to the various formats and encodings that are feasible. Though a check digit is usually available, the exact formats can and do differ.

http://www.merriampark.com/anatomycc.htm

You could cover a fair amount of territory with little more than one of the available grep ports and a little time spent on the regular expressions needed. (The patterns are probably already in your "magic pixie dust" scanner, too.)

The basic command is grep -R -i "pattern"

And you can find grep ports on the Freeware.

http://mvb.saic.com/freeware/

http://www.google.com/search?hl=en&q=site%3Amvb.saic.com+grep&btnG=Google+Search


Robert Gezelter
Honored Contributor

Re: Need something to scan for SSNs & CCNs

Vic,

I would agree with Hoff. If for no other reason, the auditors have blessed the patterns being used on the *IX platforms. The precise patterns that were scanned for can often be important in these situations.

Even if you are manually using GREP on OpenVMS, please use precisely the sanctioned patterns. It will save the effort of re-doing the scan.

- Bob Gezelter, http://www.rlgsc.com
John Gillings
Honored Contributor

Re: Need something to scan for SSNs & CCNs

Vic,

Do you really expect to find any on an ancient VAX?

I don't know about SSNs, but credit card numbers are a fairly specific pattern, with predictable leading numbers, and there are fairly simple sanity check algorithms which you should be able to find using Google.

Use someting like grep to look for suspects, then apply the check algorithm to filter further.
A crucible of informative mistakes
Victor Semaska_3
Esteemed Contributor

Re: Need something to scan for SSNs & CCNs

Well it looks like I'll have to write something of my own. I would like to install grep & awk so I could use the same Extended Regular Expressions that are used in the *nix scripts.

Hoff, I followed the link to freeware that you provided but didn't see any index on where grep & awk would be located. So what I did is go here:

http://www.openvms.compaq.com/openvms/freeware/

and download the CDs. So far I've tried installing grep but it fails when I ran @VMSMAKE.COM. I get this several times:

if (our_path == NULL && !gopher_setup)
.............................^
%CC-E-UNDECLARED, In this statement, "gopher_setup" is not declared.
At line number 393 in DKA200:[SEMASKA.FREE.1.GREP.UNZIP]SHELL_MUNG.C;1.

Never programmed in C so I don't know how to fix it. Any ideas? It has been such a long time since I've worked on VMS.

Does anyone have executables of grep & awk that I can get a copy of?

John,

I don't expect to find SSNs or CCNs on the VAXstation but the auditors said that all servers have to be scanned. They want evidence of this being done so I have no choice.


There are 10 kinds of people, one that understands binary and one that doesn't.
Hoff
Honored Contributor

Re: Need something to scan for SSNs & CCNs

The Google "site:" keyword helps target the search, and particularly to a site that contains massive quantities of Freeware -- that is centrally why I provided two URLs:
http://www.google.com/search?hl=en&q=site%3Amvb.saic.com+grep&btnG=Google+
Search

The fourth hit in that Google search is this:

http://mvb.saic.com/freeware/freewarev40/grep/vax/

The HP site (compaq.com or otherwise) doesn't have a particularly good nor complete collection of Freeware for OpenVMS, which is centrally why I pointed you to what I consider a better and far more extensive site.

The other current option is the gnv kit, but I have no idea if gnv has made it as far back as OpenVMS VAX V6.2. (I'd guess not.) You are far enough back to have access to the POSIX kit however, and POSIX has many of these commands. POSIX was a POSIX Unix C shell for OpenVMS, and has many typical commands; it's the forerunner of the gnv
stuff.

Hunter has copies of both grep and gawk posted at the Process server, too.

http://vms.process.com/fileserv-software.html

I've posted up pointers to various tools in the OpenVMS Frequently Asked Questions (FAQ), which is available at:

http://www.hoffmanlabs.com/vmsfaq

The FAQ has a whole section on finding Unix tools. (I'm not pointing you at the copy of the FAQ over at the HP site here because that version is comparatively stale.)

Or you can fix the source code. Which particular grep did you try? This looks to be a fairly straightforward C syntax error.

Stephen Hoffman
HoffmanLabs LLC

--

NB: The "Need something to search for SSNs & CCNs" question here was is also cross-posted out into comp.os.vms.
Steven Schweda
Honored Contributor

Re: Need something to scan for SSNs & CCNs

> [...] POSIX [...]

Ooh. There's a stroll down memory lane.

psx> man grep

grep
The grep utility searches for and matches patterns in a text
file.
[...]

Even the fancy ones:

psx> man egrep

egrep
The egrep and fgrep utilities search for and match patterns in a
text file.
[...]

psx> uname -a
POSIX_for_OpenVMS_VAX GIMP V2.0(V2.0) V6.2 VAX_4000-200 VAX

And the price is right, too, as I recall.
John Gillings
Honored Contributor

Re: Need something to scan for SSNs & CCNs

Vic,
Semi serious suggestion...

$ CREATE SCAN_FOR_SSN_CCN.COM
$ DECK
$ WRITE SYS$OUTPUT "Scanning for SSN's and CCN's at ",F$TIME()
$ SEARCH disk1:[000000...]*.* "CCN's in Standard Format","SSN's in Standard Format"
$ WRITE SYS$OUTPUT "Scan complete at ",F$TIME()
$ EOD

Repeat for each disk. Take a log of the run and submit it as a report to your auditors.

It's probably as accurate as anything other simple minded test, and you can honestly say you've performed a scan of all files on the system.

A crucible of informative mistakes
Wim Van den Wyngaert
Honored Contributor

Re: Need something to scan for SSNs & CCNs

You will need to read the files as backup /ign=interlock is doing or you will miss the exclusive open files.

And what if the data is split between lines or blocks ? Or with abnormal formatting ?

Wim
Wim
labadie_1
Honored Contributor

Re: Need something to scan for SSNs & CCNs

Hello

I guess this is not your data, as if it was, you would know what files are on the various disks, and how the data is organised.
May be a merge of companies ?

If the sensitive data is (more or less) crypted, using just a compression tool or something more serious, various search or grep will find nothing.