<html>
<head>
</head>
<body>
The whole process was completed by a sh script run as root, and the text
files are "extractions" of "security" data. The final platform (where the
file will be unzipped, untarred, and read) is in all probability Windows
of some ilk. The header from the script reads as follows (anyone ever heard
of these guys?), and yes, corporate has engaged our auditors to do this "security
audit". So, the thought is possibly these gyrations are because this format
of tar/zip could be readable by some program on Windows? And yes, I changed
all the passwords after running the script.<br>
<br>
#################################################################<br>
# <i>SekChek(r</i>) for UNIX V4.6.0<br>
# Script file to extract security information from UNIX<br>
#<br>
# Copyright SekChek IPS 1996-2002. All rights reserved.<br>
# SekChek is a registered trademark of SekChek IPS.<br>
# E-Mail: <a class="moz-txt-link-abbreviated" href="mailto:inbox@sekchek.com">inbox@sekchek.com</a><br>
# Tel: +27 (11) 789 5329<br>
#################################################################<br>
<br>
<br>
Fred James wrote: <br>
<blockquote type="cite">The zip'd file in question, it has a couple of curious
features to its creation. I am not sure why the contortions but here is
how it is made: <br>
(1) First of course there are a bunch of text files created by the a script.
<br>
(2) These text files are tar'd together, but without the .tar extension (I
know the .tar is not required but is normally included). <br>
(3) The tar file is then compressed using the command "compress" which generates
a file with a .Z extension (note the capital Z) <br>
</blockquote>
<br>
I could guess that it was designed for a FAT16 style filesystem (older <br>
DOS 8.3 names). <br>
<br>
<blockquote type="cite">(4) Finally, the compressed file is renamed to
change the .Z to .z (note, capital to lower case) <br>
</blockquote>
<br>
Certainly not needed for DOS 8.3... .z in Unix is the extension <br>
typically associated with pack (the older Huffman compression <br>
algorithm). <br>
<br>
<blockquote type="cite">This is all done on a UNIX system. <br>
<br>
Does anyone have a guess as to why? <br>
<br>
</blockquote>
<br>
Not enough info to guess that. Perhaps if you could tell us <br>
more about the content itself. <br>
<br>
<br>
<br>
Bug Hunter wrote:<br>
<blockquote type="cite" cite="mid:Pine.LNX.4.44.0210071707140.9124-100000@one.ctelcom.net">
<pre wrap="">On Mon, 7 Oct 2002, Fred James wrote:<br><br></pre>
<blockquote type="cite">
<pre wrap="">The zip'd file in question, it has a couple of curious features to its <br>creation. I am not sure why the contortions but here is how it is made:<br>(1) First of course there are a bunch of text files created by the a script.<br></pre>
</blockquote>
<pre wrap=""><!----><br> run as what user?<br><br><br></pre>
<blockquote type="cite">
<pre wrap="">(2) These text files are tar'd together, but without the .tar extension <br>(I know the .tar is not required but is normally included).<br></pre>
</blockquote>
<pre wrap=""><!----><br><br> a personal preference as far as the name. The tar preserves the UID and <br>permissions.<br><br><br></pre>
<blockquote type="cite">
<pre wrap="">(3) The tar file is then compressed using the command "compress" which <br>generates a file with a .Z extension (note the capital Z)<br></pre>
</blockquote>
<pre wrap=""><!----><br> this is standard<br><br><br></pre>
<blockquote type="cite">
<pre wrap="">(4) Finally, the compressed file is renamed to change the .Z to .z <br>(note, capital to lower case)<br></pre>
</blockquote>
<pre wrap=""><!----><br> interesting. don't know why. People may do this due to microsoft <br>windows having problems recognizing upper case. I think the newer pkzip <br>will recognize a tar file and uncompress/untar it<br><br><br></pre>
<blockquote type="cite">
<pre wrap="">This is all done on a UNIX system.<br><br>Does anyone have a guess as to why?<br><br><br></pre>
</blockquote>
<pre wrap=""><!----><br></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="$mailwrapcol">--
small is beautiful
</pre>
<br>
</body>
</html>