[NTLUG:Discuss] regarding a zip'd file

Fred James fredjame at concentric.net
Mon Oct 7 17:26:56 CDT 2002 

The whole process was completed by a sh script run as root, and the text 
files are "extractions" of "security" data.  The final platform (where 
the file will be unzipped, untarred, and read) is in all probability 
Windows of some ilk.  The header from the script reads as follows 
(anyone ever heard of these guys?), and yes, corporate has engaged our 
auditors to do this "security audit".  So, the thought is possibly these 
gyrations are because this format of tar/zip could be readable by some 
program on Windows?  And yes, I changed all the passwords after running 
the script.

#################################################################
# SekChek(r) for UNIX V4.6.0
# Script file to extract security information from UNIX
#
# Copyright SekChek IPS 1996-2002. All rights reserved.
# SekChek is a registered trademark of SekChek IPS.
# E-Mail: inbox at sekchek.com
# Tel: +27 (11) 789 5329
#################################################################


Fred James wrote:

> The zip'd file in question, it has a couple of curious features to its 
> creation.  I am not sure why the contortions but here is how it is made:
> (1) First of course there are a bunch of text files created by the a 
> script.
> (2) These text files are tar'd together, but without the .tar 
> extension (I know the .tar is not required but is normally included).
> (3) The tar file is then compressed using the command "compress" which 
> generates a file with a .Z extension (note the capital Z)


I could guess that it was designed for a FAT16 style filesystem (older
DOS 8.3 names).

> (4) Finally, the compressed file is renamed to change the .Z to .z 
> (note, capital to lower case)


Certainly not needed for DOS 8.3... .z in Unix is the extension
typically associated with pack (the older Huffman compression
algorithm).

> This is all done on a UNIX system.
>
> Does anyone have a guess as to why?
>

Not enough info to guess that.  Perhaps if you could tell us
more about the content itself.



Bug Hunter wrote:

>On Mon, 7 Oct 2002, Fred James wrote:
>
>>The zip'd file in question, it has a couple of curious features to its 
>>creation.  I am not sure why the contortions but here is how it is made:
>>(1) First of course there are a bunch of text files created by the a script.
>>
>
>  run as what user?
>
>
>>(2) These text files are tar'd together, but without the .tar extension 
>>(I know the .tar is not required but is normally included).
>>
>
>
>  a personal preference as far as the name.  The tar preserves the UID and 
>permissions.
>
>
>>(3) The tar file is then compressed using the command "compress" which 
>>generates a file with a .Z extension (note the capital Z)
>>
>
>  this is standard
>
>
>>(4) Finally, the compressed file is renamed to change the .Z to .z 
>>(note, capital to lower case)
>>
>
>  interesting.  don't know why.   People may do this due to microsoft 
>windows having problems recognizing upper case.  I think the newer pkzip 
>will recognize a tar file and uncompress/untar it
>
>
>>This is all done on a UNIX system.
>>
>>Does anyone have a guess as to why?
>>
>>
>

-- 
small is beautiful


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ntlug.org/pipermail/discuss/attachments/20021007/3df606d9/attachment.html

More information about the Discuss mailing list