Compare commits
25 Commits
debian/1.4
...
kali/maste
Author | SHA1 | Date |
---|---|---|
Kali Janitor | bf00190b30 | |
Kali Janitor | 1cb4133e42 | |
Kali Janitor | ad99a707bb | |
Kali Janitor | 5f804c832e | |
Ben Wilson | 3867a7e9e6 | |
Ben Wilson | 55de73e6d7 | |
Kali Janitor | 6f55984067 | |
Kali Janitor | 224c8c657b | |
Kali Janitor | 29a75ac32a | |
Raphaël Hertzog | 1945fd02c5 | |
Raphaël Hertzog | d95035d10e | |
Sophie Brun | 159c4cae8b | |
Sophie Brun | d9646d4ea8 | |
Sophie Brun | f316e443f5 | |
Sophie Brun | a9c6e42506 | |
Sophie Brun | 5941c0ab60 | |
Sophie Brun | 2f7ed845ff | |
Sophie Brun | 262a00acf6 | |
Sophie Brun | f15d4367e9 | |
Sophie Brun | f386a7dc27 | |
Raphaël Hertzog | fcc0947642 | |
Raphaël Hertzog | 70b3ebb514 | |
Raphaël Hertzog | 339d5d76af | |
Mati Aharoni (Kali Linux Developer) | a2a61e4233 | |
Devon Kearns | f167709be9 |
|
@ -1,5 +1,29 @@
|
|||
unix-privesc-check (1.4-0kali1) kali-dev; urgency=medium
|
||||
|
||||
[ Raphaël Hertzog ]
|
||||
* Update Maintainer field
|
||||
* Update Vcs-* fields for the move to gitlab.com
|
||||
* Add GitLab's CI configuration file
|
||||
|
||||
[ Sophie Brun ]
|
||||
* New upstream version 1.4
|
||||
|
||||
-- Sophie Brun <sophie@offensive-security.com> Wed, 21 Aug 2019 10:00:50 +0200
|
||||
|
||||
unix-privesc-check (1.4~svn361-1kali2) kali; urgency=low
|
||||
|
||||
* Updated watch file
|
||||
|
||||
-- Mati Aharoni <muts@kali.org> Sun, 12 Jan 2014 15:19:30 -0500
|
||||
|
||||
unix-privesc-check (1.4~svn361-1kali1) kali; urgency=low
|
||||
|
||||
* Revision bump to re-build
|
||||
|
||||
-- Devon Kearns <dookie@kali.org> Sun, 23 Dec 2012 06:27:04 -0700
|
||||
|
||||
unix-privesc-check (1.4~svn361-1kali0) kali; urgency=low
|
||||
|
||||
* Initial release
|
||||
* Initial release
|
||||
|
||||
-- Devon Kearns <dookie@kali.org> Thu, 20 Dec 2012 15:42:35 -0700
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
8
|
|
@ -1,25 +1,28 @@
|
|||
Source: unix-privesc-check
|
||||
Section: utils
|
||||
Priority: extra
|
||||
Maintainer: Devon Kearns <dookie@kali.org>
|
||||
Build-Depends: debhelper (>= 8.0.0)
|
||||
Standards-Version: 3.9.3
|
||||
Homepage: http://pentestmonkey.net/tools/audit/unix-privesc-check
|
||||
Vcs-Git: ssh://git@git.kali.org/packages/unix-privesc-check.git
|
||||
Vcs-Browser: http://git.kali.org/gitweb/?p=packages/unix-privesc-check.git;a=summary
|
||||
Priority: optional
|
||||
Maintainer: Kali Developers <devel@kali.org>
|
||||
Uploaders: Devon Kearns <dookie@kali.org>,
|
||||
Mati Aharoni <muts@kali.org>,
|
||||
Sophie Brun <sophie@offensive-security.com>,
|
||||
Build-Depends: debhelper-compat (= 12)
|
||||
Standards-Version: 4.6.2
|
||||
Homepage: https://pentestmonkey.net/tools/audit/unix-privesc-check
|
||||
Vcs-Git: https://gitlab.com/kalilinux/packages/unix-privesc-check.git
|
||||
Vcs-Browser: https://gitlab.com/kalilinux/packages/unix-privesc-check
|
||||
|
||||
Package: unix-privesc-check
|
||||
Architecture: all
|
||||
Depends: ${misc:Depends}
|
||||
Description: Script to check for simple privilege escalation vectors
|
||||
Unix-privesc-checker is a script that runs on Unix systems
|
||||
(tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2).
|
||||
It tries to find misconfigurations that could allow local
|
||||
unprivileged users to escalate privileges to other users or
|
||||
Unix-privesc-checker is a script that runs on Unix systems
|
||||
(tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2).
|
||||
It tries to find misconfigurations that could allow local
|
||||
unprivileged users to escalate privileges to other users or
|
||||
to access local apps (e.g. databases).
|
||||
.
|
||||
It is written as a single shell script so it can be easily
|
||||
uploaded and run (as opposed to un-tarred, compiled and
|
||||
installed). It can run either as a normal user or as root
|
||||
(obviously it does a better job when running as root because
|
||||
it can read more files).
|
||||
It is written as a single shell script so it can be easily
|
||||
uploaded and run (as opposed to un-tarred, compiled and
|
||||
installed). It can run either as a normal user or as root
|
||||
(obviously it does a better job when running as root because
|
||||
it can read more files).
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
||||
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
||||
Upstream-Name: unix-privesc-check
|
||||
Source: http://pentestmonkey.net/tools/audit/unix-privesc-check
|
||||
|
||||
Files: *
|
||||
Copyright: 2008 pentestmonkey@pentestmonkey.net
|
||||
License: GPL-2+
|
||||
License: GPL-2+-special
|
||||
This tool may be used for legal purposes only. Users take
|
||||
full responsibility for any actions performed using this
|
||||
tool. The author accepts no liability for damage caused by
|
||||
|
@ -12,7 +12,7 @@ License: GPL-2+
|
|||
are prohibited from using this tool.
|
||||
.
|
||||
In all other respects the GPL version 2 applies:
|
||||
|
||||
.
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
docs/AUTHORS
|
||||
docs/CHANGELOG
|
||||
docs/CHANGELOG
|
||||
docs/TODO
|
|
@ -0,0 +1,10 @@
|
|||
[DEFAULT]
|
||||
debian-branch = kali/master
|
||||
debian-tag = kali/%(version)s
|
||||
pristine-tar = True
|
||||
|
||||
[pq]
|
||||
patch-numbers = False
|
||||
|
||||
[dch]
|
||||
multimaint-merge = True
|
|
@ -0,0 +1,2 @@
|
|||
include:
|
||||
- https://gitlab.com/kalilinux/tools/kali-ci-pipeline/raw/master/recipes/kali.yml
|
|
@ -1,13 +1,7 @@
|
|||
#!/usr/bin/make -f
|
||||
# -*- makefile -*-
|
||||
# Sample debian/rules that uses debhelper.
|
||||
# This file was originally written by Joey Hess and Craig Small.
|
||||
# As a special exception, when this file is copied by dh-make into a
|
||||
# dh-make output file, you may use that output file without restriction.
|
||||
# This special exception was added by Craig Small in version 0.37 of dh-make.
|
||||
|
||||
# Uncomment this to turn on verbose mode.
|
||||
#export DH_VERBOSE=1
|
||||
# output every command that modifies files on the build system.
|
||||
#export DH_VERBOSE = 1
|
||||
|
||||
%:
|
||||
dh $@
|
||||
dh $@
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
Test-Command: unix-privesc-check -h
|
||||
Restrictions: superficial
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
Bug-Database: https://github.com/pentestmonkey/unix-privesc-check/issues
|
||||
Bug-Submit: https://github.com/pentestmonkey/unix-privesc-check/issues/new
|
||||
Repository: https://github.com/pentestmonkey/unix-privesc-check.git
|
||||
Repository-Browse: https://github.com/pentestmonkey/unix-privesc-check
|
|
@ -0,0 +1,2 @@
|
|||
version=4
|
||||
http://pentestmonkey.net/tools/audit/unix-privesc-check /tools/unix-privesc-check/unix-privesc-check-([\d\.]+)\.(?:tgz|tbz2|txz|tar\.gz|tar\.bz2|tar\.xz|sh)
|
|
@ -1,3 +0,0 @@
|
|||
pentestmonkey <pentestmonkey@pentestmonkey.net>
|
||||
Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
Tim Brown <timb@nth-dimension.org.uk>
|
453
docs/CHANGELOG
453
docs/CHANGELOG
|
@ -1,453 +0,0 @@
|
|||
2012-11-14 unix-privesc-check trunk
|
||||
|
||||
* Tidied docs/CHANGELOG
|
||||
* Updated docs/HACKING
|
||||
* Tidied upc.sh
|
||||
* Added tools/generate_docs.sh to generate stub documentation for
|
||||
lib/misc/* and lib/checks/*
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2012-11-05 unix-privesc-check trunk
|
||||
|
||||
* Add support for PostgreSQL
|
||||
* Added lib/checks/postgresql_configuration
|
||||
* Added lib/checks/postgresql_connection
|
||||
* Added lib/checks/postgresql_trust
|
||||
* Added lib/misc/postgresql
|
||||
* Added lib/misc/ldap and lib/checks/ldap_authentication
|
||||
* Added lib/misc/nis and lib/checks/nis_authentication
|
||||
* Added lib/checks/privileged_arguments to verify if textual
|
||||
privileged files (like bash scripts) accept arguments from command line
|
||||
* Added lib/misc/init and support in lib/misc/privileged
|
||||
* Added security check to verify device mount options: dev, suid, user
|
||||
* Added function file_is_basename to lib/misc/file
|
||||
* Renamed lib/checks/devices to lib/checks/devices_permission
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
|
||||
2012-11-02 unix-privesc-check trunk
|
||||
|
||||
* Bug fix: uname on Solaris returns SunOS
|
||||
* Added lib/misc/device and lib/checks/devices to verify world-readable and
|
||||
world-writable permission on all device files including swap device(s)
|
||||
* Improved lib/misc/cron to correctly handle PATH variable from /etc/crontab
|
||||
and to differentiate programs lauched by /etc/crontab with
|
||||
/etc/cron.[hourly|daily|monthly]
|
||||
* Added lib/checks/privileged_environment_variables to verify if textual
|
||||
privileged files (like bash scripts) use environment variables
|
||||
* Improved lib/checks/privileged_tmp to also process textual privileged
|
||||
files (like bash scripts)
|
||||
* Added binary_matches_string_grep function to lib/misc/binary to avoid
|
||||
interpreting the pattern as an extended regular expression
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
|
||||
2012-11-01 unix-privesc-check trunk
|
||||
|
||||
* Bug fix: Return value in lib/misc/binary
|
||||
* Bug fix: Avoid recursing the linker_list_dependencies function
|
||||
* Added lib/misc/inittab and support in lib/misc/privileged
|
||||
* Improved lib/checks/system_configuration check to display also sensitive
|
||||
directories and their content
|
||||
* Improved lic/checks/system_configuration to notify about writable
|
||||
configuration files by non-root users
|
||||
* More detailed stdout messages for file owner condition across
|
||||
lib/checks/*
|
||||
* Updated the lib/misc/shadow and lib/checks/shadow_hash to display a
|
||||
warning message when the password hashes file is readable
|
||||
* Cleaned the code of libs/checks/privileged_dependency
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
|
||||
2012-10-31 unix-privesc-check trunk
|
||||
|
||||
* Added lib/misc/cron to parse /etc/cron*, /var/spool/cron/crontabs/*,
|
||||
crontab -l and used it in lib/misc/privileged
|
||||
* Enhanced process_show_command function to process /proc/PID/environ and
|
||||
return script file path instead of ruby, perl, bash, etc
|
||||
* Added parse_environ_cwd function to parse /proc/PID/environ file and
|
||||
extract the process current working directory
|
||||
* Added a preliminary check to all functions that call objdump to ensure
|
||||
the file is not a textual file (like a bash script, etc)
|
||||
* Added other file paths to check for permissions in
|
||||
lib/checks/system_configuration
|
||||
* Added file_is_directory function to lib/misc/file
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
|
||||
2012-10-30 unix-privesc-check trunk
|
||||
|
||||
* Added lib/checks/sudo to verify permissions on /etc/sudoers and its
|
||||
entries
|
||||
* Added functions to parse /etc/sudoers to lib/misc/sudo
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
|
||||
2012-10-28 unix-privesc-check trunk
|
||||
|
||||
* Added lib/checks/history_readable to list all readable .*_history
|
||||
files
|
||||
* Added lib/checks/homedirs_executable and lib/checks/homedirs_writable
|
||||
* Added lib/checks/system_configuration to list writable permissions on
|
||||
system configuration files and directories
|
||||
* Added support for --verbose switch
|
||||
* Added passwd_show_homedir function to lib/misc/passwd
|
||||
* Aligned test types (symlinks) to all recently developed security checks
|
||||
* Bug fix: group_is_in_group_name function
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
|
||||
2012-10-22 unix-privesc-check trunk
|
||||
|
||||
* Added lib/checks/privileged_nx
|
||||
* Added lib/checks/privileged_relro
|
||||
* Added lib/misc/kernel
|
||||
* Added lib/checks/system_aslr
|
||||
* Added lib/checks/system_mmap
|
||||
* Added lib/checks/system_nx
|
||||
* Added lib/checks/system_selinux
|
||||
* Added permission_is_world_writable_sticky_bit function to
|
||||
lib/misc/permission
|
||||
* Added support to verify sticky bit against world-writable directories
|
||||
* Renamed lib/checks/banned_* to lib/checks/privileged_*
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
|
||||
2012-10-22 unix-privesc-check trunk
|
||||
|
||||
* Added lib/misc/validation and modified lib/misc/* to use it.
|
||||
The aim is to sanity check that libraries are being called
|
||||
correctly. We can improve this over time
|
||||
* Bug fix: Renamed validation_is_regex to validation_matches_regex
|
||||
in lib/misc/validation
|
||||
* Bug fix: validation_matches_regex test was wrong, should be -n
|
||||
not -r in lib/misc/validation
|
||||
* Bug fix: Added inclusion checks to prevent multiple inclusions
|
||||
* Bug fix: Changed lib/misc/* to catch data returned by
|
||||
validate_is_*
|
||||
* Removed unnecessary calls to file_check_or_generate_cache in
|
||||
lib/misc/checks/*
|
||||
* Updated symlinks for different types of scan
|
||||
* Removed tools/banned.h
|
||||
* Tidied up formatting
|
||||
* Fixed AIX specific bug with checking users don't have a password
|
||||
of ! in lib/checks/passwd_hashes
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2012-10-21 unix-privesc-check trunk
|
||||
|
||||
* Added library to parse patterns, for now implements only one function to
|
||||
extract and return all absolute file paths, parse_extract_absolute_filepaths
|
||||
* Added lib/misc/sudo
|
||||
* Added sudo support to lib/misc/privileged
|
||||
* Added lib/misc/user
|
||||
* Added lib/misc/group
|
||||
* Added lib/misc/permission
|
||||
* Added file_is_readable function to lib/misc/file
|
||||
* Added two functions to lib/misc/file
|
||||
* file_exists_file and file_is_regular_file
|
||||
* Added validate_is_boolean function to lib/misc/validate
|
||||
* Added support for --color switch to enable output coloring
|
||||
* Updated lib/checks/jar and lib/checks/key_material
|
||||
* Removed one cycle, minor refactoring and use lib/misc/user and
|
||||
lib/misc/group
|
||||
* Ported all calls to id command through the code to their relevant
|
||||
user/group libraries functions
|
||||
* Bug fix: Missing import bug in lib/checks/binary_rpath
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
|
||||
2012-10-21 unix-privesc-check trunk
|
||||
|
||||
* Bug fix: Changed $VERSION to ${VERSION} etc in upc.sh
|
||||
* Removed old TODOs from lib/checks/set[ug]id
|
||||
* Bug fix: Removed symlink exclusion in lib/misc/file cache
|
||||
generation
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2012-10-20 unix-privesc-check trunk
|
||||
|
||||
* Minor improvements to lib/misc/linker
|
||||
* Bug fix: Avoid using file as variable name
|
||||
* Bug fix: Use grep instead of egrep in one file function
|
||||
* Consolidated the stdout to clarify where the warning message throughout
|
||||
lib/checks/binary_*
|
||||
* Improved lib/checks/key_material and lib/checks/jar to show more detailed stdout
|
||||
* Major speedup to lib/checks/group_writable and lib/checks/world_writable
|
||||
* Re-engineered lib/checks/binary_dependency
|
||||
* Improved lib/checks/binary_rpath and lib/checks/binary_writable to also verify
|
||||
write access by non-root users
|
||||
* Refactored lib/checks/system_libraries code
|
||||
* Added function to check for SSH key files permissions to lib/checks/ssh_agent
|
||||
* Renamed lib/checks/ssh_key_unencrypted to lib/checks/ssh_key
|
||||
* Consolidated lib/checks/ssh_agent and lib/checks/ssh_key checks to also
|
||||
show encrypted key files
|
||||
* Removed exclusions from lib/checks/credentials
|
||||
* Created lib/misc/file function file_is_textual
|
||||
* Improved file_show_symlinked_filename function to be recursive and always
|
||||
return the real linked filename
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
|
||||
2012-10-19 unix-privesc-check trunk
|
||||
|
||||
* Re-engineered check lib/checks/binary_rpath
|
||||
* Fixed the file_parent_traverse function call in lib/checks/binary_writable
|
||||
and lib/checks/system_libraries
|
||||
* Fixed some more checks' descriptions
|
||||
* Bug fix: Syntax fix in lib/misc/binary
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
|
||||
2012-10-18 unix-privesc-check trunk
|
||||
|
||||
* Tidied up upc.sh, added an additional error check
|
||||
* Purged dummy, replaced with _ after suggestion from BDA
|
||||
* Bug fix: No longer considers "enabled" as a check
|
||||
* Changed lib/misc/privileged to split out cache generation so that it
|
||||
happens on inclusion
|
||||
* Bug fix: Removed unintentional trailing space from file cache
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2012-10-18 unix-privesc-check trunk
|
||||
|
||||
* Bug fix: Fixed regexp patterns to avoid returning directories in
|
||||
lib/misc/privileged and lib/misc/file
|
||||
|
||||
-- <pentestmonkey@pentestmonkey.net>
|
||||
|
||||
2012-10-18 unix-privesc-check trunk
|
||||
|
||||
* Added check lib/checks/binary_writable
|
||||
* Bug fix: Proper use of dirname in file_show_symlinked_filename function
|
||||
* Bug fix: Replaced STDIN redirection with cat for inetd configuration
|
||||
files parsing in lib/misc/linker
|
||||
* Bug fix: Avoid escaping a path with an asterisk in lib/misc/ssh_agent
|
||||
* Refactored check lib/checks/system_libraries code
|
||||
* Refactored check lib/checks/world_writable code
|
||||
* Refactored check lib/checks/binary_dependency code
|
||||
* Refactored checks lib/checks/setuid and lib/checks/setgid code
|
||||
* Improved a lot speed of lib/checks/jar and lib/checks/key_material
|
||||
* Improved lib/misc/ssh_agent to work on recent Linux distributions too
|
||||
and inspect /tmp folder for both SSH agent parent process and pid-1
|
||||
* Avoid duplicate processes entries in lib/misc/privileged
|
||||
* Improved regular expression patterns throughout the code
|
||||
* Added --check and --version switches to upc.sh
|
||||
* Added description to missing checks
|
||||
* Added verbose comment to lib/checks/ssh_key_unencrypted with suggestions
|
||||
for improvements
|
||||
* Set subversion properties on all missing files
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
|
||||
2012-10-18 unix-privesc-check trunk
|
||||
|
||||
* Changed lib/misc/shadow to favour 1 egrep over 2 greps
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2012-10-17 unix-privesc-check trunk
|
||||
|
||||
* Added lib/checks/binary_path
|
||||
* Added lib/checks/binary_random
|
||||
* Changed stdio_message_error to output to STDERR
|
||||
in lib/misc/stdio
|
||||
* Removed date from output (reverting BDA change)
|
||||
* Updated lib/misc/ssh_agent
|
||||
* Updated lib/misc/shadow
|
||||
* Updated lib/misc/process (reverting BDA change)
|
||||
* Updated lib/misc/privileged (partially reverting BDA change)
|
||||
* Kept the caching code
|
||||
* Kept variable name changed to make the code more readable
|
||||
* Updated lib/misc/passwd
|
||||
* Updated lib/misc/linker (reverting BDA change)
|
||||
* Updated lib/misc/inetd (reverting BDA change)
|
||||
* Updated lib/misc/dependencies to disable for now. The
|
||||
principal is solid, but it needs more consideration.
|
||||
For example, why does only lib/misc/binary need dependencies,
|
||||
what happens on non-Linux systems etc
|
||||
* Added docs/HACKING. I will need to work on it but it should
|
||||
help to smooth the path for new hackers :)
|
||||
* Updated lib/misc/file (partially reverting BDA change)
|
||||
* Kept symlink related code
|
||||
* Kept permissions related code
|
||||
* Changed lib/misc/privileged to use file_list_by_perms
|
||||
correctly. Bonus, reduction of loops
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2012-10-17 unix-privesc-check trunk
|
||||
|
||||
* Added binary_banned_api function to lib/misc/binary
|
||||
* Added file_show_symlinked_file function to lib/misc/file
|
||||
* Added code comments to lib/misc/file
|
||||
* Added cashing mechanism to lib/misc/privileged
|
||||
* Added file headers throughout the source code
|
||||
* Added checks' description in comment headers
|
||||
* Added date to standard output function
|
||||
* Added an error message log function
|
||||
* Added notification of needed dependencies (binutils package)
|
||||
* Narrowed down regular expression patterns in some checks
|
||||
* Refactored check lib/checks/credentials code and exclude man pages and
|
||||
python/ruby/perl libraries
|
||||
* Refactored check lib/checks/binary_dependency code
|
||||
* Refactored check lib/checks/group_writable code
|
||||
* Removed unnecessary Linux-specific code from lib/misc/process
|
||||
* Standardized checks' standard output and removed unnecessary lines
|
||||
|
||||
-- Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
|
||||
2012-09-23 unix-privesc-check trunk
|
||||
|
||||
* Bug fix: Changed from stdio_message_debug to stdio_message_warn
|
||||
in lib/checks/binary_banned
|
||||
* Bug fix: Incorrect symlink checking in binary_dependency,
|
||||
binary_rpath, world_writable and group_writable
|
||||
* Added support for PIE to lib/misc/binary
|
||||
* Added lib/checks/binary_pie
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2012-09-22 unix-privesc-check trunk
|
||||
|
||||
* Started adding --help
|
||||
* Removed date from output
|
||||
* Bug fix: Changed $1 to ${1} etc
|
||||
* Added message when generating cache
|
||||
* Bug fix: Checking wrong variable in lib/misc/process
|
||||
* Added lib/misc/privileged
|
||||
* Changed string checks from "" to -n etc
|
||||
* Standardised variable names
|
||||
* Changed how checks are enabled, it is now possible to have
|
||||
different types of scan using --type
|
||||
* Added check for encryption to lib/checks/ssh_key_unencrypted
|
||||
* Renamed lib/checks/binary_changeprivs to
|
||||
lib/checks/binary_change_privileges
|
||||
* Updated docs/COPYING.UNIX-PRIVESC-CHECK to reference
|
||||
version 1 explicitly. This will allow version 2 into
|
||||
Debian and other free distributions
|
||||
* Added lib/checks/binary_banned
|
||||
* Added check for lack of XXX in lib/checks/tmp
|
||||
* Added check for DT_RUNPATH to lib/checks/binary_rpath
|
||||
* Started work on porting lib/misc/* to Solaris
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2012-09-11 unix-privesc-check trunk
|
||||
|
||||
* Branching 1.x at revision 26
|
||||
* 2.0 released
|
||||
* Bug fix: Typo in lib/checks/binary_dependency
|
||||
* Improved output of lib/checks/system_libraries,
|
||||
lib/checks/binary_dependency, lib/checks/binary_rpath
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2010-12-30 unix-privesc-check trunk
|
||||
|
||||
* Bug fix: Cleaned up a typo
|
||||
* Added support for fscaps
|
||||
* Updated CHANGELOG
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2010-11-09 unix-privesc-check trunk
|
||||
|
||||
* Bug fix: False positive if svn.simple directory is empty
|
||||
|
||||
-- <pentestmonkey@pentestmonkey.net>
|
||||
|
||||
2010-11-04 unix-privesc-check trunk
|
||||
|
||||
* Added unique issue numbers. Should help to generate reports
|
||||
|
||||
-- <pentestmonkey@pentestmonkey.net>
|
||||
|
||||
2010-04-17 unix-privesc-check trunk
|
||||
|
||||
* Bug fix: Now checks HP-UX swap permissions correctly
|
||||
* Bug fix: Cleaned up a few typos
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2010-09-27 unix-privesc-check trunk
|
||||
|
||||
* Added check for cleartext subversion passwords in home directory
|
||||
|
||||
-- <pentestmonkey@pentestmonkey.net>
|
||||
|
||||
2010-01-06 unix-privesc-check trunk
|
||||
|
||||
* Added support for exploit mitigations (HP-UX and Solaris)
|
||||
* Checks if shadow and passwd are writable, thanks jdv
|
||||
* Checks for SetUID shell scripts which might be racey
|
||||
* Improved NX and SSP checks (Linux only)
|
||||
* Bug fix: Cleaned up a few typos
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2009-09-23 unix-privesc-check trunk
|
||||
|
||||
* Bug fix: Cron jobs starting with '(' parsed properly
|
||||
* Checks perms on Java classpath
|
||||
|
||||
-- <pentestmonkey@pentestmonkey.net>
|
||||
|
||||
2009-09-06 unix-privesc-check trunk
|
||||
|
||||
* Added MMAP allows map to 0 exploit mitigation (Linux ATM)
|
||||
* Added SELinux exploit mitigation (Linux only)
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2009-07-30 unix-privesc-check v1.5
|
||||
|
||||
* Initial AIX support added
|
||||
* Check for exploit mitigations (Linux only ATM)
|
||||
* Brain dumped some more interesting things to check for into TODOs
|
||||
* Bug fix: Fixed typos in comments
|
||||
* Added SSP exploit mitigation (Linux only ATM)
|
||||
|
||||
-- Tim Brown <timb@nth-dimension.org.uk>
|
||||
|
||||
2008-11-23 unix-privesc-check v1.4
|
||||
|
||||
* Added check of file perms of shared libraries used by SUID programs
|
||||
* Tidied output slightly
|
||||
|
||||
2008-11-09 unix-privesc-check v1.3
|
||||
|
||||
* Bug fix: Parts of the script only worked with /bin/bash and not /bin/sh
|
||||
* Bug fix: Fixed typos in reporting for privescs via cron
|
||||
|
||||
2008-07-06 unix-privesc-check v1.2
|
||||
|
||||
* Added check of library dirs (/etc/ld.so.conf) for Linux
|
||||
* Crude check of programs called from shell scripts
|
||||
* Check of libraries used by each binary program (using ldd)
|
||||
* Check of hard-coded paths within binaries (using strings)
|
||||
* More verbose WARNING messages. All the explanation for a WARNING
|
||||
should now be on one line so you can grep for 'WARNING' and still
|
||||
understand the results
|
||||
* Check of file perms on open file handles of running processes
|
||||
* Check for running SSH agent. Lists keys if possible
|
||||
* Check for public and private SSH keys in home directories
|
||||
* Check for running GPG agent
|
||||
* Check for cron jobs in /var/spool/cron/tabs
|
||||
* Extra non-priv check for local postgres trusts
|
||||
* Bug fix: lanscan now used on HPUX to get interface names
|
||||
* Check if system is an NFS client (HPUX only)
|
||||
* Check if swap space is readable / writable
|
||||
|
||||
2008-04-17 unix-privesc-check v1.1
|
||||
|
||||
* Added check for accounts with no password in /etc/passwd
|
||||
* Record some basic info about the host (hostname, uname -a, interface IPs)
|
||||
|
||||
2008-02-01 unix-privesc-check v1.0
|
||||
|
||||
* Initial public release
|
339
docs/COPYING.GPL
339
docs/COPYING.GPL
|
@ -1,339 +0,0 @@
|
|||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 2, June 1991
|
||||
|
||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public
|
||||
License is intended to guarantee your freedom to share and change free
|
||||
software--to make sure the software is free for all its users. This
|
||||
General Public License applies to most of the Free Software
|
||||
Foundation's software and to any other program whose authors commit to
|
||||
using it. (Some other Free Software Foundation software is covered by
|
||||
the GNU Lesser General Public License instead.) You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
this service if you wish), that you receive source code or can get it
|
||||
if you want it, that you can change the software or use pieces of it
|
||||
in new free programs; and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to make restrictions that forbid
|
||||
anyone to deny you these rights or to ask you to surrender the rights.
|
||||
These restrictions translate to certain responsibilities for you if you
|
||||
distribute copies of the software, or if you modify it.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must give the recipients all the rights that
|
||||
you have. You must make sure that they, too, receive or can get the
|
||||
source code. And you must show them these terms so they know their
|
||||
rights.
|
||||
|
||||
We protect your rights with two steps: (1) copyright the software, and
|
||||
(2) offer you this license which gives you legal permission to copy,
|
||||
distribute and/or modify the software.
|
||||
|
||||
Also, for each author's protection and ours, we want to make certain
|
||||
that everyone understands that there is no warranty for this free
|
||||
software. If the software is modified by someone else and passed on, we
|
||||
want its recipients to know that what they have is not the original, so
|
||||
that any problems introduced by others will not reflect on the original
|
||||
authors' reputations.
|
||||
|
||||
Finally, any free program is threatened constantly by software
|
||||
patents. We wish to avoid the danger that redistributors of a free
|
||||
program will individually obtain patent licenses, in effect making the
|
||||
program proprietary. To prevent this, we have made it clear that any
|
||||
patent must be licensed for everyone's free use or not licensed at all.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. This License applies to any program or other work which contains
|
||||
a notice placed by the copyright holder saying it may be distributed
|
||||
under the terms of this General Public License. The "Program", below,
|
||||
refers to any such program or work, and a "work based on the Program"
|
||||
means either the Program or any derivative work under copyright law:
|
||||
that is to say, a work containing the Program or a portion of it,
|
||||
either verbatim or with modifications and/or translated into another
|
||||
language. (Hereinafter, translation is included without limitation in
|
||||
the term "modification".) Each licensee is addressed as "you".
|
||||
|
||||
Activities other than copying, distribution and modification are not
|
||||
covered by this License; they are outside its scope. The act of
|
||||
running the Program is not restricted, and the output from the Program
|
||||
is covered only if its contents constitute a work based on the
|
||||
Program (independent of having been made by running the Program).
|
||||
Whether that is true depends on what the Program does.
|
||||
|
||||
1. You may copy and distribute verbatim copies of the Program's
|
||||
source code as you receive it, in any medium, provided that you
|
||||
conspicuously and appropriately publish on each copy an appropriate
|
||||
copyright notice and disclaimer of warranty; keep intact all the
|
||||
notices that refer to this License and to the absence of any warranty;
|
||||
and give any other recipients of the Program a copy of this License
|
||||
along with the Program.
|
||||
|
||||
You may charge a fee for the physical act of transferring a copy, and
|
||||
you may at your option offer warranty protection in exchange for a fee.
|
||||
|
||||
2. You may modify your copy or copies of the Program or any portion
|
||||
of it, thus forming a work based on the Program, and copy and
|
||||
distribute such modifications or work under the terms of Section 1
|
||||
above, provided that you also meet all of these conditions:
|
||||
|
||||
a) You must cause the modified files to carry prominent notices
|
||||
stating that you changed the files and the date of any change.
|
||||
|
||||
b) You must cause any work that you distribute or publish, that in
|
||||
whole or in part contains or is derived from the Program or any
|
||||
part thereof, to be licensed as a whole at no charge to all third
|
||||
parties under the terms of this License.
|
||||
|
||||
c) If the modified program normally reads commands interactively
|
||||
when run, you must cause it, when started running for such
|
||||
interactive use in the most ordinary way, to print or display an
|
||||
announcement including an appropriate copyright notice and a
|
||||
notice that there is no warranty (or else, saying that you provide
|
||||
a warranty) and that users may redistribute the program under
|
||||
these conditions, and telling the user how to view a copy of this
|
||||
License. (Exception: if the Program itself is interactive but
|
||||
does not normally print such an announcement, your work based on
|
||||
the Program is not required to print an announcement.)
|
||||
|
||||
These requirements apply to the modified work as a whole. If
|
||||
identifiable sections of that work are not derived from the Program,
|
||||
and can be reasonably considered independent and separate works in
|
||||
themselves, then this License, and its terms, do not apply to those
|
||||
sections when you distribute them as separate works. But when you
|
||||
distribute the same sections as part of a whole which is a work based
|
||||
on the Program, the distribution of the whole must be on the terms of
|
||||
this License, whose permissions for other licensees extend to the
|
||||
entire whole, and thus to each and every part regardless of who wrote it.
|
||||
|
||||
Thus, it is not the intent of this section to claim rights or contest
|
||||
your rights to work written entirely by you; rather, the intent is to
|
||||
exercise the right to control the distribution of derivative or
|
||||
collective works based on the Program.
|
||||
|
||||
In addition, mere aggregation of another work not based on the Program
|
||||
with the Program (or with a work based on the Program) on a volume of
|
||||
a storage or distribution medium does not bring the other work under
|
||||
the scope of this License.
|
||||
|
||||
3. You may copy and distribute the Program (or a work based on it,
|
||||
under Section 2) in object code or executable form under the terms of
|
||||
Sections 1 and 2 above provided that you also do one of the following:
|
||||
|
||||
a) Accompany it with the complete corresponding machine-readable
|
||||
source code, which must be distributed under the terms of Sections
|
||||
1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
b) Accompany it with a written offer, valid for at least three
|
||||
years, to give any third party, for a charge no more than your
|
||||
cost of physically performing source distribution, a complete
|
||||
machine-readable copy of the corresponding source code, to be
|
||||
distributed under the terms of Sections 1 and 2 above on a medium
|
||||
customarily used for software interchange; or,
|
||||
|
||||
c) Accompany it with the information you received as to the offer
|
||||
to distribute corresponding source code. (This alternative is
|
||||
allowed only for noncommercial distribution and only if you
|
||||
received the program in object code or executable form with such
|
||||
an offer, in accord with Subsection b above.)
|
||||
|
||||
The source code for a work means the preferred form of the work for
|
||||
making modifications to it. For an executable work, complete source
|
||||
code means all the source code for all modules it contains, plus any
|
||||
associated interface definition files, plus the scripts used to
|
||||
control compilation and installation of the executable. However, as a
|
||||
special exception, the source code distributed need not include
|
||||
anything that is normally distributed (in either source or binary
|
||||
form) with the major components (compiler, kernel, and so on) of the
|
||||
operating system on which the executable runs, unless that component
|
||||
itself accompanies the executable.
|
||||
|
||||
If distribution of executable or object code is made by offering
|
||||
access to copy from a designated place, then offering equivalent
|
||||
access to copy the source code from the same place counts as
|
||||
distribution of the source code, even though third parties are not
|
||||
compelled to copy the source along with the object code.
|
||||
|
||||
4. You may not copy, modify, sublicense, or distribute the Program
|
||||
except as expressly provided under this License. Any attempt
|
||||
otherwise to copy, modify, sublicense or distribute the Program is
|
||||
void, and will automatically terminate your rights under this License.
|
||||
However, parties who have received copies, or rights, from you under
|
||||
this License will not have their licenses terminated so long as such
|
||||
parties remain in full compliance.
|
||||
|
||||
5. You are not required to accept this License, since you have not
|
||||
signed it. However, nothing else grants you permission to modify or
|
||||
distribute the Program or its derivative works. These actions are
|
||||
prohibited by law if you do not accept this License. Therefore, by
|
||||
modifying or distributing the Program (or any work based on the
|
||||
Program), you indicate your acceptance of this License to do so, and
|
||||
all its terms and conditions for copying, distributing or modifying
|
||||
the Program or works based on it.
|
||||
|
||||
6. Each time you redistribute the Program (or any work based on the
|
||||
Program), the recipient automatically receives a license from the
|
||||
original licensor to copy, distribute or modify the Program subject to
|
||||
these terms and conditions. You may not impose any further
|
||||
restrictions on the recipients' exercise of the rights granted herein.
|
||||
You are not responsible for enforcing compliance by third parties to
|
||||
this License.
|
||||
|
||||
7. If, as a consequence of a court judgment or allegation of patent
|
||||
infringement or for any other reason (not limited to patent issues),
|
||||
conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot
|
||||
distribute so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you
|
||||
may not distribute the Program at all. For example, if a patent
|
||||
license would not permit royalty-free redistribution of the Program by
|
||||
all those who receive copies directly or indirectly through you, then
|
||||
the only way you could satisfy both it and this License would be to
|
||||
refrain entirely from distribution of the Program.
|
||||
|
||||
If any portion of this section is held invalid or unenforceable under
|
||||
any particular circumstance, the balance of the section is intended to
|
||||
apply and the section as a whole is intended to apply in other
|
||||
circumstances.
|
||||
|
||||
It is not the purpose of this section to induce you to infringe any
|
||||
patents or other property right claims or to contest validity of any
|
||||
such claims; this section has the sole purpose of protecting the
|
||||
integrity of the free software distribution system, which is
|
||||
implemented by public license practices. Many people have made
|
||||
generous contributions to the wide range of software distributed
|
||||
through that system in reliance on consistent application of that
|
||||
system; it is up to the author/donor to decide if he or she is willing
|
||||
to distribute software through any other system and a licensee cannot
|
||||
impose that choice.
|
||||
|
||||
This section is intended to make thoroughly clear what is believed to
|
||||
be a consequence of the rest of this License.
|
||||
|
||||
8. If the distribution and/or use of the Program is restricted in
|
||||
certain countries either by patents or by copyrighted interfaces, the
|
||||
original copyright holder who places the Program under this License
|
||||
may add an explicit geographical distribution limitation excluding
|
||||
those countries, so that distribution is permitted only in or among
|
||||
countries not thus excluded. In such case, this License incorporates
|
||||
the limitation as if written in the body of this License.
|
||||
|
||||
9. The Free Software Foundation may publish revised and/or new versions
|
||||
of the General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies a version number of this License which applies to it and "any
|
||||
later version", you have the option of following the terms and conditions
|
||||
either of that version or of any later version published by the Free
|
||||
Software Foundation. If the Program does not specify a version number of
|
||||
this License, you may choose any version ever published by the Free Software
|
||||
Foundation.
|
||||
|
||||
10. If you wish to incorporate parts of the Program into other free
|
||||
programs whose distribution conditions are different, write to the author
|
||||
to ask for permission. For software which is copyrighted by the Free
|
||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||
make exceptions for this. Our decision will be guided by the two goals
|
||||
of preserving the free status of all derivatives of our free software and
|
||||
of promoting the sharing and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||
REPAIR OR CORRECTION.
|
||||
|
||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
convey the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program is interactive, make it output a short notice like this
|
||||
when it starts in an interactive mode:
|
||||
|
||||
Gnomovision version 69, Copyright (C) year name of author
|
||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, the commands you use may
|
||||
be called something other than `show w' and `show c'; they could even be
|
||||
mouse-clicks or menu items--whatever suits your program.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or your
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. Here is a sample; alter the names:
|
||||
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
|
||||
<signature of Ty Coon>, 1 April 1989
|
||||
Ty Coon, President of Vice
|
||||
|
||||
This General Public License does not permit incorporating your program into
|
||||
proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Lesser General
|
||||
Public License instead of this License.
|
|
@ -1,6 +0,0 @@
|
|||
Version 1 of this tool may be used for legal purposes only. Users take full
|
||||
responsibility for any actions performed using this tool. The author accepts
|
||||
no liability for damage caused by this tool. If these terms are not acceptable
|
||||
to you, then you are not permitted to use this tool.
|
||||
|
||||
In all other respects the GPL version 2 applies.
|
33
docs/HACKING
33
docs/HACKING
|
@ -1,33 +0,0 @@
|
|||
General:
|
||||
|
||||
* docs/* exists for a reason, especially docs/CHANGELOG
|
||||
* Changes should match commit messages, barring mistakes
|
||||
* "Bug fix:" should be used to identify minor changes due to
|
||||
coding errors
|
||||
* docs/CHANGELOG should reference filename of changed files
|
||||
* Quote correctly
|
||||
* Use double-quotes, not single-quotes
|
||||
* Variable names should be descriptive
|
||||
* Reference variables as ${variablename}
|
||||
* "printf --" unless you have reason not to
|
||||
* Avoid unnecessary cats, never use two commands if one will do
|
||||
* No unnecessary new lines, the only blocks should be those
|
||||
introduced by code: if/then/else/fi etc
|
||||
* Redirects take the form >/path/to/redirect/to (i.e. no space)
|
||||
|
||||
lib/misc/*:
|
||||
|
||||
* Changes to existing APIs used by lib/checks/* must be discussed
|
||||
prior to implementation
|
||||
* Such changes to the APIs used by lib/checks/* must be minimised
|
||||
* New APIs can be freely added
|
||||
* Code in here is meant to be ported to new platforms
|
||||
* OS specific code should be minimised
|
||||
* Don't read _ if there's a chance the data may be useful later
|
||||
* Validate your input using lib/misc/validate
|
||||
|
||||
lib/checks/*:
|
||||
|
||||
* Code in here is meant to be portable, it should inherit new
|
||||
capabilities by way of changes to lib/misc/*
|
||||
* Avoid OS specific code, the APIs should fail sane
|
|
@ -1,2 +0,0 @@
|
|||
* Rewrite the filesystem caching (ATM it only gets generated on first run to reduce testing time)
|
||||
* Add support for other OS
|
26
docs/TODO-v1
26
docs/TODO-v1
|
@ -1,26 +0,0 @@
|
|||
$Revision: 349 $
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
|
||||
(c) Tim Brown, 2012
|
||||
(c) pentestmonkey@pentestmonkey.net, 2008
|
||||
<mailto:timb@nth-dimension.org.uk>
|
||||
<http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
|
||||
[UPC001] WARNING: $O_MESSAGE_STACK The user $O_FILE_USER can write to $O_FILE
|
||||
[UPC002] WARNING: $O_MESSAGE_STACK The group $O_FILE_GROUP can write to $O_FILE
|
||||
[UPC003] WARNING: $O_MESSAGE_STACK World write is set for $O_FILE (but sticky bit set)
|
||||
[UPC004] WARNING: $O_MESSAGE_STACK World write is set for $O_FILE
|
||||
[UPC043] WARNING: fscaps shell script, may be vulnerable to race attacks
|
323418
files_cache.temp
323418
files_cache.temp
File diff suppressed because it is too large
Load Diff
|
@ -1,83 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 255 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check for read permissions on sensitive files
|
||||
|
||||
. lib/misc/file
|
||||
. lib/misc/group
|
||||
. lib/misc/stdio
|
||||
|
||||
credentials_init () {
|
||||
stdio_message_log "credentials" "Starting at: `date`"
|
||||
}
|
||||
|
||||
credentials_permissions () {
|
||||
pattern="${1}"
|
||||
file_show_non_symlink_perms " ${pattern}$" | while read filename permissions userid groupid
|
||||
do
|
||||
case "${permissions}" in
|
||||
???????r??)
|
||||
stdio_message_warn "credentials" "${filename} is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
|
||||
;;
|
||||
????r?????)
|
||||
if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_warn "credentials" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable (${permissions})"
|
||||
else
|
||||
stdio_message_log "credentials" "${filename} is owned by user ${userid} (group ${groupid}) and is group-readable (${permissions})"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
credentials_main () {
|
||||
# TODO we should expand this list
|
||||
for pattern in "*passwd$" "*shadow$" "*password$" "*id_dsa*" "*id_rsa*" "*\.ssh/*" "*authorized_keys" "*rhosts" "*htaccess$" "*.subversion/auth/svn.simple/*"
|
||||
do
|
||||
file_list_by_filename "${pattern}" | while read filename
|
||||
do
|
||||
# exclude man pages and python/ruby/perl libraries
|
||||
case "${filename}" in
|
||||
*/man/*|/usr/lib*|/usr/share/doc/*|/usr/local/rvm/*|/usr/bin/*|/usr/sbin/*)
|
||||
continue
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -h "${filename}" ]
|
||||
then
|
||||
linkedfilename="`file_show_symlinked_filename "${filename}"`"
|
||||
|
||||
if [ -n "${linkedfilename}" ]
|
||||
then
|
||||
#stdio_message_debug "credentials" "${filename} is a symlink to ${linkedfilename}"
|
||||
credentials_permissions ${linkedfilename}
|
||||
fi
|
||||
else
|
||||
credentials_permissions ${filename}
|
||||
fi
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
credentials_fini () {
|
||||
stdio_message_log "credentials" "Ending at: `date`"
|
||||
}
|
|
@ -1,56 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 337 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check for weak options on devices files
|
||||
|
||||
. lib/misc/device
|
||||
. lib/misc/file
|
||||
. lib/misc/stdio
|
||||
|
||||
devices_options_init () {
|
||||
stdio_message_log "devices_options" "Starting at: `date`"
|
||||
}
|
||||
|
||||
devices_options_main () {
|
||||
device_list_options | while read device options
|
||||
do
|
||||
if [ -n "`printf -- \"${options}\" | egrep -- \"user\"`" -a -z "`printf -- \"${options}\" | egrep -- \"nouser\"`" ]
|
||||
then
|
||||
stdio_message_warn "devices_options" "device file ${device} can be mounted by users"
|
||||
fi
|
||||
if [ -n "`printf -- \"${options}\" | egrep -- \"dev\"`" -a -z "`printf -- \"${options}\" | egrep -- \"nodev\"`" ]
|
||||
then
|
||||
stdio_message_debug "devices_options" "device file ${device} interprets block devices"
|
||||
fi
|
||||
if [ -n "`printf -- \"${options}\" | egrep -- \"suid\"`" -a -z "`printf -- \"${options}\" | egrep -- \"nosuid\"`" ]
|
||||
then
|
||||
stdio_message_log "devices_options" "device file ${device} permits the execution of setuid and setgid executables"
|
||||
fi
|
||||
if [ -n "`printf -- \"${options}\" | egrep -- \"defaults\"`" -a -z "`printf -- \"${options}\" | egrep -- \"nosuid\"`" ]
|
||||
then
|
||||
stdio_message_log "devices_options" "device file ${device} permits the execution of setuid and setgid executables"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
devices_options_fini () {
|
||||
stdio_message_log "devices_options" "Ending at: `date`"
|
||||
}
|
|
@ -1,80 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 336 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check for world-readable and world-writable permissions on devices files
|
||||
|
||||
. lib/misc/device
|
||||
. lib/misc/file
|
||||
. lib/misc/stdio
|
||||
|
||||
devices_permission_init () {
|
||||
stdio_message_log "devices_permission" "Starting at: `date`"
|
||||
}
|
||||
|
||||
devices_permission_permissions () {
|
||||
device="${1}"
|
||||
mountpoint="`device_get_mountpoint \"${device}\"`"
|
||||
if [ -n "${mountpoint}" ]
|
||||
then
|
||||
message="mounted to ${mountpoint}"
|
||||
elif [ "`device_is_swap \"${device}\"`" -eq 1 ]
|
||||
then
|
||||
message="swap"
|
||||
else
|
||||
message="not mounted"
|
||||
fi
|
||||
file_show_non_symlink_perms " ${device}$" | while read filename permissions userid groupid
|
||||
do
|
||||
case "${permissions}" in
|
||||
???????rw?)
|
||||
stdio_message_warn "devices_permission" "device file ${filename} (${message}) is owned by user ${userid} (group ${groupid}) and is world-readable and world-writable (${permissions})"
|
||||
;;
|
||||
????????w?)
|
||||
stdio_message_warn "devices_permission" "device file ${filename} (${message}) is owned by user ${userid} (group ${groupid}) and is world-writable (${permissions})"
|
||||
;;
|
||||
???????r??)
|
||||
stdio_message_warn "devices_permission" "device file ${filename} (${message}) is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
devices_permission_main () {
|
||||
device_list | while read device
|
||||
do
|
||||
if [ -h "${device}" ]
|
||||
then
|
||||
linkeddevice="`file_show_symlinked_filename \"${device}\"`"
|
||||
if [ -z "${linkeddevice}" ]
|
||||
then
|
||||
continue
|
||||
fi
|
||||
#stdio_message_debug "devices_permission" "device file ${device} is a symbolic link to ${linkeddevice}"
|
||||
devices_permission_permissions "${linkeddevice}"
|
||||
else
|
||||
devices_permission_permissions "${device}"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
devices_permission_fini () {
|
||||
stdio_message_log "devices_permission" "Ending at: `date`"
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
../../credentials
|
|
@ -1 +0,0 @@
|
|||
../../gpg_agent
|
|
@ -1 +0,0 @@
|
|||
../../group_writable
|
|
@ -1 +0,0 @@
|
|||
../../history_readable
|
|
@ -1 +0,0 @@
|
|||
../../homedirs_executable
|
|
@ -1 +0,0 @@
|
|||
../../homedirs_writable
|
|
@ -1 +0,0 @@
|
|||
../../jar
|
|
@ -1 +0,0 @@
|
|||
../../key_material
|
|
@ -1 +0,0 @@
|
|||
../../passwd_hashes
|
|
@ -1 +0,0 @@
|
|||
../../privileged_banned
|
|
@ -1 +0,0 @@
|
|||
../../privileged_change_privileges
|
|
@ -1 +0,0 @@
|
|||
../../privileged_chroot
|
|
@ -1 +0,0 @@
|
|||
../../privileged_dependency
|
|
@ -1 +0,0 @@
|
|||
../../privileged_nx
|
|
@ -1 +0,0 @@
|
|||
../../privileged_path
|
|
@ -1 +0,0 @@
|
|||
../../privileged_pie
|
|
@ -1 +0,0 @@
|
|||
../../privileged_random
|
|
@ -1 +0,0 @@
|
|||
../../privileged_relro
|
|
@ -1 +0,0 @@
|
|||
../../privileged_rpath
|
|
@ -1 +0,0 @@
|
|||
../../privileged_ssp
|
|
@ -1 +0,0 @@
|
|||
../../privileged_tmp
|
|
@ -1 +0,0 @@
|
|||
../../privileged_writable
|
|
@ -1 +0,0 @@
|
|||
../../setgid
|
|
@ -1 +0,0 @@
|
|||
../../setuid
|
|
@ -1 +0,0 @@
|
|||
../../shadow_hashes
|
|
@ -1 +0,0 @@
|
|||
../../ssh_agent
|
|
@ -1 +0,0 @@
|
|||
../../ssh_key
|
|
@ -1 +0,0 @@
|
|||
../../system_aslr
|
|
@ -1 +0,0 @@
|
|||
../../system_configuration
|
|
@ -1 +0,0 @@
|
|||
../../system_libraries
|
|
@ -1 +0,0 @@
|
|||
../../system_mmap
|
|
@ -1 +0,0 @@
|
|||
../../system_nx
|
|
@ -1 +0,0 @@
|
|||
../../system_selinux
|
|
@ -1 +0,0 @@
|
|||
../../world_writable
|
|
@ -1 +0,0 @@
|
|||
../../credentials
|
|
@ -1 +0,0 @@
|
|||
../../history_readable
|
|
@ -1 +0,0 @@
|
|||
../../homedirs_executable
|
|
@ -1 +0,0 @@
|
|||
../../key_material
|
|
@ -1 +0,0 @@
|
|||
../../passwd_hashes
|
|
@ -1 +0,0 @@
|
|||
../../privileged_change_privileges
|
|
@ -1 +0,0 @@
|
|||
../../privileged_path
|
|
@ -1 +0,0 @@
|
|||
../../privileged_rpath
|
|
@ -1 +0,0 @@
|
|||
../../privileged_writable
|
|
@ -1 +0,0 @@
|
|||
../../setgid
|
|
@ -1 +0,0 @@
|
|||
../../setuid
|
|
@ -1 +0,0 @@
|
|||
../../shadow_hashes
|
|
@ -1 +0,0 @@
|
|||
../../ssh_key
|
|
@ -1 +0,0 @@
|
|||
../../system_configuration
|
|
@ -1 +0,0 @@
|
|||
../../world_writable
|
|
@ -1 +0,0 @@
|
|||
../../privileged_banned
|
|
@ -1 +0,0 @@
|
|||
../../privileged_change_privileges
|
|
@ -1 +0,0 @@
|
|||
../../privileged_chroot
|
|
@ -1 +0,0 @@
|
|||
../../privileged_dependency
|
|
@ -1 +0,0 @@
|
|||
../../privileged_nx
|
|
@ -1 +0,0 @@
|
|||
../../privileged_path
|
|
@ -1 +0,0 @@
|
|||
../../privileged_pie
|
|
@ -1 +0,0 @@
|
|||
../../privileged_random
|
|
@ -1 +0,0 @@
|
|||
../../privileged_relro
|
|
@ -1 +0,0 @@
|
|||
../../privileged_rpath
|
|
@ -1 +0,0 @@
|
|||
../../privileged_ssp
|
|
@ -1 +0,0 @@
|
|||
../../privileged_tmp
|
|
@ -1 +0,0 @@
|
|||
../../privileged_writable
|
|
@ -1,40 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 171 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check if the gpg-agent is running
|
||||
|
||||
. lib/misc/stdio
|
||||
. lib/misc/process
|
||||
|
||||
gpg_agent_init () {
|
||||
stdio_message_log "gpg_agent" "Starting at: `date`"
|
||||
}
|
||||
|
||||
gpg_agent_main () {
|
||||
process_list "gpg-agent" | while read processid
|
||||
do
|
||||
stdio_message_warn "gpg_agent" "gpg-agent is running as `process_show_userid ${processid}` (`process_show_command ${processid}`)"
|
||||
done
|
||||
}
|
||||
|
||||
gpg_agent_fini () {
|
||||
stdio_message_log "gpg_agent" "Ending at: `date`"
|
||||
}
|
|
@ -1,50 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 254 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# List group-writable files
|
||||
|
||||
. lib/misc/file
|
||||
. lib/misc/group
|
||||
. lib/misc/stdio
|
||||
|
||||
group_writable_init () {
|
||||
stdio_message_log "group_writable" "Starting at: `date`"
|
||||
}
|
||||
|
||||
group_writable_main () {
|
||||
file_show_non_symlink_perms "^.....w.... " | while read filename permissions userid groupid
|
||||
do
|
||||
case "${permissions}" in
|
||||
?????w????)
|
||||
if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_warn "group_writable" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-writable (${permissions})"
|
||||
else
|
||||
stdio_message_log "group_writable" "${filename} is owned by user ${userid} (group ${groupid}) and is group-writable (${permissions})"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
group_writable_fini () {
|
||||
stdio_message_log "group_writable" "Ending: `date`"
|
||||
}
|
|
@ -1,62 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 283 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# List all .*_history files
|
||||
|
||||
. lib/misc/file
|
||||
. lib/misc/group
|
||||
. lib/misc/stdio
|
||||
. lib/misc/user
|
||||
|
||||
history_readable_init () {
|
||||
stdio_message_log "history_readable" "Starting at: `date`"
|
||||
}
|
||||
|
||||
history_readable_main () {
|
||||
file_show_non_symlink_perms " *\.*_history$" | while read filename permissions userid groupid
|
||||
do
|
||||
case "${permissions}" in
|
||||
???????r??)
|
||||
stdio_message_warn "history_readable" "${filename} is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
|
||||
;;
|
||||
????r?????)
|
||||
if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_warn "history_readable" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable (${permissions})"
|
||||
else
|
||||
stdio_message_log "history_readable" "${filename} is owned by user ${userid} (group ${groupid}) and is group-readable (${permissions})"
|
||||
fi
|
||||
;;
|
||||
?r????????)
|
||||
if [ "`user_is_user_name \"${userid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_log "history_readable" "${filename} is owned by user ${userid} (YOU) (group ${groupid}) (${permissions})"
|
||||
else
|
||||
stdio_message_debug "history_readable" "${filename} is owned by user ${userid} (group ${groupid}) (${permissions})"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
history_readable_fini () {
|
||||
stdio_message_log "history_readable" "Ending at: `date`"
|
||||
}
|
|
@ -1,77 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 287 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check for readable and executable permissions on home directories
|
||||
|
||||
. lib/misc/file
|
||||
. lib/misc/group
|
||||
. lib/misc/passwd
|
||||
. lib/misc/permission
|
||||
. lib/misc/stdio
|
||||
|
||||
homedirs_executable_init () {
|
||||
stdio_message_log "homedirs_executable" "Starting at: `date`"
|
||||
}
|
||||
|
||||
homedirs_executable_main () {
|
||||
passwd_list | while read username
|
||||
do
|
||||
if [ "${username}" = "+" ]
|
||||
then
|
||||
continue
|
||||
fi
|
||||
homedir="`passwd_show_homedir "${username}"`"
|
||||
if [ -z "${homedir}" -o "${homedir}" = "/dev/null" ]
|
||||
then
|
||||
stdio_message_debug "homedirs_executable" "${username} has no home directory set"
|
||||
continue
|
||||
fi
|
||||
file_show_non_symlink_perms " ${homedir}$" | while read filename permissions userid groupid
|
||||
do
|
||||
case "${permissions}" in
|
||||
???????r?x)
|
||||
stdio_message_warn "homedirs_executable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}) and is world-readable and world-executable (${permissions})"
|
||||
;;
|
||||
???????r??)
|
||||
stdio_message_log "homedirs_executable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}) and is world-readable, you can list the files within only (${permissions})"
|
||||
;;
|
||||
????r?x???)
|
||||
if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_warn "homedirs_executable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable and group-executable (${permissions})"
|
||||
# TODO verify the case the owner, ${username}, is not within the group owner, ${groupid}
|
||||
fi
|
||||
;;
|
||||
????r?????)
|
||||
if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_log "homedirs_executable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable, you can list the files within only (${permissions})"
|
||||
# TODO verify the case the owner, ${username}, is not within the group owner, ${groupid}
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
homedirs_executable_fini () {
|
||||
stdio_message_log "homedirs_executable" "Ending at: `date`"
|
||||
}
|
|
@ -1,74 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 284 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check for writable permission on home directories
|
||||
|
||||
. lib/misc/file
|
||||
. lib/misc/group
|
||||
. lib/misc/passwd
|
||||
. lib/misc/permission
|
||||
. lib/misc/stdio
|
||||
|
||||
homedirs_writable_init () {
|
||||
stdio_message_log "homedirs_writable" "Starting at: `date`"
|
||||
}
|
||||
|
||||
homedirs_writable_main () {
|
||||
passwd_list | while read username
|
||||
do
|
||||
if [ "${username}" = "+" ]
|
||||
then
|
||||
continue
|
||||
fi
|
||||
homedir="`passwd_show_homedir "${username}"`"
|
||||
if [ -z "${homedir}" -o "${homedir}" = "/dev/null" ]
|
||||
then
|
||||
stdio_message_debug "homedirs_writable" "${username} has no home directory set"
|
||||
continue
|
||||
fi
|
||||
file_show_non_symlink_perms " ${homedir}$" | while read filename permissions userid groupid
|
||||
do
|
||||
case "${permissions}" in
|
||||
????????w?)
|
||||
if [ "`permission_is_world_writable_sticky_bit \"${permissions}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_log "homedirs_writable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}) and is world-writable with sticky bit (${permissions})"
|
||||
else
|
||||
stdio_message_warn "homedirs_writable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}) and is world-writable (${permissions})"
|
||||
fi
|
||||
;;
|
||||
?????w????)
|
||||
if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_warn "homedirs_writable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-writable (${permissions})"
|
||||
# TODO verify the case the owner, ${username}, is not within the group owner, ${groupid}
|
||||
else
|
||||
stdio_message_debug "homedirs_writable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}) and is group-writable (${permissions})"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
homedirs_writable_fini () {
|
||||
stdio_message_log "homedirs_writable" "Ending at: `date`"
|
||||
}
|
|
@ -1,62 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 248 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# List all jar files
|
||||
|
||||
. lib/misc/file
|
||||
. lib/misc/group
|
||||
. lib/misc/stdio
|
||||
. lib/misc/user
|
||||
|
||||
jar_init () {
|
||||
stdio_message_log "jar" "Starting at: `date`"
|
||||
}
|
||||
|
||||
jar_main () {
|
||||
file_show_non_symlink_perms " *\.jar$" | while read filename permissions userid groupid
|
||||
do
|
||||
case "${permissions}" in
|
||||
???????r??)
|
||||
stdio_message_warn "jar" "${filename} is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
|
||||
;;
|
||||
????r?????)
|
||||
if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_warn "jar" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable (${permissions})"
|
||||
else
|
||||
stdio_message_log "jar" "${filename} is owned by user ${userid} (group ${groupid}) and is group-readable (${permissions})"
|
||||
fi
|
||||
;;
|
||||
?r????????)
|
||||
if [ "`user_is_user_name \"${userid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_log "jar" "${filename} is owned by user ${userid} (YOU) (group ${groupid}) (${permissions})"
|
||||
else
|
||||
stdio_message_debug "jar" "${filename} is owned by user ${userid} (group ${groupid}) (${permissions})"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
jar_fini () {
|
||||
stdio_message_log "jar" "Ending at: `date`"
|
||||
}
|
|
@ -1,73 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 248 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# List potentially sensitive files
|
||||
|
||||
. lib/misc/file
|
||||
. lib/misc/group
|
||||
. lib/misc/stdio
|
||||
. lib/misc/user
|
||||
|
||||
key_material_init () {
|
||||
stdio_message_log "key_material" "Starting at: `date`"
|
||||
}
|
||||
|
||||
key_material_main () {
|
||||
# TODO we should expand this list
|
||||
for pattern in "*\.crt" "*\.cer" "*\.pem" "*\.p12" "*\.keystore" "*\.key"
|
||||
do
|
||||
file_show_non_symlink_perms " ${pattern}$" | while read filename permissions userid groupid
|
||||
do
|
||||
# exclude Firefox certificates
|
||||
case "${filename}" in
|
||||
/usr/share/ca-certificates/mozilla/*)
|
||||
continue
|
||||
;;
|
||||
esac
|
||||
|
||||
case "${permissions}" in
|
||||
???????r??)
|
||||
stdio_message_warn "key_material" "${filename} is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
|
||||
;;
|
||||
????r?????)
|
||||
if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_warn "key_material" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable (${permissions})"
|
||||
else
|
||||
stdio_message_log "key_material" "${filename} is owned by user ${userid} (group ${groupid}) and is group-readable (${permissions})"
|
||||
fi
|
||||
;;
|
||||
?r????????)
|
||||
if [ "`user_is_user_name \"${userid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_log "key_material" "${filename} is owned by user ${userid} (YOU) (group ${groupid}) (${permissions})"
|
||||
else
|
||||
stdio_message_debug "key_material" "${filename} is owned by user ${userid} (group ${groupid}) (${permissions})"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
key_material_fini () {
|
||||
stdio_message_log "key_material" "Ending at: `date`"
|
||||
}
|
|
@ -1,40 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 342 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check if LDAP is used for authentication
|
||||
|
||||
. lib/misc/ldap
|
||||
. lib/misc/stdio
|
||||
|
||||
ldap_authentication_init () {
|
||||
stdio_message_log "ldap_authentication" "Starting at: `date`"
|
||||
}
|
||||
|
||||
ldap_authentication_main () {
|
||||
if [ "`ldap_authentication_in_use`" -eq 1 ]
|
||||
then
|
||||
stdio_message_log "ldap_authentication" "LDAP is used for authentication"
|
||||
fi
|
||||
}
|
||||
|
||||
ldap_authentication_fini () {
|
||||
stdio_message_log "ldap_authentication" "Ending at: `date`"
|
||||
}
|
|
@ -1,40 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 342 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check if NIS is used for authentication
|
||||
|
||||
. lib/misc/nis
|
||||
. lib/misc/stdio
|
||||
|
||||
nis_authentication_init () {
|
||||
stdio_message_log "nis_authentication" "Starting at: `date`"
|
||||
}
|
||||
|
||||
nis_authentication_main () {
|
||||
if [ "`nis_authentication_in_use`" -eq 1 ]
|
||||
then
|
||||
stdio_message_log "nis_authentication" "NIS is used for authentication"
|
||||
fi
|
||||
}
|
||||
|
||||
nis_authentication_fini () {
|
||||
stdio_message_log "nis_authentication" "Ending at: `date`"
|
||||
}
|
|
@ -1,54 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 317 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# List users with no password set or password in /etc/passwd
|
||||
|
||||
. lib/misc/stdio
|
||||
. lib/misc/passwd
|
||||
|
||||
passwd_hashes_init () {
|
||||
stdio_message_log "passwd_hashes" "Starting at: `date`"
|
||||
}
|
||||
|
||||
passwd_hashes_main () {
|
||||
passwd_list | while read username
|
||||
do
|
||||
if [ "${username}" = "+" ]
|
||||
then
|
||||
stdio_message_warn "passwd_hashes" "/etc/passwd allows external authentication"
|
||||
else
|
||||
hash="`passwd_show_hash "${username}"`"
|
||||
if [ "${hash}" != "x" -a "${hash}" != "\!" -a "${hash}" != "*" ]
|
||||
then
|
||||
if [ -z "${hash}" ]
|
||||
then
|
||||
stdio_message_warn "passwd_hashes" "${username} has no password set"
|
||||
else
|
||||
stdio_message_warn "passwd_hashes" "/etc/passwd contains password hash for ${username} (${hash})"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
passwd_hashes_fini () {
|
||||
stdio_message_log "passwd_hashes" "Ending at: `date`"
|
||||
}
|
|
@ -1,62 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 348 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check permissions of PostgreSQL configuration file pg_hba.conf
|
||||
|
||||
. lib/misc/file
|
||||
. lib/misc/group
|
||||
. lib/misc/stdio
|
||||
. lib/misc/user
|
||||
|
||||
postgresql_configuration_init () {
|
||||
stdio_message_log "postgresql_configuration" "Starting at: `date`"
|
||||
}
|
||||
|
||||
postgresql_configuration_main () {
|
||||
file_show_perms "/pg_hba.conf$" | while read filename permissions userid groupid
|
||||
do
|
||||
case "${permissions}" in
|
||||
???????r??)
|
||||
stdio_message_warn "postgresql_configuration" "${filename} is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
|
||||
;;
|
||||
????r?????)
|
||||
if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_warn "postgresql_configuration" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable (${permissions})"
|
||||
else
|
||||
stdio_message_log "postgresql_configuration" "${filename} is owned by user ${userid} (group ${groupid}) and is group-readable (${permissions})"
|
||||
fi
|
||||
;;
|
||||
?r????????)
|
||||
if [ "`user_is_user_name \"${userid}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_log "postgresql_configuration" "${filename} is owned by user ${userid} (YOU) (group ${groupid}) (${permissions})"
|
||||
else
|
||||
stdio_message_debug "postgresql_configuration" "${filename} is owned by user ${userid} (group ${groupid}) (${permissions})"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
postgresql_configuration_fini () {
|
||||
stdio_message_log "postgresql_configuration" "Ending at: `date`"
|
||||
}
|
|
@ -1,56 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 348 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Verify PostgreSQL trust relationships by connecting to localhost with
|
||||
# common usernames and no password
|
||||
|
||||
. lib/misc/file
|
||||
. lib/misc/postgresql
|
||||
. lib/misc/stdio
|
||||
|
||||
postgresql_connection_init () {
|
||||
stdio_message_log "postgresql_connection" "Starting at: `date`"
|
||||
}
|
||||
|
||||
postgresql_connection_main () {
|
||||
file_show_perms "/postgresql.conf$" | while read filename permissions userid groupid
|
||||
do
|
||||
if [ "`file_is_readable_file \"${filename}\"`" -eq 1 ]
|
||||
then
|
||||
egrep "^port = " "${filename}" | while read _ _ port _
|
||||
do
|
||||
dbusers="psql pgsql postgres postgresql root admin"
|
||||
printf -- "${dbusers}" | tr " " "\n" | while read dbuser
|
||||
do
|
||||
if [ "`postgresql_check_no_password \"${port}\" \"${dbuser}\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_warn "postgresql_connection" "User ${dbuser} can connect to PostgreSQL instance on port ${port}/tcp with no password"
|
||||
break
|
||||
fi
|
||||
done
|
||||
done
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
postgresql_connection_fini () {
|
||||
stdio_message_log "postgresql_connection" "Ending at: `date`"
|
||||
}
|
|
@ -1,61 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 348 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check PostgreSQL trust relationships
|
||||
|
||||
. lib/misc/file
|
||||
. lib/misc/stdio
|
||||
|
||||
postgresql_trust_init () {
|
||||
stdio_message_log "postgresql_trust" "Starting at: `date`"
|
||||
}
|
||||
|
||||
postgresql_trust_main () {
|
||||
file_show_perms "/pg_hba.conf$" | while read filename permissions userid groupid
|
||||
do
|
||||
if [ "`file_is_readable_file \"${filename}\"`" -eq 1 ]
|
||||
then
|
||||
egrep -v "^#" "${filename}" | egrep -v "^[ \t]*$" | while read authtype database user address method
|
||||
do
|
||||
if [ "${method}" = "trust" ]
|
||||
then
|
||||
if [ "${user}" = "all" ]
|
||||
then
|
||||
usermsg="all users"
|
||||
else
|
||||
usermsg="user ${user}"
|
||||
fi
|
||||
if [ "${database}" = "all" ]
|
||||
then
|
||||
dbmsg="all databases"
|
||||
else
|
||||
dbmsg="database ${database}"
|
||||
fi
|
||||
stdio_message_warn "postgresql_trust" "PostgreSQL trust is configured in ${filename} for ${usermsg} to ${dbmsg} from address ${address}"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
postgresql_trust_fini () {
|
||||
stdio_message_log "postgresql_trust" "Ending at: `date`"
|
||||
}
|
|
@ -1,49 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 335 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check if textual privileged files (like bash scripts) accept user-provided
|
||||
# arguments
|
||||
|
||||
. lib/misc/stdio
|
||||
. lib/misc/privileged
|
||||
. lib/misc/binary
|
||||
|
||||
privileged_arguments_init () {
|
||||
stdio_message_log "privileged_arguments" "Starting at: `date`"
|
||||
}
|
||||
|
||||
privileged_arguments_main () {
|
||||
privileged_list | while read filetype filename usergroupid
|
||||
do
|
||||
# skip non textual files
|
||||
if [ "`file_is_textual \"${filename}\"`" -ne 1 ]
|
||||
then
|
||||
continue
|
||||
elif [ "`binary_matches_string_grep \"${filename}\" \"\$[\{]*[[:digit:]][\}]*\"`" -eq 1 ]
|
||||
then
|
||||
stdio_message_warn "privileged_arguments" "${filetype} ${filename} (${usergroupid}) accepts arguments, verify that it does not use them unsafely"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
privileged_arguments_fini () {
|
||||
stdio_message_log "privileged_arguments" "Ending at: `date`"
|
||||
}
|
|
@ -1,46 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 261 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check if privileged files call banned (and potentially dangerous) functions
|
||||
# Based on Microsoft's banned API list as parsed by ../../tools/generate_banned.sh
|
||||
|
||||
. lib/misc/stdio
|
||||
. lib/misc/privileged
|
||||
. lib/misc/binary
|
||||
|
||||
privileged_banned_init () {
|
||||
stdio_message_log "privileged_banned" "Starting at: `date`"
|
||||
}
|
||||
|
||||
privileged_banned_main () {
|
||||
privileged_list | while read filetype filename usergroupid
|
||||
do
|
||||
banned_apis="`binary_banned_api "${filename}" "alloca|gets|memcpy|scanf|sprintf|sscanf|strcat|StrCat|strcpy|StrCpy|strlen|StrLen|strncat|StrNCat|strncpy|StrNCpy|strtok|swprintf|vsnprintf|vsprintf|vswprintf|wcscat|wcscpy|wcslen|wcsncat|wcsncpy|wcstok|wmemcpy"`"
|
||||
if [ -n "${banned_apis}" ]
|
||||
then
|
||||
stdio_message_warn "privileged_banned" "${filetype} ${filename} (${usergroupid}) and uses banned APIs ($banned_apis)"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
privileged_banned_fini () {
|
||||
stdio_message_log "privileged_banned" "Ending at: `date`"
|
||||
}
|
|
@ -1,47 +0,0 @@
|
|||
#!/bin/sh
|
||||
# $Revision: 261 $
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
#
|
||||
# (c) Tim Brown, 2012
|
||||
# <mailto:timb@nth-dimension.org.uk>
|
||||
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
|
||||
#
|
||||
# Check if privileged files drop their privileges
|
||||
# Based on ideas found at http://people.redhat.com/sgrubb/security/
|
||||
|
||||
. lib/misc/stdio
|
||||
. lib/misc/privileged
|
||||
. lib/misc/binary
|
||||
|
||||
privileged_change_privileges_init () {
|
||||
stdio_message_log "privileged_change_privileges" "Starting at: `date`"
|
||||
}
|
||||
|
||||
privileged_change_privileges_main () {
|
||||
privileged_list | while read filetype filename usergroupid
|
||||
do
|
||||
# TODO this needs cleaning up
|
||||
match="`binary_matches_function "${filename}" "setuid|setgid|seteuid|setegid|setresuid|setresgid|setreuid|setregid|initgroups|setgroups|setcap|setfsuid|setfsgid"`"
|
||||
if [ $match -ne 1 ]
|
||||
then
|
||||
stdio_message_warn "privileged_change_privileges" "${filetype} ${filename} (${usergroupid}) and does not attempt to change privileges"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
privileged_change_privileges_fini () {
|
||||
stdio_message_log "privileged_change_privileges" "Ending at: `date`"
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue