autonomic-cooperative/unix-privesc-check
0
0
Fork 0
mirror of https://gitlab.com/kalilinux/packages/unix-privesc-check.git synced 2024-11-10 14:10:51 +00:00
Code Issues Projects Releases Wiki Activity
a75bafe602
unix-privesc-check/lib/checks/sudo
Devon Kearns a75bafe602 Imported Upstream version 1.4~svn361
2012-12-20 15:42:13 -07:00

72 lines
2.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# $Revision: 307 $
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# (c) Tim Brown, 2012
# <mailto:timb@nth-dimension.org.uk>
# <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
#
#
. lib/misc/stdio
. lib/misc/sudo
sudo_init () {
stdio_message_log "sudo" "Starting at: `date`"
}
sudo_main () {
if [ "`sudo_sudoers_check`" -eq 1 ]
then
if [ -n "`sudo_sudoers_list`" ]
then
stdio_message_warn "sudo" "/etc/sudoers is readable and configured"
# TODO: if privilegeduser is a group (e.g. %admin), notify the user accordingly
sudo_sudoers_list | while read privilegeduser passwd filepath
do
asuser="`printf -- \"${passwd}\" | cut -f2 -d\"=\" | tr -d \"(\" | tr -d \")\"`"
# for cases where the asuser is ALL:ALL (e.g. in Ubuntu there is always the following sudoers entry):
# root ALL=(ALL:ALL) ALL
if [ "${asuser}" = "ALL:ALL" ]
then
asuser="any user"
else
asuser="user ${asuser}"
fi
# for cases where the user can run any command. For example:
# foobar ALL=NOPASSWD: ALL
if [ "${filepath}" = "ALL" ]
then
filepath="any command"
fi
if [ -n "`printf -- \"${passwd}\" | egrep -- \"NOPASSWD\"`" ]
then
stdio_message_warn "sudo" "${privilegeduser} can run ${filepath} without providing a password"
else
stdio_message_log "sudo" "${privilegeduser} can run ${filepath} as ${asuser}"
fi
done
else
stdio_message_log "sudo" "/etc/sudoers is readable, but not configured"
fi
fi
}
sudo_fini () {
stdio_message_log "sudo" "Ending at: `date`"
}
Reference in New Issue View Git Blame Copy Permalink