Codebase list unix-privesc-check / f3232f0
New upstream snapshot. Kali Janitor 1 year, 4 months ago
153 changed file(s) with 6733 addition(s) and 1469 deletion(s). Raw diff Collapse all Expand all
+0
-38
CHANGELOG less more
0
1 2008-11-23 unix-privesc-check v1.4
2
3 * Added check of file perms of shared libraries used by SUID programs.
4 * Tidied output slightly.
5
6 2008-11-09 unix-privesc-check v1.3
7
8 * Bug fix: Parts of the script only worked with /bin/bash and not /bin/sh
9 * Bug fix: Fixed typos in reporting for privescs via cron.
10
11 2008-07-06 unix-privesc-check v1.2
12
13 * Added check of library dirs (/etc/ld.so.conf) for Linux
14 * Crude check of programs called from shell scripts
15 * Check of libraries used by each binary program (using ldd)
16 * Check of hard-coded paths within binaries (using strings)
17 * More verbose WARNING messages. All the explanation for a WARNING
18 should now be on one line so you can grep for 'WARNING' and still
19 understand the results
20 * Check of file perms on open file handles of running processes
21 * Check for running SSH agent. Lists keys if possible.
22 * Check for public and private SSH keys in home directories.
23 * Check for running GPG agent.
24 * Check for cron jobs in /var/spool/cron/tabs
25 * Extra non-priv check for local postgres trusts
26 * Bug fix: lanscan now used on HPUX to get interface names
27 * Check if system is an NFS client (HPUX only)
28 * Check if swap space is readable / writable
29
30 2008-04-17 unix-privesc-check v1.1
31
32 * Added check for accounts with no password in /etc/passwd
33 * Record some basic info about the host (hostname, uname -a, interface IPs)
34
35 2008-02-01 unix-privesc-check v1.0
36
37 * Initial public release
+0
-339
COPYING.GPL less more
0 GNU GENERAL PUBLIC LICENSE
1 Version 2, June 1991
2
3 Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
4 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
5 Everyone is permitted to copy and distribute verbatim copies
6 of this license document, but changing it is not allowed.
7
8 Preamble
9
10 The licenses for most software are designed to take away your
11 freedom to share and change it. By contrast, the GNU General Public
12 License is intended to guarantee your freedom to share and change free
13 software--to make sure the software is free for all its users. This
14 General Public License applies to most of the Free Software
15 Foundation's software and to any other program whose authors commit to
16 using it. (Some other Free Software Foundation software is covered by
17 the GNU Lesser General Public License instead.) You can apply it to
18 your programs, too.
19
20 When we speak of free software, we are referring to freedom, not
21 price. Our General Public Licenses are designed to make sure that you
22 have the freedom to distribute copies of free software (and charge for
23 this service if you wish), that you receive source code or can get it
24 if you want it, that you can change the software or use pieces of it
25 in new free programs; and that you know you can do these things.
26
27 To protect your rights, we need to make restrictions that forbid
28 anyone to deny you these rights or to ask you to surrender the rights.
29 These restrictions translate to certain responsibilities for you if you
30 distribute copies of the software, or if you modify it.
31
32 For example, if you distribute copies of such a program, whether
33 gratis or for a fee, you must give the recipients all the rights that
34 you have. You must make sure that they, too, receive or can get the
35 source code. And you must show them these terms so they know their
36 rights.
37
38 We protect your rights with two steps: (1) copyright the software, and
39 (2) offer you this license which gives you legal permission to copy,
40 distribute and/or modify the software.
41
42 Also, for each author's protection and ours, we want to make certain
43 that everyone understands that there is no warranty for this free
44 software. If the software is modified by someone else and passed on, we
45 want its recipients to know that what they have is not the original, so
46 that any problems introduced by others will not reflect on the original
47 authors' reputations.
48
49 Finally, any free program is threatened constantly by software
50 patents. We wish to avoid the danger that redistributors of a free
51 program will individually obtain patent licenses, in effect making the
52 program proprietary. To prevent this, we have made it clear that any
53 patent must be licensed for everyone's free use or not licensed at all.
54
55 The precise terms and conditions for copying, distribution and
56 modification follow.
57
58 GNU GENERAL PUBLIC LICENSE
59 TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
60
61 0. This License applies to any program or other work which contains
62 a notice placed by the copyright holder saying it may be distributed
63 under the terms of this General Public License. The "Program", below,
64 refers to any such program or work, and a "work based on the Program"
65 means either the Program or any derivative work under copyright law:
66 that is to say, a work containing the Program or a portion of it,
67 either verbatim or with modifications and/or translated into another
68 language. (Hereinafter, translation is included without limitation in
69 the term "modification".) Each licensee is addressed as "you".
70
71 Activities other than copying, distribution and modification are not
72 covered by this License; they are outside its scope. The act of
73 running the Program is not restricted, and the output from the Program
74 is covered only if its contents constitute a work based on the
75 Program (independent of having been made by running the Program).
76 Whether that is true depends on what the Program does.
77
78 1. You may copy and distribute verbatim copies of the Program's
79 source code as you receive it, in any medium, provided that you
80 conspicuously and appropriately publish on each copy an appropriate
81 copyright notice and disclaimer of warranty; keep intact all the
82 notices that refer to this License and to the absence of any warranty;
83 and give any other recipients of the Program a copy of this License
84 along with the Program.
85
86 You may charge a fee for the physical act of transferring a copy, and
87 you may at your option offer warranty protection in exchange for a fee.
88
89 2. You may modify your copy or copies of the Program or any portion
90 of it, thus forming a work based on the Program, and copy and
91 distribute such modifications or work under the terms of Section 1
92 above, provided that you also meet all of these conditions:
93
94 a) You must cause the modified files to carry prominent notices
95 stating that you changed the files and the date of any change.
96
97 b) You must cause any work that you distribute or publish, that in
98 whole or in part contains or is derived from the Program or any
99 part thereof, to be licensed as a whole at no charge to all third
100 parties under the terms of this License.
101
102 c) If the modified program normally reads commands interactively
103 when run, you must cause it, when started running for such
104 interactive use in the most ordinary way, to print or display an
105 announcement including an appropriate copyright notice and a
106 notice that there is no warranty (or else, saying that you provide
107 a warranty) and that users may redistribute the program under
108 these conditions, and telling the user how to view a copy of this
109 License. (Exception: if the Program itself is interactive but
110 does not normally print such an announcement, your work based on
111 the Program is not required to print an announcement.)
112
113 These requirements apply to the modified work as a whole. If
114 identifiable sections of that work are not derived from the Program,
115 and can be reasonably considered independent and separate works in
116 themselves, then this License, and its terms, do not apply to those
117 sections when you distribute them as separate works. But when you
118 distribute the same sections as part of a whole which is a work based
119 on the Program, the distribution of the whole must be on the terms of
120 this License, whose permissions for other licensees extend to the
121 entire whole, and thus to each and every part regardless of who wrote it.
122
123 Thus, it is not the intent of this section to claim rights or contest
124 your rights to work written entirely by you; rather, the intent is to
125 exercise the right to control the distribution of derivative or
126 collective works based on the Program.
127
128 In addition, mere aggregation of another work not based on the Program
129 with the Program (or with a work based on the Program) on a volume of
130 a storage or distribution medium does not bring the other work under
131 the scope of this License.
132
133 3. You may copy and distribute the Program (or a work based on it,
134 under Section 2) in object code or executable form under the terms of
135 Sections 1 and 2 above provided that you also do one of the following:
136
137 a) Accompany it with the complete corresponding machine-readable
138 source code, which must be distributed under the terms of Sections
139 1 and 2 above on a medium customarily used for software interchange; or,
140
141 b) Accompany it with a written offer, valid for at least three
142 years, to give any third party, for a charge no more than your
143 cost of physically performing source distribution, a complete
144 machine-readable copy of the corresponding source code, to be
145 distributed under the terms of Sections 1 and 2 above on a medium
146 customarily used for software interchange; or,
147
148 c) Accompany it with the information you received as to the offer
149 to distribute corresponding source code. (This alternative is
150 allowed only for noncommercial distribution and only if you
151 received the program in object code or executable form with such
152 an offer, in accord with Subsection b above.)
153
154 The source code for a work means the preferred form of the work for
155 making modifications to it. For an executable work, complete source
156 code means all the source code for all modules it contains, plus any
157 associated interface definition files, plus the scripts used to
158 control compilation and installation of the executable. However, as a
159 special exception, the source code distributed need not include
160 anything that is normally distributed (in either source or binary
161 form) with the major components (compiler, kernel, and so on) of the
162 operating system on which the executable runs, unless that component
163 itself accompanies the executable.
164
165 If distribution of executable or object code is made by offering
166 access to copy from a designated place, then offering equivalent
167 access to copy the source code from the same place counts as
168 distribution of the source code, even though third parties are not
169 compelled to copy the source along with the object code.
170
171 4. You may not copy, modify, sublicense, or distribute the Program
172 except as expressly provided under this License. Any attempt
173 otherwise to copy, modify, sublicense or distribute the Program is
174 void, and will automatically terminate your rights under this License.
175 However, parties who have received copies, or rights, from you under
176 this License will not have their licenses terminated so long as such
177 parties remain in full compliance.
178
179 5. You are not required to accept this License, since you have not
180 signed it. However, nothing else grants you permission to modify or
181 distribute the Program or its derivative works. These actions are
182 prohibited by law if you do not accept this License. Therefore, by
183 modifying or distributing the Program (or any work based on the
184 Program), you indicate your acceptance of this License to do so, and
185 all its terms and conditions for copying, distributing or modifying
186 the Program or works based on it.
187
188 6. Each time you redistribute the Program (or any work based on the
189 Program), the recipient automatically receives a license from the
190 original licensor to copy, distribute or modify the Program subject to
191 these terms and conditions. You may not impose any further
192 restrictions on the recipients' exercise of the rights granted herein.
193 You are not responsible for enforcing compliance by third parties to
194 this License.
195
196 7. If, as a consequence of a court judgment or allegation of patent
197 infringement or for any other reason (not limited to patent issues),
198 conditions are imposed on you (whether by court order, agreement or
199 otherwise) that contradict the conditions of this License, they do not
200 excuse you from the conditions of this License. If you cannot
201 distribute so as to satisfy simultaneously your obligations under this
202 License and any other pertinent obligations, then as a consequence you
203 may not distribute the Program at all. For example, if a patent
204 license would not permit royalty-free redistribution of the Program by
205 all those who receive copies directly or indirectly through you, then
206 the only way you could satisfy both it and this License would be to
207 refrain entirely from distribution of the Program.
208
209 If any portion of this section is held invalid or unenforceable under
210 any particular circumstance, the balance of the section is intended to
211 apply and the section as a whole is intended to apply in other
212 circumstances.
213
214 It is not the purpose of this section to induce you to infringe any
215 patents or other property right claims or to contest validity of any
216 such claims; this section has the sole purpose of protecting the
217 integrity of the free software distribution system, which is
218 implemented by public license practices. Many people have made
219 generous contributions to the wide range of software distributed
220 through that system in reliance on consistent application of that
221 system; it is up to the author/donor to decide if he or she is willing
222 to distribute software through any other system and a licensee cannot
223 impose that choice.
224
225 This section is intended to make thoroughly clear what is believed to
226 be a consequence of the rest of this License.
227
228 8. If the distribution and/or use of the Program is restricted in
229 certain countries either by patents or by copyrighted interfaces, the
230 original copyright holder who places the Program under this License
231 may add an explicit geographical distribution limitation excluding
232 those countries, so that distribution is permitted only in or among
233 countries not thus excluded. In such case, this License incorporates
234 the limitation as if written in the body of this License.
235
236 9. The Free Software Foundation may publish revised and/or new versions
237 of the General Public License from time to time. Such new versions will
238 be similar in spirit to the present version, but may differ in detail to
239 address new problems or concerns.
240
241 Each version is given a distinguishing version number. If the Program
242 specifies a version number of this License which applies to it and "any
243 later version", you have the option of following the terms and conditions
244 either of that version or of any later version published by the Free
245 Software Foundation. If the Program does not specify a version number of
246 this License, you may choose any version ever published by the Free Software
247 Foundation.
248
249 10. If you wish to incorporate parts of the Program into other free
250 programs whose distribution conditions are different, write to the author
251 to ask for permission. For software which is copyrighted by the Free
252 Software Foundation, write to the Free Software Foundation; we sometimes
253 make exceptions for this. Our decision will be guided by the two goals
254 of preserving the free status of all derivatives of our free software and
255 of promoting the sharing and reuse of software generally.
256
257 NO WARRANTY
258
259 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
260 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
261 OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
262 PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
263 OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
264 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
265 TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
266 PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
267 REPAIR OR CORRECTION.
268
269 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
270 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
271 REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
272 INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
273 OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
274 TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
275 YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
276 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
277 POSSIBILITY OF SUCH DAMAGES.
278
279 END OF TERMS AND CONDITIONS
280
281 How to Apply These Terms to Your New Programs
282
283 If you develop a new program, and you want it to be of the greatest
284 possible use to the public, the best way to achieve this is to make it
285 free software which everyone can redistribute and change under these terms.
286
287 To do so, attach the following notices to the program. It is safest
288 to attach them to the start of each source file to most effectively
289 convey the exclusion of warranty; and each file should have at least
290 the "copyright" line and a pointer to where the full notice is found.
291
292 <one line to give the program's name and a brief idea of what it does.>
293 Copyright (C) <year> <name of author>
294
295 This program is free software; you can redistribute it and/or modify
296 it under the terms of the GNU General Public License as published by
297 the Free Software Foundation; either version 2 of the License, or
298 (at your option) any later version.
299
300 This program is distributed in the hope that it will be useful,
301 but WITHOUT ANY WARRANTY; without even the implied warranty of
302 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
303 GNU General Public License for more details.
304
305 You should have received a copy of the GNU General Public License along
306 with this program; if not, write to the Free Software Foundation, Inc.,
307 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
308
309 Also add information on how to contact you by electronic and paper mail.
310
311 If the program is interactive, make it output a short notice like this
312 when it starts in an interactive mode:
313
314 Gnomovision version 69, Copyright (C) year name of author
315 Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
316 This is free software, and you are welcome to redistribute it
317 under certain conditions; type `show c' for details.
318
319 The hypothetical commands `show w' and `show c' should show the appropriate
320 parts of the General Public License. Of course, the commands you use may
321 be called something other than `show w' and `show c'; they could even be
322 mouse-clicks or menu items--whatever suits your program.
323
324 You should also get your employer (if you work as a programmer) or your
325 school, if any, to sign a "copyright disclaimer" for the program, if
326 necessary. Here is a sample; alter the names:
327
328 Yoyodyne, Inc., hereby disclaims all copyright interest in the program
329 `Gnomovision' (which makes passes at compilers) written by James Hacker.
330
331 <signature of Ty Coon>, 1 April 1989
332 Ty Coon, President of Vice
333
334 This General Public License does not permit incorporating your program into
335 proprietary programs. If your program is a subroutine library, you may
336 consider it more useful to permit linking proprietary applications with the
337 library. If this is what you want to do, use the GNU Lesser General
338 Public License instead of this License.
+0
-6
COPYING.UNIX-PRIVESC-CHECK less more
0 This tool may be used for legal purposes only. Users take full responsibility
1 for any actions performed using this tool. The author accepts no liability for
2 damage caused by this tool. If these terms are not acceptable to you, then
3 you are not permitted to use this tool.
4
5 In all other respects the GPL version 2 applies.
+13
-0
README.md less more
0 Shell script to check for simple privilege escalation vectors on Unix systems
1
2 Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases).
3
4 It is written as a single shell script so it can be easily uploaded and run (as opposed to un-tarred, compiled and installed). It can run either as a normal user or as root (obviously it does a better job when running as root because it can read more files).
5
6 Also see: http://pentestmonkey.net/tools/unix-privesc-check/
7
8 This project contains two branches that are actively maintained:
9 * Branch "1_x", that contains a single shell script, "unix-privesc-check" that needs to be uploaded and run on the target system. The script runs fairly quickly. The code, while a bit ugly is stable and mature. https://github.com/pentestmonkey/unix-privesc-check/tree/1_x
10 * Branch "master", that contains a script "upc.sh" and some subdirectories that need to be uploaded and run on the target system. The script is generally slower, but more thorough in some ways. The code is much nicer, though somewhat experimental. https://github.com/pentestmonkey/unix-privesc-check/tree/master
11
12 If in doubt, try both.
+6
-0
debian/changelog less more
0 unix-privesc-check (1.4+git20210207.1.c7d27e8-0kali1) UNRELEASED; urgency=low
1
2 * New upstream snapshot.
3
4 -- Kali Janitor <[email protected]> Sun, 01 Jan 2023 08:26:27 -0000
5
06 unix-privesc-check (1.4-0kali1) kali-dev; urgency=medium
17
28 [ Raphaël Hertzog ]
+3
-0
doc/AUTHORS less more
0 pentestmonkey <[email protected]>
1 Bernardo Damele A. G. <[email protected]>
2 Tim Brown <[email protected]>
+339
-0
doc/COPYING.GPL less more
0 GNU GENERAL PUBLIC LICENSE
1 Version 2, June 1991
2
3 Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
4 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
5 Everyone is permitted to copy and distribute verbatim copies
6 of this license document, but changing it is not allowed.
7
8 Preamble
9
10 The licenses for most software are designed to take away your
11 freedom to share and change it. By contrast, the GNU General Public
12 License is intended to guarantee your freedom to share and change free
13 software--to make sure the software is free for all its users. This
14 General Public License applies to most of the Free Software
15 Foundation's software and to any other program whose authors commit to
16 using it. (Some other Free Software Foundation software is covered by
17 the GNU Lesser General Public License instead.) You can apply it to
18 your programs, too.
19
20 When we speak of free software, we are referring to freedom, not
21 price. Our General Public Licenses are designed to make sure that you
22 have the freedom to distribute copies of free software (and charge for
23 this service if you wish), that you receive source code or can get it
24 if you want it, that you can change the software or use pieces of it
25 in new free programs; and that you know you can do these things.
26
27 To protect your rights, we need to make restrictions that forbid
28 anyone to deny you these rights or to ask you to surrender the rights.
29 These restrictions translate to certain responsibilities for you if you
30 distribute copies of the software, or if you modify it.
31
32 For example, if you distribute copies of such a program, whether
33 gratis or for a fee, you must give the recipients all the rights that
34 you have. You must make sure that they, too, receive or can get the
35 source code. And you must show them these terms so they know their
36 rights.
37
38 We protect your rights with two steps: (1) copyright the software, and
39 (2) offer you this license which gives you legal permission to copy,
40 distribute and/or modify the software.
41
42 Also, for each author's protection and ours, we want to make certain
43 that everyone understands that there is no warranty for this free
44 software. If the software is modified by someone else and passed on, we
45 want its recipients to know that what they have is not the original, so
46 that any problems introduced by others will not reflect on the original
47 authors' reputations.
48
49 Finally, any free program is threatened constantly by software
50 patents. We wish to avoid the danger that redistributors of a free
51 program will individually obtain patent licenses, in effect making the
52 program proprietary. To prevent this, we have made it clear that any
53 patent must be licensed for everyone's free use or not licensed at all.
54
55 The precise terms and conditions for copying, distribution and
56 modification follow.
57
58 GNU GENERAL PUBLIC LICENSE
59 TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
60
61 0. This License applies to any program or other work which contains
62 a notice placed by the copyright holder saying it may be distributed
63 under the terms of this General Public License. The "Program", below,
64 refers to any such program or work, and a "work based on the Program"
65 means either the Program or any derivative work under copyright law:
66 that is to say, a work containing the Program or a portion of it,
67 either verbatim or with modifications and/or translated into another
68 language. (Hereinafter, translation is included without limitation in
69 the term "modification".) Each licensee is addressed as "you".
70
71 Activities other than copying, distribution and modification are not
72 covered by this License; they are outside its scope. The act of
73 running the Program is not restricted, and the output from the Program
74 is covered only if its contents constitute a work based on the
75 Program (independent of having been made by running the Program).
76 Whether that is true depends on what the Program does.
77
78 1. You may copy and distribute verbatim copies of the Program's
79 source code as you receive it, in any medium, provided that you
80 conspicuously and appropriately publish on each copy an appropriate
81 copyright notice and disclaimer of warranty; keep intact all the
82 notices that refer to this License and to the absence of any warranty;
83 and give any other recipients of the Program a copy of this License
84 along with the Program.
85
86 You may charge a fee for the physical act of transferring a copy, and
87 you may at your option offer warranty protection in exchange for a fee.
88
89 2. You may modify your copy or copies of the Program or any portion
90 of it, thus forming a work based on the Program, and copy and
91 distribute such modifications or work under the terms of Section 1
92 above, provided that you also meet all of these conditions:
93
94 a) You must cause the modified files to carry prominent notices
95 stating that you changed the files and the date of any change.
96
97 b) You must cause any work that you distribute or publish, that in
98 whole or in part contains or is derived from the Program or any
99 part thereof, to be licensed as a whole at no charge to all third
100 parties under the terms of this License.
101
102 c) If the modified program normally reads commands interactively
103 when run, you must cause it, when started running for such
104 interactive use in the most ordinary way, to print or display an
105 announcement including an appropriate copyright notice and a
106 notice that there is no warranty (or else, saying that you provide
107 a warranty) and that users may redistribute the program under
108 these conditions, and telling the user how to view a copy of this
109 License. (Exception: if the Program itself is interactive but
110 does not normally print such an announcement, your work based on
111 the Program is not required to print an announcement.)
112
113 These requirements apply to the modified work as a whole. If
114 identifiable sections of that work are not derived from the Program,
115 and can be reasonably considered independent and separate works in
116 themselves, then this License, and its terms, do not apply to those
117 sections when you distribute them as separate works. But when you
118 distribute the same sections as part of a whole which is a work based
119 on the Program, the distribution of the whole must be on the terms of
120 this License, whose permissions for other licensees extend to the
121 entire whole, and thus to each and every part regardless of who wrote it.
122
123 Thus, it is not the intent of this section to claim rights or contest
124 your rights to work written entirely by you; rather, the intent is to
125 exercise the right to control the distribution of derivative or
126 collective works based on the Program.
127
128 In addition, mere aggregation of another work not based on the Program
129 with the Program (or with a work based on the Program) on a volume of
130 a storage or distribution medium does not bring the other work under
131 the scope of this License.
132
133 3. You may copy and distribute the Program (or a work based on it,
134 under Section 2) in object code or executable form under the terms of
135 Sections 1 and 2 above provided that you also do one of the following:
136
137 a) Accompany it with the complete corresponding machine-readable
138 source code, which must be distributed under the terms of Sections
139 1 and 2 above on a medium customarily used for software interchange; or,
140
141 b) Accompany it with a written offer, valid for at least three
142 years, to give any third party, for a charge no more than your
143 cost of physically performing source distribution, a complete
144 machine-readable copy of the corresponding source code, to be
145 distributed under the terms of Sections 1 and 2 above on a medium
146 customarily used for software interchange; or,
147
148 c) Accompany it with the information you received as to the offer
149 to distribute corresponding source code. (This alternative is
150 allowed only for noncommercial distribution and only if you
151 received the program in object code or executable form with such
152 an offer, in accord with Subsection b above.)
153
154 The source code for a work means the preferred form of the work for
155 making modifications to it. For an executable work, complete source
156 code means all the source code for all modules it contains, plus any
157 associated interface definition files, plus the scripts used to
158 control compilation and installation of the executable. However, as a
159 special exception, the source code distributed need not include
160 anything that is normally distributed (in either source or binary
161 form) with the major components (compiler, kernel, and so on) of the
162 operating system on which the executable runs, unless that component
163 itself accompanies the executable.
164
165 If distribution of executable or object code is made by offering
166 access to copy from a designated place, then offering equivalent
167 access to copy the source code from the same place counts as
168 distribution of the source code, even though third parties are not
169 compelled to copy the source along with the object code.
170
171 4. You may not copy, modify, sublicense, or distribute the Program
172 except as expressly provided under this License. Any attempt
173 otherwise to copy, modify, sublicense or distribute the Program is
174 void, and will automatically terminate your rights under this License.
175 However, parties who have received copies, or rights, from you under
176 this License will not have their licenses terminated so long as such
177 parties remain in full compliance.
178
179 5. You are not required to accept this License, since you have not
180 signed it. However, nothing else grants you permission to modify or
181 distribute the Program or its derivative works. These actions are
182 prohibited by law if you do not accept this License. Therefore, by
183 modifying or distributing the Program (or any work based on the
184 Program), you indicate your acceptance of this License to do so, and
185 all its terms and conditions for copying, distributing or modifying
186 the Program or works based on it.
187
188 6. Each time you redistribute the Program (or any work based on the
189 Program), the recipient automatically receives a license from the
190 original licensor to copy, distribute or modify the Program subject to
191 these terms and conditions. You may not impose any further
192 restrictions on the recipients' exercise of the rights granted herein.
193 You are not responsible for enforcing compliance by third parties to
194 this License.
195
196 7. If, as a consequence of a court judgment or allegation of patent
197 infringement or for any other reason (not limited to patent issues),
198 conditions are imposed on you (whether by court order, agreement or
199 otherwise) that contradict the conditions of this License, they do not
200 excuse you from the conditions of this License. If you cannot
201 distribute so as to satisfy simultaneously your obligations under this
202 License and any other pertinent obligations, then as a consequence you
203 may not distribute the Program at all. For example, if a patent
204 license would not permit royalty-free redistribution of the Program by
205 all those who receive copies directly or indirectly through you, then
206 the only way you could satisfy both it and this License would be to
207 refrain entirely from distribution of the Program.
208
209 If any portion of this section is held invalid or unenforceable under
210 any particular circumstance, the balance of the section is intended to
211 apply and the section as a whole is intended to apply in other
212 circumstances.
213
214 It is not the purpose of this section to induce you to infringe any
215 patents or other property right claims or to contest validity of any
216 such claims; this section has the sole purpose of protecting the
217 integrity of the free software distribution system, which is
218 implemented by public license practices. Many people have made
219 generous contributions to the wide range of software distributed
220 through that system in reliance on consistent application of that
221 system; it is up to the author/donor to decide if he or she is willing
222 to distribute software through any other system and a licensee cannot
223 impose that choice.
224
225 This section is intended to make thoroughly clear what is believed to
226 be a consequence of the rest of this License.
227
228 8. If the distribution and/or use of the Program is restricted in
229 certain countries either by patents or by copyrighted interfaces, the
230 original copyright holder who places the Program under this License
231 may add an explicit geographical distribution limitation excluding
232 those countries, so that distribution is permitted only in or among
233 countries not thus excluded. In such case, this License incorporates
234 the limitation as if written in the body of this License.
235
236 9. The Free Software Foundation may publish revised and/or new versions
237 of the General Public License from time to time. Such new versions will
238 be similar in spirit to the present version, but may differ in detail to
239 address new problems or concerns.
240
241 Each version is given a distinguishing version number. If the Program
242 specifies a version number of this License which applies to it and "any
243 later version", you have the option of following the terms and conditions
244 either of that version or of any later version published by the Free
245 Software Foundation. If the Program does not specify a version number of
246 this License, you may choose any version ever published by the Free Software
247 Foundation.
248
249 10. If you wish to incorporate parts of the Program into other free
250 programs whose distribution conditions are different, write to the author
251 to ask for permission. For software which is copyrighted by the Free
252 Software Foundation, write to the Free Software Foundation; we sometimes
253 make exceptions for this. Our decision will be guided by the two goals
254 of preserving the free status of all derivatives of our free software and
255 of promoting the sharing and reuse of software generally.
256
257 NO WARRANTY
258
259 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
260 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
261 OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
262 PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
263 OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
264 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
265 TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
266 PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
267 REPAIR OR CORRECTION.
268
269 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
270 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
271 REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
272 INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
273 OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
274 TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
275 YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
276 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
277 POSSIBILITY OF SUCH DAMAGES.
278
279 END OF TERMS AND CONDITIONS
280
281 How to Apply These Terms to Your New Programs
282
283 If you develop a new program, and you want it to be of the greatest
284 possible use to the public, the best way to achieve this is to make it
285 free software which everyone can redistribute and change under these terms.
286
287 To do so, attach the following notices to the program. It is safest
288 to attach them to the start of each source file to most effectively
289 convey the exclusion of warranty; and each file should have at least
290 the "copyright" line and a pointer to where the full notice is found.
291
292 <one line to give the program's name and a brief idea of what it does.>
293 Copyright (C) <year> <name of author>
294
295 This program is free software; you can redistribute it and/or modify
296 it under the terms of the GNU General Public License as published by
297 the Free Software Foundation; either version 2 of the License, or
298 (at your option) any later version.
299
300 This program is distributed in the hope that it will be useful,
301 but WITHOUT ANY WARRANTY; without even the implied warranty of
302 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
303 GNU General Public License for more details.
304
305 You should have received a copy of the GNU General Public License along
306 with this program; if not, write to the Free Software Foundation, Inc.,
307 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
308
309 Also add information on how to contact you by electronic and paper mail.
310
311 If the program is interactive, make it output a short notice like this
312 when it starts in an interactive mode:
313
314 Gnomovision version 69, Copyright (C) year name of author
315 Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
316 This is free software, and you are welcome to redistribute it
317 under certain conditions; type `show c' for details.
318
319 The hypothetical commands `show w' and `show c' should show the appropriate
320 parts of the General Public License. Of course, the commands you use may
321 be called something other than `show w' and `show c'; they could even be
322 mouse-clicks or menu items--whatever suits your program.
323
324 You should also get your employer (if you work as a programmer) or your
325 school, if any, to sign a "copyright disclaimer" for the program, if
326 necessary. Here is a sample; alter the names:
327
328 Yoyodyne, Inc., hereby disclaims all copyright interest in the program
329 `Gnomovision' (which makes passes at compilers) written by James Hacker.
330
331 <signature of Ty Coon>, 1 April 1989
332 Ty Coon, President of Vice
333
334 This General Public License does not permit incorporating your program into
335 proprietary programs. If your program is a subroutine library, you may
336 consider it more useful to permit linking proprietary applications with the
337 library. If this is what you want to do, use the GNU Lesser General
338 Public License instead of this License.
+6
-0
doc/COPYING.UNIX-PRIVESC-CHECK less more
0 Version 1 of this tool may be used for legal purposes only. Users take full
1 responsibility for any actions performed using this tool. The author accepts
2 no liability for damage caused by this tool. If these terms are not acceptable
3 to you, then you are not permitted to use this tool.
4
5 In all other respects the GPL version 2 applies.
+465
-0
doc/ChangeLog less more
0 2015-01-06 unix-privesc-check trunk
1
2 * Cleaned up file structure
3 * Bug fix: Renamed environment variable from CHECKTYPE to TYPE to match flag
4 * Bug fix: Renamed flag from --check to --checks to match environment variable
5 * Bug fix: UNIX not Unix
6 * Bug fix: Make flag processing match help order
7 * Bug fix: Cleaned up file_is functions in lib/misc/file
8 * Bug fix: Output erronous value where value is not a string
9 * Bug fix: Make file cache filename less racey
10 * Bug fix: Make privileged cache filename less racey
11
12 2012-11-14 unix-privesc-check trunk
13
14 * Tidied docs/CHANGELOG
15 * Updated docs/HACKING
16 * Tidied upc.sh
17 * Added tools/generate_docs.sh to generate stub documentation for
18 lib/misc/* and lib/checks/*
19
20 -- Tim Brown <[email protected]>
21
22 2012-11-05 unix-privesc-check trunk
23
24 * Add support for PostgreSQL
25 * Added lib/checks/postgresql_configuration
26 * Added lib/checks/postgresql_connection
27 * Added lib/checks/postgresql_trust
28 * Added lib/misc/postgresql
29 * Added lib/misc/ldap and lib/checks/ldap_authentication
30 * Added lib/misc/nis and lib/checks/nis_authentication
31 * Added lib/checks/privileged_arguments to verify if textual
32 privileged files (like bash scripts) accept arguments from command line
33 * Added lib/misc/init and support in lib/misc/privileged
34 * Added security check to verify device mount options: dev, suid, user
35 * Added function file_is_basename to lib/misc/file
36 * Renamed lib/checks/devices to lib/checks/devices_permission
37
38 -- Bernardo Damele A. G. <[email protected]>
39
40 2012-11-02 unix-privesc-check trunk
41
42 * Bug fix: uname on Solaris returns SunOS
43 * Added lib/misc/device and lib/checks/devices to verify world-readable and
44 world-writable permission on all device files including swap device(s)
45 * Improved lib/misc/cron to correctly handle PATH variable from /etc/crontab
46 and to differentiate programs lauched by /etc/crontab with
47 /etc/cron.[hourly|daily|monthly]
48 * Added lib/checks/privileged_environment_variables to verify if textual
49 privileged files (like bash scripts) use environment variables
50 * Improved lib/checks/privileged_tmp to also process textual privileged
51 files (like bash scripts)
52 * Added binary_matches_string_grep function to lib/misc/binary to avoid
53 interpreting the pattern as an extended regular expression
54
55 -- Bernardo Damele A. G. <[email protected]>
56
57 2012-11-01 unix-privesc-check trunk
58
59 * Bug fix: Return value in lib/misc/binary
60 * Bug fix: Avoid recursing the linker_list_dependencies function
61 * Added lib/misc/inittab and support in lib/misc/privileged
62 * Improved lib/checks/system_configuration check to display also sensitive
63 directories and their content
64 * Improved lic/checks/system_configuration to notify about writable
65 configuration files by non-root users
66 * More detailed stdout messages for file owner condition across
67 lib/checks/*
68 * Updated the lib/misc/shadow and lib/checks/shadow_hash to display a
69 warning message when the password hashes file is readable
70 * Cleaned the code of libs/checks/privileged_dependency
71
72 -- Bernardo Damele A. G. <[email protected]>
73
74 2012-10-31 unix-privesc-check trunk
75
76 * Added lib/misc/cron to parse /etc/cron*, /var/spool/cron/crontabs/*,
77 crontab -l and used it in lib/misc/privileged
78 * Enhanced process_show_command function to process /proc/PID/environ and
79 return script file path instead of ruby, perl, bash, etc
80 * Added parse_environ_cwd function to parse /proc/PID/environ file and
81 extract the process current working directory
82 * Added a preliminary check to all functions that call objdump to ensure
83 the file is not a textual file (like a bash script, etc)
84 * Added other file paths to check for permissions in
85 lib/checks/system_configuration
86 * Added file_is_directory function to lib/misc/file
87
88 -- Bernardo Damele A. G. <[email protected]>
89
90 2012-10-30 unix-privesc-check trunk
91
92 * Added lib/checks/sudo to verify permissions on /etc/sudoers and its
93 entries
94 * Added functions to parse /etc/sudoers to lib/misc/sudo
95
96 -- Bernardo Damele A. G. <[email protected]>
97
98 2012-10-28 unix-privesc-check trunk
99
100 * Added lib/checks/history_readable to list all readable .*_history
101 files
102 * Added lib/checks/homedirs_executable and lib/checks/homedirs_writable
103 * Added lib/checks/system_configuration to list writable permissions on
104 system configuration files and directories
105 * Added support for --verbose switch
106 * Added passwd_show_homedir function to lib/misc/passwd
107 * Aligned test types (symlinks) to all recently developed security checks
108 * Bug fix: group_is_in_group_name function
109
110 -- Bernardo Damele A. G. <[email protected]>
111
112 2012-10-22 unix-privesc-check trunk
113
114 * Added lib/checks/privileged_nx
115 * Added lib/checks/privileged_relro
116 * Added lib/misc/kernel
117 * Added lib/checks/system_aslr
118 * Added lib/checks/system_mmap
119 * Added lib/checks/system_nx
120 * Added lib/checks/system_selinux
121 * Added permission_is_world_writable_sticky_bit function to
122 lib/misc/permission
123 * Added support to verify sticky bit against world-writable directories
124 * Renamed lib/checks/banned_* to lib/checks/privileged_*
125
126 -- Bernardo Damele A. G. <[email protected]>
127
128 2012-10-22 unix-privesc-check trunk
129
130 * Added lib/misc/validation and modified lib/misc/* to use it.
131 The aim is to sanity check that libraries are being called
132 correctly. We can improve this over time
133 * Bug fix: Renamed validation_is_regex to validation_matches_regex
134 in lib/misc/validation
135 * Bug fix: validation_matches_regex test was wrong, should be -n
136 not -r in lib/misc/validation
137 * Bug fix: Added inclusion checks to prevent multiple inclusions
138 * Bug fix: Changed lib/misc/* to catch data returned by
139 validate_is_*
140 * Removed unnecessary calls to file_check_or_generate_cache in
141 lib/misc/checks/*
142 * Updated symlinks for different types of scan
143 * Removed tools/banned.h
144 * Tidied up formatting
145 * Fixed AIX specific bug with checking users don't have a password
146 of ! in lib/checks/passwd_hashes
147
148 -- Tim Brown <[email protected]>
149
150 2012-10-21 unix-privesc-check trunk
151
152 * Added library to parse patterns, for now implements only one function to
153 extract and return all absolute file paths, parse_extract_absolute_filepaths
154 * Added lib/misc/sudo
155 * Added sudo support to lib/misc/privileged
156 * Added lib/misc/user
157 * Added lib/misc/group
158 * Added lib/misc/permission
159 * Added file_is_readable function to lib/misc/file
160 * Added two functions to lib/misc/file
161 * file_exists_file and file_is_regular_file
162 * Added validate_is_boolean function to lib/misc/validate
163 * Added support for --color switch to enable output coloring
164 * Updated lib/checks/jar and lib/checks/key_material
165 * Removed one cycle, minor refactoring and use lib/misc/user and
166 lib/misc/group
167 * Ported all calls to id command through the code to their relevant
168 user/group libraries functions
169 * Bug fix: Missing import bug in lib/checks/binary_rpath
170
171 -- Bernardo Damele A. G. <[email protected]>
172
173 2012-10-21 unix-privesc-check trunk
174
175 * Bug fix: Changed $VERSION to ${VERSION} etc in upc.sh
176 * Removed old TODOs from lib/checks/set[ug]id
177 * Bug fix: Removed symlink exclusion in lib/misc/file cache
178 generation
179
180 -- Tim Brown <[email protected]>
181
182 2012-10-20 unix-privesc-check trunk
183
184 * Minor improvements to lib/misc/linker
185 * Bug fix: Avoid using file as variable name
186 * Bug fix: Use grep instead of egrep in one file function
187 * Consolidated the stdout to clarify where the warning message throughout
188 lib/checks/binary_*
189 * Improved lib/checks/key_material and lib/checks/jar to show more detailed stdout
190 * Major speedup to lib/checks/group_writable and lib/checks/world_writable
191 * Re-engineered lib/checks/binary_dependency
192 * Improved lib/checks/binary_rpath and lib/checks/binary_writable to also verify
193 write access by non-root users
194 * Refactored lib/checks/system_libraries code
195 * Added function to check for SSH key files permissions to lib/checks/ssh_agent
196 * Renamed lib/checks/ssh_key_unencrypted to lib/checks/ssh_key
197 * Consolidated lib/checks/ssh_agent and lib/checks/ssh_key checks to also
198 show encrypted key files
199 * Removed exclusions from lib/checks/credentials
200 * Created lib/misc/file function file_is_textual
201 * Improved file_show_symlinked_filename function to be recursive and always
202 return the real linked filename
203
204 -- Bernardo Damele A. G. <[email protected]>
205
206 2012-10-19 unix-privesc-check trunk
207
208 * Re-engineered check lib/checks/binary_rpath
209 * Fixed the file_parent_traverse function call in lib/checks/binary_writable
210 and lib/checks/system_libraries
211 * Fixed some more checks' descriptions
212 * Bug fix: Syntax fix in lib/misc/binary
213
214 -- Bernardo Damele A. G. <[email protected]>
215
216 2012-10-18 unix-privesc-check trunk
217
218 * Tidied up upc.sh, added an additional error check
219 * Purged dummy, replaced with _ after suggestion from BDA
220 * Bug fix: No longer considers "enabled" as a check
221 * Changed lib/misc/privileged to split out cache generation so that it
222 happens on inclusion
223 * Bug fix: Removed unintentional trailing space from file cache
224
225 -- Tim Brown <[email protected]>
226
227 2012-10-18 unix-privesc-check trunk
228
229 * Bug fix: Fixed regexp patterns to avoid returning directories in
230 lib/misc/privileged and lib/misc/file
231
232 -- <[email protected]>
233
234 2012-10-18 unix-privesc-check trunk
235
236 * Added check lib/checks/binary_writable
237 * Bug fix: Proper use of dirname in file_show_symlinked_filename function
238 * Bug fix: Replaced STDIN redirection with cat for inetd configuration
239 files parsing in lib/misc/linker
240 * Bug fix: Avoid escaping a path with an asterisk in lib/misc/ssh_agent
241 * Refactored check lib/checks/system_libraries code
242 * Refactored check lib/checks/world_writable code
243 * Refactored check lib/checks/binary_dependency code
244 * Refactored checks lib/checks/setuid and lib/checks/setgid code
245 * Improved a lot speed of lib/checks/jar and lib/checks/key_material
246 * Improved lib/misc/ssh_agent to work on recent Linux distributions too
247 and inspect /tmp folder for both SSH agent parent process and pid-1
248 * Avoid duplicate processes entries in lib/misc/privileged
249 * Improved regular expression patterns throughout the code
250 * Added --check and --version switches to upc.sh
251 * Added description to missing checks
252 * Added verbose comment to lib/checks/ssh_key_unencrypted with suggestions
253 for improvements
254 * Set subversion properties on all missing files
255
256 -- Bernardo Damele A. G. <[email protected]>
257
258 2012-10-18 unix-privesc-check trunk
259
260 * Changed lib/misc/shadow to favour 1 egrep over 2 greps
261
262 -- Tim Brown <[email protected]>
263
264 2012-10-17 unix-privesc-check trunk
265
266 * Added lib/checks/binary_path
267 * Added lib/checks/binary_random
268 * Changed stdio_message_error to output to STDERR
269 in lib/misc/stdio
270 * Removed date from output (reverting BDA change)
271 * Updated lib/misc/ssh_agent
272 * Updated lib/misc/shadow
273 * Updated lib/misc/process (reverting BDA change)
274 * Updated lib/misc/privileged (partially reverting BDA change)
275 * Kept the caching code
276 * Kept variable name changed to make the code more readable
277 * Updated lib/misc/passwd
278 * Updated lib/misc/linker (reverting BDA change)
279 * Updated lib/misc/inetd (reverting BDA change)
280 * Updated lib/misc/dependencies to disable for now. The
281 principal is solid, but it needs more consideration.
282 For example, why does only lib/misc/binary need dependencies,
283 what happens on non-Linux systems etc
284 * Added docs/HACKING. I will need to work on it but it should
285 help to smooth the path for new hackers :)
286 * Updated lib/misc/file (partially reverting BDA change)
287 * Kept symlink related code
288 * Kept permissions related code
289 * Changed lib/misc/privileged to use file_list_by_perms
290 correctly. Bonus, reduction of loops
291
292 -- Tim Brown <[email protected]>
293
294 2012-10-17 unix-privesc-check trunk
295
296 * Added binary_banned_api function to lib/misc/binary
297 * Added file_show_symlinked_file function to lib/misc/file
298 * Added code comments to lib/misc/file
299 * Added cashing mechanism to lib/misc/privileged
300 * Added file headers throughout the source code
301 * Added checks' description in comment headers
302 * Added date to standard output function
303 * Added an error message log function
304 * Added notification of needed dependencies (binutils package)
305 * Narrowed down regular expression patterns in some checks
306 * Refactored check lib/checks/credentials code and exclude man pages and
307 python/ruby/perl libraries
308 * Refactored check lib/checks/binary_dependency code
309 * Refactored check lib/checks/group_writable code
310 * Removed unnecessary Linux-specific code from lib/misc/process
311 * Standardized checks' standard output and removed unnecessary lines
312
313 -- Bernardo Damele A. G. <[email protected]>
314
315 2012-09-23 unix-privesc-check trunk
316
317 * Bug fix: Changed from stdio_message_debug to stdio_message_warn
318 in lib/checks/binary_banned
319 * Bug fix: Incorrect symlink checking in binary_dependency,
320 binary_rpath, world_writable and group_writable
321 * Added support for PIE to lib/misc/binary
322 * Added lib/checks/binary_pie
323
324 -- Tim Brown <[email protected]>
325
326 2012-09-22 unix-privesc-check trunk
327
328 * Started adding --help
329 * Removed date from output
330 * Bug fix: Changed $1 to ${1} etc
331 * Added message when generating cache
332 * Bug fix: Checking wrong variable in lib/misc/process
333 * Added lib/misc/privileged
334 * Changed string checks from "" to -n etc
335 * Standardised variable names
336 * Changed how checks are enabled, it is now possible to have
337 different types of scan using --type
338 * Added check for encryption to lib/checks/ssh_key_unencrypted
339 * Renamed lib/checks/binary_changeprivs to
340 lib/checks/binary_change_privileges
341 * Updated docs/COPYING.UNIX-PRIVESC-CHECK to reference
342 version 1 explicitly. This will allow version 2 into
343 Debian and other free distributions
344 * Added lib/checks/binary_banned
345 * Added check for lack of XXX in lib/checks/tmp
346 * Added check for DT_RUNPATH to lib/checks/binary_rpath
347 * Started work on porting lib/misc/* to Solaris
348
349 -- Tim Brown <[email protected]>
350
351 2012-09-11 unix-privesc-check trunk
352
353 * Branching 1.x at revision 26
354 * 2.0 released
355 * Bug fix: Typo in lib/checks/binary_dependency
356 * Improved output of lib/checks/system_libraries,
357 lib/checks/binary_dependency, lib/checks/binary_rpath
358
359 -- Tim Brown <[email protected]>
360
361 2010-12-30 unix-privesc-check trunk
362
363 * Bug fix: Cleaned up a typo
364 * Added support for fscaps
365 * Updated CHANGELOG
366
367 -- Tim Brown <[email protected]>
368
369 2010-11-09 unix-privesc-check trunk
370
371 * Bug fix: False positive if svn.simple directory is empty
372
373 -- <[email protected]>
374
375 2010-11-04 unix-privesc-check trunk
376
377 * Added unique issue numbers. Should help to generate reports
378
379 -- <[email protected]>
380
381 2010-04-17 unix-privesc-check trunk
382
383 * Bug fix: Now checks HP-UX swap permissions correctly
384 * Bug fix: Cleaned up a few typos
385
386 -- Tim Brown <[email protected]>
387
388 2010-09-27 unix-privesc-check trunk
389
390 * Added check for cleartext subversion passwords in home directory
391
392 -- <[email protected]>
393
394 2010-01-06 unix-privesc-check trunk
395
396 * Added support for exploit mitigations (HP-UX and Solaris)
397 * Checks if shadow and passwd are writable, thanks jdv
398 * Checks for SetUID shell scripts which might be racey
399 * Improved NX and SSP checks (Linux only)
400 * Bug fix: Cleaned up a few typos
401
402 -- Tim Brown <[email protected]>
403
404 2009-09-23 unix-privesc-check trunk
405
406 * Bug fix: Cron jobs starting with '(' parsed properly
407 * Checks perms on Java classpath
408
409 -- <[email protected]>
410
411 2009-09-06 unix-privesc-check trunk
412
413 * Added MMAP allows map to 0 exploit mitigation (Linux ATM)
414 * Added SELinux exploit mitigation (Linux only)
415
416 -- Tim Brown <[email protected]>
417
418 2009-07-30 unix-privesc-check v1.5
419
420 * Initial AIX support added
421 * Check for exploit mitigations (Linux only ATM)
422 * Brain dumped some more interesting things to check for into TODOs
423 * Bug fix: Fixed typos in comments
424 * Added SSP exploit mitigation (Linux only ATM)
425
426 -- Tim Brown <[email protected]>
427
428 2008-11-23 unix-privesc-check v1.4
429
430 * Added check of file perms of shared libraries used by SUID programs
431 * Tidied output slightly
432
433 2008-11-09 unix-privesc-check v1.3
434
435 * Bug fix: Parts of the script only worked with /bin/bash and not /bin/sh
436 * Bug fix: Fixed typos in reporting for privescs via cron
437
438 2008-07-06 unix-privesc-check v1.2
439
440 * Added check of library dirs (/etc/ld.so.conf) for Linux
441 * Crude check of programs called from shell scripts
442 * Check of libraries used by each binary program (using ldd)
443 * Check of hard-coded paths within binaries (using strings)
444 * More verbose WARNING messages. All the explanation for a WARNING
445 should now be on one line so you can grep for 'WARNING' and still
446 understand the results
447 * Check of file perms on open file handles of running processes
448 * Check for running SSH agent. Lists keys if possible
449 * Check for public and private SSH keys in home directories
450 * Check for running GPG agent
451 * Check for cron jobs in /var/spool/cron/tabs
452 * Extra non-priv check for local postgres trusts
453 * Bug fix: lanscan now used on HPUX to get interface names
454 * Check if system is an NFS client (HPUX only)
455 * Check if swap space is readable / writable
456
457 2008-04-17 unix-privesc-check v1.1
458
459 * Added check for accounts with no password in /etc/passwd
460 * Record some basic info about the host (hostname, uname -a, interface IPs)
461
462 2008-02-01 unix-privesc-check v1.0
463
464 * Initial public release
+33
-0
doc/HACKING less more
0 General:
1
2 * docs/* exists for a reason, especially docs/CHANGELOG
3 * Changes should match commit messages, barring mistakes
4 * "Bug fix:" should be used to identify minor changes due to
5 coding errors
6 * docs/CHANGELOG should reference filename of changed files
7 * Quote correctly
8 * Use double-quotes, not single-quotes
9 * Variable names should be descriptive
10 * Reference variables as ${variablename}
11 * "printf --" unless you have reason not to
12 * Avoid unnecessary cats, never use two commands if one will do
13 * No unnecessary new lines, the only blocks should be those
14 introduced by code: if/then/else/fi etc
15 * Redirects take the form >/path/to/redirect/to (i.e. no space)
16
17 lib/misc/*:
18
19 * Changes to existing APIs used by lib/checks/* must be discussed
20 prior to implementation
21 * Such changes to the APIs used by lib/checks/* must be minimised
22 * New APIs can be freely added
23 * Code in here is meant to be ported to new platforms
24 * OS specific code should be minimised
25 * Don't read _ if there's a chance the data may be useful later
26 * Validate your input using lib/misc/validate
27
28 lib/checks/*:
29
30 * Code in here is meant to be portable, it should inherit new
31 capabilities by way of changes to lib/misc/*
32 * Avoid OS specific code, the APIs should fail sane
+2
-0
doc/TODO less more
0 * Rewrite the filesystem caching (ATM it only gets generated on first run to reduce testing time)
1 * Add support for other OS
+26
-0
doc/TODO-v1 less more
0 $Revision$
1
2 This program is free software; you can redistribute it and/or modify
3 it under the terms of the GNU General Public License as published by
4 the Free Software Foundation; either version 2 of the License, or
5 (at your option) any later version.
6
7 This program is distributed in the hope that it will be useful,
8 but WITHOUT ANY WARRANTY; without even the implied warranty of
9 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 GNU General Public License for more details.
11
12 You should have received a copy of the GNU General Public License
13 along with this program; if not, write to the Free Software
14 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
15
16 (c) Tim Brown, 2012
17 (c) [email protected], 2008
18 <mailto:[email protected]>
19 <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20
21 [UPC001] WARNING: $O_MESSAGE_STACK The user $O_FILE_USER can write to $O_FILE
22 [UPC002] WARNING: $O_MESSAGE_STACK The group $O_FILE_GROUP can write to $O_FILE
23 [UPC003] WARNING: $O_MESSAGE_STACK World write is set for $O_FILE (but sticky bit set)
24 [UPC004] WARNING: $O_MESSAGE_STACK World write is set for $O_FILE
25 [UPC043] WARNING: fscaps shell script, may be vulnerable to race attacks
+83
-0
lib/checks/credentials less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check for read permissions on sensitive files
22
23 . lib/misc/file
24 . lib/misc/group
25 . lib/misc/stdio
26
27 credentials_init () {
28 stdio_message_log "credentials" "Starting at: `date`"
29 }
30
31 credentials_permissions () {
32 pattern="${1}"
33 file_show_non_symlink_perms " ${pattern}$" | while read filename permissions userid groupid
34 do
35 case "${permissions}" in
36 ???????r??)
37 stdio_message_warn "credentials" "${filename} is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
38 ;;
39 ????r?????)
40 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
41 then
42 stdio_message_warn "credentials" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable (${permissions})"
43 else
44 stdio_message_log "credentials" "${filename} is owned by user ${userid} (group ${groupid}) and is group-readable (${permissions})"
45 fi
46 ;;
47 esac
48 done
49 }
50
51 credentials_main () {
52 # TODO we should expand this list
53 for pattern in "*passwd$" "*shadow$" "*password$" "*id_dsa*" "*id_rsa*" "*\.ssh/*" "*authorized_keys" "*rhosts" "*htaccess$" "*.subversion/auth/svn.simple/*"
54 do
55 file_list_by_filename "${pattern}" | while read filename
56 do
57 # exclude man pages and python/ruby/perl libraries
58 case "${filename}" in
59 */man/*|/usr/lib*|/usr/share/doc/*|/usr/local/rvm/*|/usr/bin/*|/usr/sbin/*)
60 continue
61 ;;
62 esac
63
64 if [ -h "${filename}" ]
65 then
66 linkedfilename="`file_show_symlinked_filename "${filename}"`"
67
68 if [ -n "${linkedfilename}" ]
69 then
70 #stdio_message_debug "credentials" "${filename} is a symlink to ${linkedfilename}"
71 credentials_permissions ${linkedfilename}
72 fi
73 else
74 credentials_permissions ${filename}
75 fi
76 done
77 done
78 }
79
80 credentials_fini () {
81 stdio_message_log "credentials" "Ending at: `date`"
82 }
+56
-0
lib/checks/devices_options less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check for weak options on devices files
22
23 . lib/misc/device
24 . lib/misc/file
25 . lib/misc/stdio
26
27 devices_options_init () {
28 stdio_message_log "devices_options" "Starting at: `date`"
29 }
30
31 devices_options_main () {
32 device_list_options | while read device options
33 do
34 if [ -n "`printf -- \"${options}\" | egrep -- \"user\"`" -a -z "`printf -- \"${options}\" | egrep -- \"nouser\"`" ]
35 then
36 stdio_message_warn "devices_options" "device file ${device} can be mounted by users"
37 fi
38 if [ -n "`printf -- \"${options}\" | egrep -- \"dev\"`" -a -z "`printf -- \"${options}\" | egrep -- \"nodev\"`" ]
39 then
40 stdio_message_debug "devices_options" "device file ${device} interprets block devices"
41 fi
42 if [ -n "`printf -- \"${options}\" | egrep -- \"suid\"`" -a -z "`printf -- \"${options}\" | egrep -- \"nosuid\"`" ]
43 then
44 stdio_message_log "devices_options" "device file ${device} permits the execution of setuid and setgid executables"
45 fi
46 if [ -n "`printf -- \"${options}\" | egrep -- \"defaults\"`" -a -z "`printf -- \"${options}\" | egrep -- \"nosuid\"`" ]
47 then
48 stdio_message_log "devices_options" "device file ${device} permits the execution of setuid and setgid executables"
49 fi
50 done
51 }
52
53 devices_options_fini () {
54 stdio_message_log "devices_options" "Ending at: `date`"
55 }
+80
-0
lib/checks/devices_permission less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check for world-readable and world-writable permissions on devices files
22
23 . lib/misc/device
24 . lib/misc/file
25 . lib/misc/stdio
26
27 devices_permission_init () {
28 stdio_message_log "devices_permission" "Starting at: `date`"
29 }
30
31 devices_permission_permissions () {
32 device="${1}"
33 mountpoint="`device_get_mountpoint \"${device}\"`"
34 if [ -n "${mountpoint}" ]
35 then
36 message="mounted to ${mountpoint}"
37 elif [ "`device_is_swap \"${device}\"`" -eq 1 ]
38 then
39 message="swap"
40 else
41 message="not mounted"
42 fi
43 file_show_non_symlink_perms " ${device}$" | while read filename permissions userid groupid
44 do
45 case "${permissions}" in
46 ???????rw?)
47 stdio_message_warn "devices_permission" "device file ${filename} (${message}) is owned by user ${userid} (group ${groupid}) and is world-readable and world-writable (${permissions})"
48 ;;
49 ????????w?)
50 stdio_message_warn "devices_permission" "device file ${filename} (${message}) is owned by user ${userid} (group ${groupid}) and is world-writable (${permissions})"
51 ;;
52 ???????r??)
53 stdio_message_warn "devices_permission" "device file ${filename} (${message}) is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
54 ;;
55 esac
56 done
57 }
58
59 devices_permission_main () {
60 device_list | while read device
61 do
62 if [ -h "${device}" ]
63 then
64 linkeddevice="`file_show_symlinked_filename \"${device}\"`"
65 if [ -z "${linkeddevice}" ]
66 then
67 continue
68 fi
69 #stdio_message_debug "devices_permission" "device file ${device} is a symbolic link to ${linkeddevice}"
70 devices_permission_permissions "${linkeddevice}"
71 else
72 devices_permission_permissions "${device}"
73 fi
74 done
75 }
76
77 devices_permission_fini () {
78 stdio_message_log "devices_permission" "Ending at: `date`"
79 }
+1
-0
lib/checks/enabled/all/credentials less more
0 ../../credentials
+1
-0
lib/checks/enabled/all/gpg_agent less more
0 ../../gpg_agent
+1
-0
lib/checks/enabled/all/group_writable less more
0 ../../group_writable
+1
-0
lib/checks/enabled/all/history_readable less more
0 ../../history_readable
+1
-0
lib/checks/enabled/all/homedirs_executable less more
0 ../../homedirs_executable
+1
-0
lib/checks/enabled/all/homedirs_writable less more
0 ../../homedirs_writable
+1
-0
lib/checks/enabled/all/jar less more
0 ../../jar
+1
-0
lib/checks/enabled/all/key_material less more
0 ../../key_material
+1
-0
lib/checks/enabled/all/passwd_hashes less more
0 ../../passwd_hashes
+1
-0
lib/checks/enabled/all/privileged_banned less more
0 ../../privileged_banned
+1
-0
lib/checks/enabled/all/privileged_change_privileges less more
0 ../../privileged_change_privileges
+1
-0
lib/checks/enabled/all/privileged_chroot less more
0 ../../privileged_chroot
+1
-0
lib/checks/enabled/all/privileged_dependency less more
0 ../../privileged_dependency
+1
-0
lib/checks/enabled/all/privileged_nx less more
0 ../../privileged_nx
+1
-0
lib/checks/enabled/all/privileged_path less more
0 ../../privileged_path
+1
-0
lib/checks/enabled/all/privileged_pie less more
0 ../../privileged_pie
+1
-0
lib/checks/enabled/all/privileged_random less more
0 ../../privileged_random
+1
-0
lib/checks/enabled/all/privileged_relro less more
0 ../../privileged_relro
+1
-0
lib/checks/enabled/all/privileged_rpath less more
0 ../../privileged_rpath
+1
-0
lib/checks/enabled/all/privileged_ssp less more
0 ../../privileged_ssp
+1
-0
lib/checks/enabled/all/privileged_tmp less more
0 ../../privileged_tmp
+1
-0
lib/checks/enabled/all/privileged_writable less more
0 ../../privileged_writable
+1
-0
lib/checks/enabled/all/setgid less more
0 ../../setgid
+1
-0
lib/checks/enabled/all/setuid less more
0 ../../setuid
+1
-0
lib/checks/enabled/all/shadow_hashes less more
0 ../../shadow_hashes
+1
-0
lib/checks/enabled/all/ssh_agent less more
0 ../../ssh_agent
+1
-0
lib/checks/enabled/all/ssh_key less more
0 ../../ssh_key
+1
-0
lib/checks/enabled/all/system_aslr less more
0 ../../system_aslr
+1
-0
lib/checks/enabled/all/system_configuration less more
0 ../../system_configuration
+1
-0
lib/checks/enabled/all/system_libraries less more
0 ../../system_libraries
+1
-0
lib/checks/enabled/all/system_mmap less more
0 ../../system_mmap
+1
-0
lib/checks/enabled/all/system_nx less more
0 ../../system_nx
+1
-0
lib/checks/enabled/all/system_selinux less more
0 ../../system_selinux
+1
-0
lib/checks/enabled/all/world_writable less more
0 ../../world_writable
+1
-0
lib/checks/enabled/attack_surface/credentials less more
0 ../../credentials
+1
-0
lib/checks/enabled/attack_surface/devices_permission less more
0 ../../devices_permission
+1
-0
lib/checks/enabled/attack_surface/history_readable less more
0 ../../history_readable
+1
-0
lib/checks/enabled/attack_surface/homedirs_executable less more
0 ../../homedirs_executable
+1
-0
lib/checks/enabled/attack_surface/homedirs_writable less more
0 ../../homedirs_writable
+1
-0
lib/checks/enabled/attack_surface/key_material less more
0 ../../key_material
+1
-0
lib/checks/enabled/attack_surface/passwd_hashes less more
0 ../../passwd_hashes
+1
-0
lib/checks/enabled/attack_surface/postgresql_trust less more
0 ../../postgresql_trust
+1
-0
lib/checks/enabled/attack_surface/privileged_arguments less more
0 ../../privileged_arguments
+1
-0
lib/checks/enabled/attack_surface/privileged_change_privileges less more
0 ../../privileged_change_privileges
+1
-0
lib/checks/enabled/attack_surface/privileged_environment_variables less more
0 ../../privileged_environment_variables
+1
-0
lib/checks/enabled/attack_surface/privileged_path less more
0 ../../privileged_path
+1
-0
lib/checks/enabled/attack_surface/privileged_rpath less more
0 ../../privileged_rpath
+1
-0
lib/checks/enabled/attack_surface/privileged_writable less more
0 ../../privileged_writable
+1
-0
lib/checks/enabled/attack_surface/setgid less more
0 ../../setgid
+1
-0
lib/checks/enabled/attack_surface/setuid less more
0 ../../setuid
+1
-0
lib/checks/enabled/attack_surface/shadow_hashes less more
0 ../../shadow_hashes
+1
-0
lib/checks/enabled/attack_surface/ssh_key less more
0 ../../ssh_key
+1
-0
lib/checks/enabled/attack_surface/sudo less more
0 ../../sudo
+1
-0
lib/checks/enabled/attack_surface/system_configuration less more
0 ../../system_configuration
+1
-0
lib/checks/enabled/attack_surface/world_writable less more
0 ../../world_writable
+1
-0
lib/checks/enabled/sdl/privileged_banned less more
0 ../../privileged_banned
+1
-0
lib/checks/enabled/sdl/privileged_change_privileges less more
0 ../../privileged_change_privileges
+1
-0
lib/checks/enabled/sdl/privileged_chroot less more
0 ../../privileged_chroot
+1
-0
lib/checks/enabled/sdl/privileged_dependency less more
0 ../../privileged_dependency
+1
-0
lib/checks/enabled/sdl/privileged_nx less more
0 ../../privileged_nx
+1
-0
lib/checks/enabled/sdl/privileged_path less more
0 ../../privileged_path
+1
-0
lib/checks/enabled/sdl/privileged_pie less more
0 ../../privileged_pie
+1
-0
lib/checks/enabled/sdl/privileged_random less more
0 ../../privileged_random
+1
-0
lib/checks/enabled/sdl/privileged_relro less more
0 ../../privileged_relro
+1
-0
lib/checks/enabled/sdl/privileged_rpath less more
0 ../../privileged_rpath
+1
-0
lib/checks/enabled/sdl/privileged_ssp less more
0 ../../privileged_ssp
+1
-0
lib/checks/enabled/sdl/privileged_tmp less more
0 ../../privileged_tmp
+1
-0
lib/checks/enabled/sdl/privileged_writable less more
0 ../../privileged_writable
+40
-0
lib/checks/gpg_agent less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if the gpg-agent is running
22
23 . lib/misc/stdio
24 . lib/misc/process
25
26 gpg_agent_init () {
27 stdio_message_log "gpg_agent" "Starting at: `date`"
28 }
29
30 gpg_agent_main () {
31 process_list "gpg-agent" | while read processid
32 do
33 stdio_message_warn "gpg_agent" "gpg-agent is running as `process_show_userid ${processid}` (`process_show_command ${processid}`)"
34 done
35 }
36
37 gpg_agent_fini () {
38 stdio_message_log "gpg_agent" "Ending at: `date`"
39 }
+50
-0
lib/checks/group_writable less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List group-writable files
22
23 . lib/misc/file
24 . lib/misc/group
25 . lib/misc/stdio
26
27 group_writable_init () {
28 stdio_message_log "group_writable" "Starting at: `date`"
29 }
30
31 group_writable_main () {
32 file_show_non_symlink_perms "^.....w.... " | while read filename permissions userid groupid
33 do
34 case "${permissions}" in
35 ?????w????)
36 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
37 then
38 stdio_message_warn "group_writable" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-writable (${permissions})"
39 else
40 stdio_message_log "group_writable" "${filename} is owned by user ${userid} (group ${groupid}) and is group-writable (${permissions})"
41 fi
42 ;;
43 esac
44 done
45 }
46
47 group_writable_fini () {
48 stdio_message_log "group_writable" "Ending: `date`"
49 }
+62
-0
lib/checks/history_readable less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List all .*_history files
22
23 . lib/misc/file
24 . lib/misc/group
25 . lib/misc/stdio
26 . lib/misc/user
27
28 history_readable_init () {
29 stdio_message_log "history_readable" "Starting at: `date`"
30 }
31
32 history_readable_main () {
33 file_show_non_symlink_perms " *\.*_history$" | while read filename permissions userid groupid
34 do
35 case "${permissions}" in
36 ???????r??)
37 stdio_message_warn "history_readable" "${filename} is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
38 ;;
39 ????r?????)
40 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
41 then
42 stdio_message_warn "history_readable" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable (${permissions})"
43 else
44 stdio_message_log "history_readable" "${filename} is owned by user ${userid} (group ${groupid}) and is group-readable (${permissions})"
45 fi
46 ;;
47 ?r????????)
48 if [ "`user_is_user_name \"${userid}\"`" -eq 1 ]
49 then
50 stdio_message_log "history_readable" "${filename} is owned by user ${userid} (YOU) (group ${groupid}) (${permissions})"
51 else
52 stdio_message_debug "history_readable" "${filename} is owned by user ${userid} (group ${groupid}) (${permissions})"
53 fi
54 ;;
55 esac
56 done
57 }
58
59 history_readable_fini () {
60 stdio_message_log "history_readable" "Ending at: `date`"
61 }
+77
-0
lib/checks/homedirs_executable less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check for readable and executable permissions on home directories
22
23 . lib/misc/file
24 . lib/misc/group
25 . lib/misc/passwd
26 . lib/misc/permission
27 . lib/misc/stdio
28
29 homedirs_executable_init () {
30 stdio_message_log "homedirs_executable" "Starting at: `date`"
31 }
32
33 homedirs_executable_main () {
34 passwd_list | while read username
35 do
36 if [ "${username}" = "+" ]
37 then
38 continue
39 fi
40 homedir="`passwd_show_homedir "${username}"`"
41 if [ -z "${homedir}" -o "${homedir}" = "/dev/null" ]
42 then
43 stdio_message_debug "homedirs_executable" "${username} has no home directory set"
44 continue
45 fi
46 file_show_non_symlink_perms " ${homedir}$" | while read filename permissions userid groupid
47 do
48 case "${permissions}" in
49 ???????r?x)
50 stdio_message_warn "homedirs_executable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}) and is world-readable and world-executable (${permissions})"
51 ;;
52 ???????r??)
53 stdio_message_log "homedirs_executable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}) and is world-readable, you can list the files within only (${permissions})"
54 ;;
55 ????r?x???)
56 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
57 then
58 stdio_message_warn "homedirs_executable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable and group-executable (${permissions})"
59 # TODO verify the case the owner, ${username}, is not within the group owner, ${groupid}
60 fi
61 ;;
62 ????r?????)
63 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
64 then
65 stdio_message_log "homedirs_executable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable, you can list the files within only (${permissions})"
66 # TODO verify the case the owner, ${username}, is not within the group owner, ${groupid}
67 fi
68 ;;
69 esac
70 done
71 done
72 }
73
74 homedirs_executable_fini () {
75 stdio_message_log "homedirs_executable" "Ending at: `date`"
76 }
+74
-0
lib/checks/homedirs_writable less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check for writable permission on home directories
22
23 . lib/misc/file
24 . lib/misc/group
25 . lib/misc/passwd
26 . lib/misc/permission
27 . lib/misc/stdio
28
29 homedirs_writable_init () {
30 stdio_message_log "homedirs_writable" "Starting at: `date`"
31 }
32
33 homedirs_writable_main () {
34 passwd_list | while read username
35 do
36 if [ "${username}" = "+" ]
37 then
38 continue
39 fi
40 homedir="`passwd_show_homedir "${username}"`"
41 if [ -z "${homedir}" -o "${homedir}" = "/dev/null" ]
42 then
43 stdio_message_debug "homedirs_writable" "${username} has no home directory set"
44 continue
45 fi
46 file_show_non_symlink_perms " ${homedir}$" | while read filename permissions userid groupid
47 do
48 case "${permissions}" in
49 ????????w?)
50 if [ "`permission_is_world_writable_sticky_bit \"${permissions}\"`" -eq 1 ]
51 then
52 stdio_message_log "homedirs_writable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}) and is world-writable with sticky bit (${permissions})"
53 else
54 stdio_message_warn "homedirs_writable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}) and is world-writable (${permissions})"
55 fi
56 ;;
57 ?????w????)
58 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
59 then
60 stdio_message_warn "homedirs_writable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-writable (${permissions})"
61 # TODO verify the case the owner, ${username}, is not within the group owner, ${groupid}
62 else
63 stdio_message_debug "homedirs_writable" "${username} home directory ${filename} is owned by user ${userid} (group ${groupid}) and is group-writable (${permissions})"
64 fi
65 ;;
66 esac
67 done
68 done
69 }
70
71 homedirs_writable_fini () {
72 stdio_message_log "homedirs_writable" "Ending at: `date`"
73 }
+62
-0
lib/checks/jar less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List all jar files
22
23 . lib/misc/file
24 . lib/misc/group
25 . lib/misc/stdio
26 . lib/misc/user
27
28 jar_init () {
29 stdio_message_log "jar" "Starting at: `date`"
30 }
31
32 jar_main () {
33 file_show_non_symlink_perms " *\.jar$" | while read filename permissions userid groupid
34 do
35 case "${permissions}" in
36 ???????r??)
37 stdio_message_warn "jar" "${filename} is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
38 ;;
39 ????r?????)
40 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
41 then
42 stdio_message_warn "jar" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable (${permissions})"
43 else
44 stdio_message_log "jar" "${filename} is owned by user ${userid} (group ${groupid}) and is group-readable (${permissions})"
45 fi
46 ;;
47 ?r????????)
48 if [ "`user_is_user_name \"${userid}\"`" -eq 1 ]
49 then
50 stdio_message_log "jar" "${filename} is owned by user ${userid} (YOU) (group ${groupid}) (${permissions})"
51 else
52 stdio_message_debug "jar" "${filename} is owned by user ${userid} (group ${groupid}) (${permissions})"
53 fi
54 ;;
55 esac
56 done
57 }
58
59 jar_fini () {
60 stdio_message_log "jar" "Ending at: `date`"
61 }
+73
-0
lib/checks/key_material less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List potentially sensitive files
22
23 . lib/misc/file
24 . lib/misc/group
25 . lib/misc/stdio
26 . lib/misc/user
27
28 key_material_init () {
29 stdio_message_log "key_material" "Starting at: `date`"
30 }
31
32 key_material_main () {
33 # TODO we should expand this list
34 for pattern in "*\.crt" "*\.cer" "*\.pem" "*\.p12" "*\.keystore" "*\.key"
35 do
36 file_show_non_symlink_perms " ${pattern}$" | while read filename permissions userid groupid
37 do
38 # exclude Firefox certificates
39 case "${filename}" in
40 /usr/share/ca-certificates/mozilla/*)
41 continue
42 ;;
43 esac
44
45 case "${permissions}" in
46 ???????r??)
47 stdio_message_warn "key_material" "${filename} is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
48 ;;
49 ????r?????)
50 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
51 then
52 stdio_message_warn "key_material" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable (${permissions})"
53 else
54 stdio_message_log "key_material" "${filename} is owned by user ${userid} (group ${groupid}) and is group-readable (${permissions})"
55 fi
56 ;;
57 ?r????????)
58 if [ "`user_is_user_name \"${userid}\"`" -eq 1 ]
59 then
60 stdio_message_log "key_material" "${filename} is owned by user ${userid} (YOU) (group ${groupid}) (${permissions})"
61 else
62 stdio_message_debug "key_material" "${filename} is owned by user ${userid} (group ${groupid}) (${permissions})"
63 fi
64 ;;
65 esac
66 done
67 done
68 }
69
70 key_material_fini () {
71 stdio_message_log "key_material" "Ending at: `date`"
72 }
+40
-0
lib/checks/ldap_authentication less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if LDAP is used for authentication
22
23 . lib/misc/ldap
24 . lib/misc/stdio
25
26 ldap_authentication_init () {
27 stdio_message_log "ldap_authentication" "Starting at: `date`"
28 }
29
30 ldap_authentication_main () {
31 if [ "`ldap_authentication_in_use`" -eq 1 ]
32 then
33 stdio_message_log "ldap_authentication" "LDAP is used for authentication"
34 fi
35 }
36
37 ldap_authentication_fini () {
38 stdio_message_log "ldap_authentication" "Ending at: `date`"
39 }
+40
-0
lib/checks/nis_authentication less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if NIS is used for authentication
22
23 . lib/misc/nis
24 . lib/misc/stdio
25
26 nis_authentication_init () {
27 stdio_message_log "nis_authentication" "Starting at: `date`"
28 }
29
30 nis_authentication_main () {
31 if [ "`nis_authentication_in_use`" -eq 1 ]
32 then
33 stdio_message_log "nis_authentication" "NIS is used for authentication"
34 fi
35 }
36
37 nis_authentication_fini () {
38 stdio_message_log "nis_authentication" "Ending at: `date`"
39 }
+54
-0
lib/checks/passwd_hashes less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List users with no password set or password in /etc/passwd
22
23 . lib/misc/stdio
24 . lib/misc/passwd
25
26 passwd_hashes_init () {
27 stdio_message_log "passwd_hashes" "Starting at: `date`"
28 }
29
30 passwd_hashes_main () {
31 passwd_list | while read username
32 do
33 if [ "${username}" = "+" ]
34 then
35 stdio_message_warn "passwd_hashes" "/etc/passwd allows external authentication"
36 else
37 hash="`passwd_show_hash "${username}"`"
38 if [ "${hash}" != "x" -a "${hash}" != "\!" -a "${hash}" != "*" ]
39 then
40 if [ -z "${hash}" ]
41 then
42 stdio_message_warn "passwd_hashes" "${username} has no password set"
43 else
44 stdio_message_warn "passwd_hashes" "/etc/passwd contains password hash for ${username} (${hash})"
45 fi
46 fi
47 fi
48 done
49 }
50
51 passwd_hashes_fini () {
52 stdio_message_log "passwd_hashes" "Ending at: `date`"
53 }
+62
-0
lib/checks/postgresql_configuration less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check permissions of PostgreSQL configuration file pg_hba.conf
22
23 . lib/misc/file
24 . lib/misc/group
25 . lib/misc/stdio
26 . lib/misc/user
27
28 postgresql_configuration_init () {
29 stdio_message_log "postgresql_configuration" "Starting at: `date`"
30 }
31
32 postgresql_configuration_main () {
33 file_show_perms "/pg_hba.conf$" | while read filename permissions userid groupid
34 do
35 case "${permissions}" in
36 ???????r??)
37 stdio_message_warn "postgresql_configuration" "${filename} is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
38 ;;
39 ????r?????)
40 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
41 then
42 stdio_message_warn "postgresql_configuration" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable (${permissions})"
43 else
44 stdio_message_log "postgresql_configuration" "${filename} is owned by user ${userid} (group ${groupid}) and is group-readable (${permissions})"
45 fi
46 ;;
47 ?r????????)
48 if [ "`user_is_user_name \"${userid}\"`" -eq 1 ]
49 then
50 stdio_message_log "postgresql_configuration" "${filename} is owned by user ${userid} (YOU) (group ${groupid}) (${permissions})"
51 else
52 stdio_message_debug "postgresql_configuration" "${filename} is owned by user ${userid} (group ${groupid}) (${permissions})"
53 fi
54 ;;
55 esac
56 done
57 }
58
59 postgresql_configuration_fini () {
60 stdio_message_log "postgresql_configuration" "Ending at: `date`"
61 }
+56
-0
lib/checks/postgresql_connection less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Verify PostgreSQL trust relationships by connecting to localhost with
22 # common usernames and no password
23
24 . lib/misc/file
25 . lib/misc/postgresql
26 . lib/misc/stdio
27
28 postgresql_connection_init () {
29 stdio_message_log "postgresql_connection" "Starting at: `date`"
30 }
31
32 postgresql_connection_main () {
33 file_show_perms "/postgresql.conf$" | while read filename permissions userid groupid
34 do
35 if [ "`file_is_readable \"${filename}\"`" -eq 1 ]
36 then
37 egrep "^port = " "${filename}" | while read _ _ port _
38 do
39 dbusers="psql pgsql postgres postgresql root admin"
40 printf -- "${dbusers}" | tr " " "\n" | while read dbuser
41 do
42 if [ "`postgresql_check_no_password \"${port}\" \"${dbuser}\"`" -eq 1 ]
43 then
44 stdio_message_warn "postgresql_connection" "User ${dbuser} can connect to PostgreSQL instance on port ${port}/tcp with no password"
45 break
46 fi
47 done
48 done
49 fi
50 done
51 }
52
53 postgresql_connection_fini () {
54 stdio_message_log "postgresql_connection" "Ending at: `date`"
55 }
+61
-0
lib/checks/postgresql_trust less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check PostgreSQL trust relationships
22
23 . lib/misc/file
24 . lib/misc/stdio
25
26 postgresql_trust_init () {
27 stdio_message_log "postgresql_trust" "Starting at: `date`"
28 }
29
30 postgresql_trust_main () {
31 file_show_perms "/pg_hba.conf$" | while read filename permissions userid groupid
32 do
33 if [ "`file_is_readable \"${filename}\"`" -eq 1 ]
34 then
35 egrep -v "^#" "${filename}" | egrep -v "^[ \t]*$" | while read authtype database user address method
36 do
37 if [ "${method}" = "trust" ]
38 then
39 if [ "${user}" = "all" ]
40 then
41 usermsg="all users"
42 else
43 usermsg="user ${user}"
44 fi
45 if [ "${database}" = "all" ]
46 then
47 dbmsg="all databases"
48 else
49 dbmsg="database ${database}"
50 fi
51 stdio_message_warn "postgresql_trust" "PostgreSQL trust is configured in ${filename} for ${usermsg} to ${dbmsg} from address ${address}"
52 fi
53 done
54 fi
55 done
56 }
57
58 postgresql_trust_fini () {
59 stdio_message_log "postgresql_trust" "Ending at: `date`"
60 }
+49
-0
lib/checks/privileged_arguments less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if textual privileged files (like bash scripts) accept user-provided
22 # arguments
23
24 . lib/misc/stdio
25 . lib/misc/privileged
26 . lib/misc/binary
27
28 privileged_arguments_init () {
29 stdio_message_log "privileged_arguments" "Starting at: `date`"
30 }
31
32 privileged_arguments_main () {
33 privileged_list | while read filetype filename usergroupid
34 do
35 # skip non textual files
36 if [ "`file_is_textual \"${filename}\"`" -ne 1 ]
37 then
38 continue
39 elif [ "`binary_matches_string_grep \"${filename}\" \"\$[\{]*[[:digit:]][\}]*\"`" -eq 1 ]
40 then
41 stdio_message_warn "privileged_arguments" "${filetype} ${filename} (${usergroupid}) accepts arguments, verify that it does not use them unsafely"
42 fi
43 done
44 }
45
46 privileged_arguments_fini () {
47 stdio_message_log "privileged_arguments" "Ending at: `date`"
48 }
+46
-0
lib/checks/privileged_banned less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if privileged files call banned (and potentially dangerous) functions
22 # Based on Microsoft's banned API list as parsed by ../../tools/generate_banned.sh
23
24 . lib/misc/stdio
25 . lib/misc/privileged
26 . lib/misc/binary
27
28 privileged_banned_init () {
29 stdio_message_log "privileged_banned" "Starting at: `date`"
30 }
31
32 privileged_banned_main () {
33 privileged_list | while read filetype filename usergroupid
34 do
35 banned_apis="`binary_banned_api "${filename}" "alloca|gets|memcpy|scanf|sprintf|sscanf|strcat|StrCat|strcpy|StrCpy|strlen|StrLen|strncat|StrNCat|strncpy|StrNCpy|strtok|swprintf|vsnprintf|vsprintf|vswprintf|wcscat|wcscpy|wcslen|wcsncat|wcsncpy|wcstok|wmemcpy"`"
36 if [ -n "${banned_apis}" ]
37 then
38 stdio_message_warn "privileged_banned" "${filetype} ${filename} (${usergroupid}) and uses banned APIs ($banned_apis)"
39 fi
40 done
41 }
42
43 privileged_banned_fini () {
44 stdio_message_log "privileged_banned" "Ending at: `date`"
45 }
+47
-0
lib/checks/privileged_change_privileges less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if privileged files drop their privileges
22 # Based on ideas found at http://people.redhat.com/sgrubb/security/
23
24 . lib/misc/stdio
25 . lib/misc/privileged
26 . lib/misc/binary
27
28 privileged_change_privileges_init () {
29 stdio_message_log "privileged_change_privileges" "Starting at: `date`"
30 }
31
32 privileged_change_privileges_main () {
33 privileged_list | while read filetype filename usergroupid
34 do
35 # TODO this needs cleaning up
36 match="`binary_matches_function "${filename}" "setuid|setgid|seteuid|setegid|setresuid|setresgid|setreuid|setregid|initgroups|setgroups|setcap|setfsuid|setfsgid"`"
37 if [ $match -ne 1 ]
38 then
39 stdio_message_warn "privileged_change_privileges" "${filetype} ${filename} (${usergroupid}) and does not attempt to change privileges"
40 fi
41 done
42 }
43
44 privileged_change_privileges_fini () {
45 stdio_message_log "privileged_change_privileges" "Ending at: `date`"
46 }
+49
-0
lib/checks/privileged_chroot less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if privileged files calling chroot() function call also chdir() function
22 # Based on ideas found at http://people.redhat.com/sgrubb/security/
23
24 . lib/misc/stdio
25 . lib/misc/privileged
26 . lib/misc/binary
27
28 privileged_chroot_init () {
29 stdio_message_log "privileged_chroot" "Starting at: `date`"
30 }
31
32 privileged_chroot_main () {
33 privileged_list | while read filetype filename usergroupid
34 do
35 match="`binary_matches_function "${filename}" "chroot"`"
36 if [ $match -eq 1 ]
37 then
38 if [ "`binary_matches_function "${filename}" "chdir"`" -ne 1 ]
39 then
40 stdio_message_warn "privileged_chroot" "${filetype} ${filename} (${usergroupid}) and may use chroot() unsafely - no chdir() call"
41 fi
42 fi
43 done
44 }
45
46 privileged_chroot_fini () {
47 stdio_message_log "privileged_chroot" "Ending at: `date`"
48 }
+161
-0
lib/checks/privileged_dependency less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check for write permissions over privileged files and processes'
22 # linked libraries
23
24 . lib/misc/file
25 . lib/misc/group
26 . lib/misc/linker
27 . lib/misc/permission
28 . lib/misc/privileged
29 . lib/misc/stdio
30 . lib/misc/user
31
32 privileged_dependency_init () {
33 stdio_message_log "privileged_dependency" "Starting: `date`"
34 }
35
36 privileged_dependency_traverse () {
37 pattern="${1}"
38 privfilename="${2}"
39 filetype="${3}"
40 library="${4}"
41 pathtype="${5}"
42 file_parent_traverse "${pattern}" | while read filename
43 do
44 # /etc/ld.so.conf.d/ files can contain files which we are not interested here, only directories
45 if [ ! -d "${filename}" ]
46 then
47 continue
48 fi
49 file_show_non_symlink_perms " ${filename}$" | while read filepath permissions userid groupid
50 do
51 #stdio_message_debug "privileged_dependency" "Checking permissions of ${pathtype} ${filepath} ($permissions) for privileged file ${filetype} is ${privfilename} and library is ${library}"
52 case "${permissions}" in
53 ????????w?)
54 if [ "`permission_is_world_writable_sticky_bit \"${permissions}\"`" -eq 1 ]
55 then
56 stdio_message_log "privileged_dependency" "${filetype} ${privfilename} depends on ${library} - ${pathtype} ${filepath} is owned by user ${userid} (group ${groupid}) and is world-writable with sticky bit (${permissions})"
57 else
58 stdio_message_warn "privileged_dependency" "${filetype} ${privfilename} depends on ${library} - ${pathtype} ${filepath} is owned by user ${userid} (group ${groupid}) and is world-writable (${permissions})"
59 fi
60 ;;
61 ?????w????)
62 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
63 then
64 stdio_message_warn "privileged_dependency" "${filetype} ${privfilename} depends on ${library} - ${pathtype} ${filepath} is owned by user ${userid} (group ${groupid}: YOU) and is group-writable (${permissions})"
65 else
66 stdio_message_log "privileged_dependency" "${filetype} ${privfilename} depends on ${library} - ${pathtype} ${filepath} is owned by user ${userid} (group ${groupid}) and is group-writable (${permissions})"
67 fi
68 ;;
69 ??w???????)
70 if [ "`user_is_root \"${userid}\"`" -ne 1 -a "`user_show_user_name`" = "${userid}" ]
71 then
72 stdio_message_debug "privileged_dependency" "${filetype} ${privfilename} depends on ${library} - ${pathtype} ${filepath} is owned by user ${userid} (YOU) (group ${groupid}), non-root user (${permissions})"
73 elif [ "`user_is_root \"${userid}\"`" -ne 1 ]
74 then
75 stdio_message_log "privileged_dependency" "${filetype} ${privfilename} depends on ${library} - ${pathtype} ${filepath} is owned by user ${userid} (group ${groupid}), non-root user (${permissions})"
76 fi
77 ;;
78 esac
79 done
80 done
81 }
82
83 privileged_dependency_permissions () {
84 library="${1}"
85 privfilename="${2}"
86 filetype="${3}"
87 file_show_non_symlink_perms " ${library}$" | while read filename permissions userid groupid
88 do
89 #stdio_message_debug "privileged_dependency" "Checking permissions for privileged file ${filetype} ${privfilename}'s library ${filename} ($permissions)"
90 case "${permissions}" in
91 ????????w?)
92 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
93 then
94 stdio_message_log "privileged_dependency" "${filetype} ${privfilename} depends on ${filename}, this is owned by user ${userid} (group ${groupid}) and is world-writable with sticky bit (${permissions})"
95 else
96 stdio_message_warn "privileged_dependency" "${filetype} ${privfilename} depends on ${filename}, this is owned by user ${userid} (group ${groupid}) and is world-writable (${permissions})"
97 fi
98 ;;
99 ?????w????)
100 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
101 then
102 stdio_message_warn "privileged_dependency" "${filetype} ${privfilename} depends on ${filename}, this is owned by user ${userid} (group ${groupid}: YOU) and is group-writable (${permissions})"
103 else
104 stdio_message_log "privileged_dependency" "${filetype} ${privfilename} depends on ${filename}, this is owned by user ${userid} (group ${groupid}) and is group-writable (${permissions})"
105 fi
106 ;;
107 ??w???????)
108 if [ "`user_is_root \"${userid}\"`" -ne 1 ]
109 then
110 stdio_message_log "privileged_dependency" "${filetype} ${privfilename} depends on ${filename}, this is owned by user ${userid} (group ${groupid}), non-root user (${permissions})"
111 fi
112 ;;
113 esac
114 done
115 }
116
117 privileged_dependency_main () {
118 privileged_list | while read filetype filename usergroupid
119 do
120 #stdio_message_debug "privileged_dependency" "Processing privileged file ${filetype} ${filename}"
121 linker_list_dependencies "${filename}" | while read library
122 do
123 #stdio_message_debug "privileged_dependency" "Processing privileged file ${filetype} ${filename}'s library ${library}"
124 # when the library needed by the program does not exist, ldd returns "not found" - i.e. " libname.so.2 => not found", however the following if condition is cautious and checks both if the file exist and if the ldd output returned "not found" (hence the linker library returned the library relative path (relativelibrary))
125 if [ ! -e "${library}" -o -n "`printf -- \"${library}\" | grep -v \"^/\"`" ]
126 then
127 case "${library}" in
128 # if the library is a absolute file path, we check for write permissions on its parent directories
129 /*)
130 #stdio_message_debug "privileged_dependency" "Library ${library} does not exist, traversing parent paths"
131 privileged_dependency_traverse "${library}" "${filename}" "${filetype}" "${library}" "parent path"
132 ;;
133 # if the library is a relative file path, we check for write permissions on all system libraries file paths
134 *)
135 #stdio_message_debug "privileged_dependency" "Library ${library} does not exist, traversing system library paths"
136 linker_list_system_filenames | while read filepath
137 do
138 privileged_dependency_traverse "${filepath}" "${filename}" "${filetype}" "${library}" "system library path"
139 done
140 ;;
141 esac
142 continue
143 elif [ -h "${library}" ]
144 then
145 linkedlibrary="`file_show_symlinked_filename "${library}"`"
146 if [ -n "${linkedlibrary}" ]
147 then
148 #stdio_message_debug "privileged_dependency" "Privileged file ${filetype} ${filename} depends on library ${library}, a symlink to ${linkedlibrary}"
149 privileged_dependency_permissions "${linkedlibrary}" "${filename}" "${filetype}"
150 fi
151 else
152 privileged_dependency_permissions "${library}" "${filename}" "${filetype}"
153 fi
154 done
155 done
156 }
157
158 privileged_dependency_fini () {
159 stdio_message_log "privileged_dependency" "Ending: `date`"
160 }
+49
-0
lib/checks/privileged_environment_variables less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if textual privileged files (like bash scripts) use environment
22 # variables
23
24 . lib/misc/stdio
25 . lib/misc/privileged
26 . lib/misc/binary
27
28 privileged_environment_variables_init () {
29 stdio_message_log "privileged_environment_variables" "Starting at: `date`"
30 }
31
32 privileged_environment_variables_main () {
33 privileged_list | while read filetype filename usergroupid
34 do
35 # skip non textual files
36 if [ "`file_is_textual \"${filename}\"`" -ne 1 ]
37 then
38 continue
39 elif [ "`binary_matches_string_grep \"${filename}\" \"\$[{,},a-z,A-Z,_,-]*\"`" -eq 1 ]
40 then
41 stdio_message_warn "privileged_environment_variables" "${filetype} ${filename} (${usergroupid}) uses environment variables, verify that it does not use them unsafely"
42 fi
43 done
44 }
45
46 privileged_environment_variables_fini () {
47 stdio_message_log "privileged_environment_variables" "Ending at: `date`"
48 }
+44
-0
lib/checks/privileged_nx less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check for NX (NoExecute) support
22
23 . lib/misc/stdio
24 . lib/misc/privileged
25 . lib/misc/binary
26
27 privileged_nx_init () {
28 stdio_message_log "privileged_nx" "Starting at: `date`"
29 }
30
31 privileged_nx_main () {
32 privileged_list | while read filetype filename usergroupid
33 do
34 if [ "`binary_nx \"${filename}\"`" -ne 1 ]
35 then
36 stdio_message_warn "privileged_nx" "${filetype} ${filename} (${usergroupid}) is not compiled with NX (NoExecute)"
37 fi
38 done
39 }
40
41 privileged_nx_fini () {
42 stdio_message_log "privileged_nx" "Ending at: `date`"
43 }
+45
-0
lib/checks/privileged_path less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if privileged files set PATH variable
22 # Based on ideas found at http://people.redhat.com/sgrubb/security/
23
24 . lib/misc/stdio
25 . lib/misc/privileged
26 . lib/misc/binary
27
28 privileged_path_init () {
29 stdio_message_log "privileged_path" "Starting at: `date`"
30 }
31
32 privileged_path_main () {
33 privileged_list | while read filetype filename usergroupid
34 do
35 if [ "`binary_matches_string \"${filename}\" \"PATH=\"`" -eq 1 ]
36 then
37 stdio_message_warn "privileged_path" "${filetype} ${filename} (${usergroupid}) sets PATH environment variable, verify that it does not set it unsafely"
38 fi
39 done
40 }
41
42 privileged_path_fini () {
43 stdio_message_log "privileged_path" "Ending at: `date`"
44 }
+45
-0
lib/checks/privileged_pie less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check for PIE (ASLR-compliant executable) support
22 # Based on ideas found at http://people.redhat.com/sgrubb/security/
23
24 . lib/misc/stdio
25 . lib/misc/privileged
26 . lib/misc/binary
27
28 privileged_pie_init () {
29 stdio_message_log "privileged_pie" "Starting at: `date`"
30 }
31
32 privileged_pie_main () {
33 privileged_list | while read filetype filename usergroupid
34 do
35 if [ "`binary_pie "${filename}"`" -ne 1 ]
36 then
37 stdio_message_warn "privileged_pie" "${filetype} ${filename} (${usergroupid}) and is not compiled with PIE (Position Independent Executable)"
38 fi
39 done
40 }
41
42 privileged_pie_fini () {
43 stdio_message_log "privileged_pie" "Ending at: `date`"
44 }
+44
-0
lib/checks/privileged_random less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if privileged files call random functions
22
23 . lib/misc/stdio
24 . lib/misc/privileged
25 . lib/misc/binary
26
27 privileged_random_init () {
28 stdio_message_log "privileged_random" "Starting at: `date`"
29 }
30
31 privileged_random_main () {
32 privileged_list | while read filetype filename usergroupid
33 do
34 if [ "`binary_matches_function "${filename}" "random|srand"`" -eq 1 ]
35 then
36 stdio_message_warn "privileged_random" "${filetype} ${filename} (${usergroupid}) and uses random()/srand()"
37 fi
38 done
39 }
40
41 privileged_random_fini () {
42 stdio_message_log "privileged_random" "Ending at: `date`"
43 }
+47
-0
lib/checks/privileged_relro less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check for RELRO support
22
23 . lib/misc/stdio
24 . lib/misc/privileged
25 . lib/misc/binary
26
27 privileged_relro_init () {
28 stdio_message_log "privileged_relro" "Starting at: `date`"
29 }
30
31 privileged_relro_main () {
32 privileged_list | while read filetype filename usergroupid
33 do
34 if [ "`binary_relro "${filename}"`" -ne 1 ]
35 then
36 stdio_message_warn "privileged_relro" "${filetype} ${filename} (${usergroupid}) and is not compiled with RELRO"
37 elif [ "`binary_relro_full "${filename}"`" -ne 1 ]
38 then
39 stdio_message_log "privileged_relro" "${filetype} ${filename} (${usergroupid}) and is compiled with partial RELRO"
40 fi
41 done
42 }
43
44 privileged_relro_fini () {
45 stdio_message_log "privileged_relro" "Ending at: `date`"
46 }
+124
-0
lib/checks/privileged_rpath less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List group-writable and world-writable privileged files (their parent
22 # directories too) and processes that trust other filepaths (with RPATH
23 # variable)
24
25 . lib/misc/binary
26 . lib/misc/file
27 . lib/misc/group
28 . lib/misc/permission
29 . lib/misc/privileged
30 . lib/misc/stdio
31 . lib/misc/user
32
33 privileged_rpath_init () {
34 stdio_message_log "privileged_rpath" "Starting at: `date`"
35 }
36
37 privileged_rpath_permissions () {
38 filename="${1}"
39 permissions="${2}"
40 userid="${3}"
41 groupid="${4}"
42 privfilename="${5}"
43 filetype="${6}"
44 case "${permissions}" in
45 ????????w?)
46 if [ "`permission_is_world_writable_sticky_bit \"${permissions}\"`" -eq 1 ]
47 then
48 stdio_message_log "privileged_rpath" "${filetype} ${privfilename} trusts ${filename}, this is owned by user ${userid} (group ${groupid}) and is world-writable with sticky bit (${permissions})"
49 else
50 stdio_message_warn "privileged_rpath" "${filetype} ${privfilename} trusts ${filename}, this is owned by user ${userid} (group ${groupid}) and is world-writable (${permissions})"
51 fi
52 ;;
53 ?????w????)
54 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
55 then
56 stdio_message_warn "privileged_rpath" "${filetype} ${privfilename} trusts ${filename}, this is owned by user ${userid} (group ${groupid}: YOU) and is group-writable (${permissions})"
57 else
58 stdio_message_log "privileged_rpath" "${filetype} ${privfilename} trusts ${filename}, this is owned by user ${userid} (group ${groupid}) and is group-writable (${permissions})"
59 fi
60 ;;
61 ??w???????)
62 if [ "`user_is_root \"${userid}\"`" -ne 1 -a "`user_show_user_name`" = "${userid}" ]
63 then
64 stdio_message_debug "privileged_rpath" "${filetype} ${privfilename} trusts ${filename}, this is owned by user ${userid} (YOU) (group ${groupid}), non-root user (${permissions})"
65 elif [ "`user_is_root \"${userid}\"`" -ne 1 ]
66 then
67 stdio_message_log "privileged_rpath" "${filetype} ${privfilename} trusts ${filename}, this is owned by user ${userid} (group ${groupid}), non-root user (${permissions})"
68 fi
69 ;;
70 esac
71 }
72
73 privileged_rpath_wrapper () {
74 origfilepath="${1}"
75 privfilename="${2}"
76 filetype="${3}"
77 file_parent_traverse "${origfilepath}" | while read filepath
78 do
79 file_show_non_symlink_perms " ${filepath}$" | while read filename permissions userid groupid
80 do
81 privileged_rpath_permissions "${filename}" "${permissions}" "${userid}" "${groupid}" "${privfilename}" "${filetype}"
82 done
83 done
84 }
85
86 privileged_rpath_main () {
87 privileged_list | while read filetype filename usergroupid
88 do
89 binary_list_rpath "${filename}" | while read filepath
90 do
91 if [ -z "${filepath}" ]
92 then
93 continue
94 # relative paths always end up at . with dirname
95 elif [ "${filepath}" = "." -o "`printf -- \"${filepath}\" | egrep -- \"ORIGIN\"`" ]
96 then
97 stdio_message_warn "privileged_rpath" "${filetype} ${filename} trusts ${filepath} and this is relative"
98 continue
99 elif [ ! -e "${filepath}" ]
100 then
101 stdio_message_warn "privileged_rpath" "${filetype} ${filename} trusts ${filepath}, but this does not exist"
102 continue
103 fi
104
105 if [ -h "${filepath}" ]
106 then
107 linkedfilename="`file_show_symlinked_filename "${filepath}"`"
108
109 if [ -n "${linkedfilename}" ]
110 then
111 #stdio_message_debug "privileged_rpath" "${filetype} ${filename} trusts ${filepath}, a symlink to ${linkedfilename}"
112 privileged_rpath_wrapper "${linkedfilename}" "${filename}" "${filetype}"
113 fi
114 else
115 privileged_rpath_wrapper "${filepath}" "${filename}" "${filetype}"
116 fi
117 done
118 done
119 }
120
121 privileged_rpath_fini () {
122 stdio_message_log "privileged_rpath" "Ending at: `date`"
123 }
+44
-0
lib/checks/privileged_ssp less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check for stack canary (SSP) support
22
23 . lib/misc/stdio
24 . lib/misc/privileged
25 . lib/misc/binary
26
27 privileged_ssp_init () {
28 stdio_message_log "privileged_ssp" "Starting at: `date`"
29 }
30
31 privileged_ssp_main () {
32 privileged_list | while read filetype filename usergroupid
33 do
34 if [ "`binary_matches_function "${filename}" "__stack_chk_fail"`" -ne 1 ]
35 then
36 stdio_message_warn "privileged_ssp" "${filetype} ${filename} (${usergroupid}) and is not compiled with SSP (Stack Smashing Protector)"
37 fi
38 done
39 }
40
41 privileged_ssp_fini () {
42 stdio_message_log "privileged_ssp" "Ending at: `date`"
43 }
+55
-0
lib/checks/privileged_tmp less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if privileged files call temporary files handling functions
22 # Based on ideas found at http://people.redhat.com/sgrubb/security/
23
24 . lib/misc/stdio
25 . lib/misc/privileged
26 . lib/misc/binary
27
28 privileged_tmp_init () {
29 stdio_message_log "privileged_tmp" "Starting at: `date`"
30 }
31
32 privileged_tmp_main () {
33 privileged_list | while read filetype filename usergroupid
34 do
35 if [ "`binary_matches_string \"${filename}\" \"/tmp\"`" -eq 1 ]
36 then
37 if [ "`file_is_textual \"${filename}\"`" -eq 1 -a "`binary_matches_string \"${filename}\" \">\"`" -eq 1 ]
38 then
39 stdio_message_warn "privileged_tmp" "${filetype} ${filename} script (${usergroupid}) may create predictable files in /tmp unsafely"
40 elif [ "`binary_matches_function \"${filename}\" \"mkstemp|tempnam|tmpfile\"`" -eq 1 ]
41 then
42 # XXX is part of template filename that is replaced by mkstemp, etc. - without an XXX, we assume the filename is likely to be predictable
43 if [ "`binary_matches_string \"${filename}\" \"XXX\"`" -ne 1 ]
44 then
45 stdio_message_warn "privileged_tmp" "${filetype} ${filename} (${usergroupid}) may create predictable files in /tmp unsafely"
46 fi
47 fi
48 fi
49 done
50 }
51
52 privileged_tmp_fini () {
53 stdio_message_log "privileged_tmp" "Ending at: `date`"
54 }
+99
-0
lib/checks/privileged_writable less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List group-writable and world-writable privileged files (their parent
22 # directories too) and processes
23
24 . lib/misc/file
25 . lib/misc/group
26 . lib/misc/permission
27 . lib/misc/privileged
28 . lib/misc/stdio
29 . lib/misc/user
30
31 privileged_writable_init () {
32 stdio_message_log "privileged_writable" "Starting: `date`"
33 }
34
35 privileged_writable_permissions () {
36 filename="${1}"
37 permissions="${2}"
38 userid="${3}"
39 groupid="${4}"
40 privfilename="${5}"
41 filetype="${6}"
42
43 # TODO: Replace with trusted users
44 if [ "`user_is_root \"${userid}\"`" -ne 1 ]
45 then
46 if [ "`user_show_user_name`" = "${userid}" ]
47 then
48 stdio_message_warn "privileged_writable" "(${filetype} ${privfilename}) ${filename} is owned by user ${userid} (YOU) (group ${groupid}), non-root user (${permissions})"
49 else
50 stdio_message_warn "privileged_writable" "(${filetype} ${privfilename}) ${filename} is owned by user ${userid} (group ${groupid}), non-root user (${permissions})"
51 fi
52 fi
53
54 case "${permissions}" in
55 ????????w?)
56 if [ "`permission_is_world_writable_sticky_bit \"${permissions}\"`" -eq 1 ]
57 then
58 stdio_message_log "privileged_writable" "(${filetype} ${privfilename}) ${filename} is owned by user ${userid} (group ${groupid}) and is world-writable with sticky bit (${permissions})"
59 else
60 stdio_message_warn "privileged_writable" "(${filetype} ${privfilename}) ${filename} is owned by user ${userid} (group ${groupid}) and is world-writable (${permissions})"
61 fi
62 ;;
63 ?????w????)
64 # TODO: Replace with trusted groups
65 if [ "`group_is_root \"${groupid}\"`" -ne 1 ]
66 then
67 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
68 then
69 stdio_message_warn "privileged_writable" "(${filetype} ${privfilename}) ${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-writable (${permissions})"
70 else
71 stdio_message_warn "privileged_writable" "(${filetype} ${privfilename}) ${filename} is owned by user ${userid} (group ${groupid}) and is group-writable (${permissions})"
72 fi
73 fi
74 ;;
75 esac
76 }
77
78 privileged_writable_main () {
79 privileged_list | while read filetype filename usergroupid
80 do
81 # the privileged file might not exist for example when inetd calls it, but the executable has been uninstalled/removed (and inetd configuration not aligned)
82 if [ ! -e "${filename}" ]
83 then
84 stdio_message_debug "privileged_writable" "${filetype} ${filename} does not exist"
85 fi
86 file_parent_traverse "${filename}" | while read filepath
87 do
88 file_show_non_symlink_perms " ${filepath}$" | while read filepath permissions userid groupid
89 do
90 privileged_writable_permissions "${filepath}" "${permissions}" "${userid}" "${groupid}" "${filename}" "${filetype}"
91 done
92 done
93 done
94 }
95
96 privileged_writable_fini () {
97 stdio_message_log "privileged_writable" "Ending at: `date`"
98 }
+43
-0
lib/checks/setgid less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List setgid files
22
23 . lib/misc/stdio
24 . lib/misc/file
25
26 setgid_init () {
27 stdio_message_log "setgid" "Starting: `date`"
28 }
29
30 setgid_main () {
31 file_list_by_perm "^-.....s... |^-.....S... " | while read filename
32 do
33 file_show_non_symlink_perms " ${filename}$" | while read filename permissions userid groupid
34 do
35 stdio_message_warn "setgid" "${filename} is setgid (${userid}, ${groupid}): ${permissions}"
36 done
37 done
38 }
39
40 setgid_fini () {
41 stdio_message_log "setgid" "Ending: `date`"
42 }
+43
-0
lib/checks/setuid less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List setuid files
22
23 . lib/misc/stdio
24 . lib/misc/file
25
26 setuid_init () {
27 stdio_message_log "setuid" "Starting at: `date`"
28 }
29
30 setuid_main () {
31 file_list_by_perm "^-..s...... |^-..S...... " | while read filename
32 do
33 file_show_non_symlink_perms " ${filename}$" | while read filename permissions userid groupid
34 do
35 stdio_message_warn "setuid" "${filename} is setuid (${userid}, ${groupid}): ${permissions}"
36 done
37 done
38 }
39
40 setuid_fini () {
41 stdio_message_log "setuid" "Ending at: `date`"
42 }
+49
-0
lib/checks/shadow_hashes less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List users with no password set
22
23 . lib/misc/shadow
24 . lib/misc/stdio
25
26 shadow_hashes_init () {
27 stdio_message_log "shadow_hashes" "Starting at: `date`"
28 }
29
30 shadow_hashes_main () {
31 if [ "`shadow_file_check`" -eq 1 ]
32 then
33 stdio_message_warn "shadow_hashes" "password hashes file is readable"
34 shadow_list | while read username
35 do
36 hash="`shadow_show_hash "${username}"`"
37 if [ -z "${hash}" ]
38 then
39 stdio_message_warn "shadow_hashes" "${username} has no password set"
40 fi
41 # TODO add check for hashing function used (1, 2c, etc.)
42 done
43 fi
44 }
45
46 shadow_hashes_fini () {
47 stdio_message_log "shadow_hashes" "Ending at: `date`"
48 }
+54
-0
lib/checks/ssh_agent less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if the ssh-agent is running and list SSH unencrypted keys
22
23 . lib/misc/stdio
24 . lib/misc/process
25 . lib/misc/ssh_agent
26 . lib/misc/file
27 . lib/misc/ssh_key
28
29 ssh_agent_init () {
30 stdio_message_log "ssh_agent" "Starting at: `date`"
31 }
32
33 ssh_agent_main () {
34 process_list "ssh-agent" | while read processid
35 do
36 stdio_message_log "ssh_agent" "ssh-agent is running as `process_show_userid ${processid}` (`process_show_command ${processid}`)"
37 ssh_agent_list `process_show_parentid ${processid}` ${processid} | while read filename
38 do
39 stdio_message_debug "ssh_agent" "ssh-agent uses key from ${filename}"
40 ssh_key_permissions "${filename}"
41 if [ "`file_matches_string "${filename}" "ENCRYPTED"`" -ne 1 ]
42 then
43 stdio_message_warn "ssh_key" "${filename} is unencrypted"
44 else
45 stdio_message_log "ssh_key" "${filename} is encrypted"
46 fi
47 done
48 done
49 }
50
51 ssh_agent_fini () {
52 stdio_message_log "ssh_agent" "Ending at: `date`"
53 }
+76
-0
lib/checks/ssh_key less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List unencrypted SSH client private keys
22
23 . lib/misc/file
24 . lib/misc/group
25 . lib/misc/stdio
26
27 ssh_key_init () {
28 stdio_message_log "ssh_key" "Starting at: `date`"
29 }
30
31 ssh_key_permissions () {
32 filename="${1}"
33 file_show_non_symlink_perms " ${filename}$" | while read filename permissions userid groupid
34 do
35 case "${permissions}" in
36 ???????r??)
37 stdio_message_warn "ssh_key" "key ${filename} is owned by user ${userid} (group ${groupid}) and is world-readable (${permissions})"
38 ;;
39 ????r?????)
40 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
41 then
42 stdio_message_warn "ssh_key" "key ${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-readable (${permissions})"
43 else
44 stdio_message_log "ssh_key" "key ${filename} is owned by user ${userid} (group ${groupid}) and is group-readable (${permissions})"
45 fi
46 ;;
47 esac
48 done
49
50 }
51
52 ssh_key_main () {
53 # TODO we should expand this list
54 # * parse the local SSH server configuration file /etc/ssh/ssh_config
55 # and add to the pattern the value of IdentityFile option
56 # * list files in home directories' .ssh/ and add to pattern list the
57 # ones with and without .pub extension
58 for pattern in "*id_dsa*" "*id_rsa*"
59 do
60 file_list_by_filename "${pattern}" | while read filename
61 do
62 ssh_key_permissions "${filename}"
63 if [ "`file_matches_string "${filename}" "ENCRYPTED"`" -ne 1 ]
64 then
65 stdio_message_warn "ssh_key" "${filename} is unencrypted"
66 else
67 stdio_message_log "ssh_key" "${filename} is encrypted"
68 fi
69 done
70 done
71 }
72
73 ssh_key_fini () {
74 stdio_message_log "ssh_key" "Ending at: `date`"
75 }
+71
-0
lib/checks/sudo less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 #
22
23 . lib/misc/stdio
24 . lib/misc/sudo
25
26 sudo_init () {
27 stdio_message_log "sudo" "Starting at: `date`"
28 }
29
30 sudo_main () {
31 if [ "`sudo_sudoers_check`" -eq 1 ]
32 then
33 if [ -n "`sudo_sudoers_list`" ]
34 then
35 stdio_message_warn "sudo" "/etc/sudoers is readable and configured"
36
37 # TODO: if privilegeduser is a group (e.g. %admin), notify the user accordingly
38 sudo_sudoers_list | while read privilegeduser passwd filepath
39 do
40 asuser="`printf -- \"${passwd}\" | cut -f2 -d\"=\" | tr -d \"(\" | tr -d \")\"`"
41 # for cases where the asuser is ALL:ALL (e.g. in Ubuntu there is always the following sudoers entry):
42 # root ALL=(ALL:ALL) ALL
43 if [ "${asuser}" = "ALL:ALL" ]
44 then
45 asuser="any user"
46 else
47 asuser="user ${asuser}"
48 fi
49 # for cases where the user can run any command. For example:
50 # foobar ALL=NOPASSWD: ALL
51 if [ "${filepath}" = "ALL" ]
52 then
53 filepath="any command"
54 fi
55 if [ -n "`printf -- \"${passwd}\" | egrep -- \"NOPASSWD\"`" ]
56 then
57 stdio_message_warn "sudo" "${privilegeduser} can run ${filepath} without providing a password"
58 else
59 stdio_message_log "sudo" "${privilegeduser} can run ${filepath} as ${asuser}"
60 fi
61 done
62 else
63 stdio_message_log "sudo" "/etc/sudoers is readable, but not configured"
64 fi
65 fi
66 }
67
68 sudo_fini () {
69 stdio_message_log "sudo" "Ending at: `date`"
70 }
+50
-0
lib/checks/system_aslr less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if the system supports ASLR (Address Space Layout Randomization)
22
23 . lib/misc/kernel
24 . lib/misc/stdio
25
26 system_aslr_init () {
27 stdio_message_log "system_aslr" "Starting at: `date`"
28 }
29
30 system_aslr_main () {
31 if [ "`kernel_aslr`" -eq 0 ]
32 then
33 if [ "`kernel_aslr_pax`" -eq 0 ]
34 then
35 stdio_message_warn "system_aslr" "ASLR is not supported system-wide"
36 else
37 stdio_message_debug "system_aslr" "PAX ASLR is supported system-wide"
38 fi
39 elif [ "`kernel_aslr`" -eq 1 ]
40 then
41 stdio_message_log "system_aslr" "Conservative ASLR is supported system-wide (heap addresses are not randomized)"
42 else
43 stdio_message_debug "system_aslr" "ASLR is supported system-wide"
44 fi
45 }
46
47 system_aslr_fini () {
48 stdio_message_log "system_aslr" "Ending at: `date`"
49 }
+100
-0
lib/checks/system_configuration less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check for writable permissions on system configuration files and directories
22
23 . lib/misc/file
24 . lib/misc/group
25 . lib/misc/permission
26 . lib/misc/stdio
27 . lib/misc/user
28
29 system_configuration_init () {
30 stdio_message_log "system_configuration" "Starting at: `date`"
31 }
32
33 system_configuration_main () {
34 sensitive_config_files="/etc/passwd
35 /etc/shadow
36 /etc/master.passwd
37 /etc/security/passwd
38 /etc/group
39 /etc/cron
40 /etc/fstab
41 /etc/init
42 /etc/rc
43 /etc/inetd
44 /etc/xinetd
45 /etc/bash.bashrc
46 /etc/profile
47 /etc/sudoers
48 /etc/hosts.equiv
49 /etc/shosts.equiv"
50 file_show_non_symlink_perms " /etc" | while read filename permissions userid groupid
51 do
52 sensitive="0"
53 printf -- "${sensitive_config_files}\n" | while read sensitive_config_file
54 do
55 sensitive_config_file="`printf -- \"${sensitive_config_file}\" | tr -d \"\t\"`"
56 if [ -n "`printf -- \"${filename}\" | egrep -- \"^${sensitive_config_file}\"`" ]
57 then
58 sensitive="1"
59 fi
60 done
61 if [ "${sensitive}" -eq 1 ]
62 then
63 message="- sensitive file"
64 else
65 message=""
66 fi
67 case "${permissions}" in
68 ????????w?)
69 if [ "`permission_is_world_writable_sticky_bit \"${permissions}\"`" -eq 1 ]
70 then
71 stdio_message_log "system_configuration" "${filename} is owned by user ${userid} (group ${groupid}) and is world-writable with sticky bit (${permissions})${message}"
72 else
73 stdio_message_warn "system_configuration" "${filename} is owned by user ${userid} (group ${groupid}) and is world-writable (${permissions})${message}"
74 fi
75 ;;
76 ?????w????)
77 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
78 then
79 stdio_message_warn "system_configuration" "${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-writable (${permissions})${message}"
80 else
81 stdio_message_debug "system_configuration" "${filename} is owned by user ${userid} (group ${groupid}) and is group-writable (${permissions})${message}"
82 fi
83 ;;
84 ??w???????)
85 if [ "`user_is_root \"${userid}\"`" -ne 1 -a "`user_show_user_name`" = "${userid}" ]
86 then
87 stdio_message_warn "system_configuration" "${filename} is owned by user ${userid} (YOU) (group ${groupid}), non-root user (${permissions})${message}"
88 elif [ "`user_is_root \"${userid}\"`" -ne 1 ]
89 then
90 stdio_message_log "system_configuration" "${filename} is owned by user ${userid} (group ${groupid}), non-root user (${permissions})${message}"
91 fi
92 ;;
93 esac
94 done
95 }
96
97 system_configuration_fini () {
98 stdio_message_log "system_configuration" "Ending at: `date`"
99 }
+118
-0
lib/checks/system_libraries less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List group-writable and world-writable system libraries and their
22 # parent directories
23
24 . lib/misc/file
25 . lib/misc/group
26 . lib/misc/linker
27 . lib/misc/permission
28 . lib/misc/stdio
29 . lib/misc/user
30
31 system_libraries_init () {
32 stdio_message_log "system_libraries" "Starting at: `date`"
33 }
34
35 system_libraries_permissions () {
36 filename="${1}"
37 permissions="${2}"
38 userid="${3}"
39 groupid="${4}"
40 systemfilename="${5}"
41 case "${permissions}" in
42 ????????w?)
43 if [ "`permission_is_world_writable_sticky_bit \"${permissions}\"`" -eq 1 ]
44 then
45 stdio_message_log "system_libraries" "(${systemfilename}) ${filename} is owned by user ${userid} (group ${groupid}) and is world-writable with sticky bit (${permissions})"
46 else
47 stdio_message_warn "system_libraries" "(${systemfilename}) ${filename} is owned by user ${userid} (group ${groupid}) and is world-writable (${permissions})"
48 fi
49 ;;
50 ?????w????)
51 if [ "`group_is_in_group_name \"${groupid}\"`" -eq 1 ]
52 then
53 stdio_message_warn "system_libraries" "(${systemfilename}) ${filename} is owned by user ${userid} (group ${groupid}: YOU) and is group-writable (${permissions})"
54 else
55 stdio_message_log "system_libraries" "(${systemfilename}) ${filename} is owned by user ${userid} (group ${groupid}) and is group-writable (${permissions})"
56 fi
57 ;;
58 ??w???????)
59 if [ "`user_is_root \"${userid}\"`" -ne 1 -a "`user_show_user_name`" = "${userid}" ]
60 then
61 stdio_message_debug "system_libraries" "(${systemfilename}) ${filename} is owned by user ${userid} (YOU) (group ${groupid}), non-root user (${permissions})"
62 elif [ "`user_is_root \"${userid}\"`" -ne 1 ]
63 then
64 stdio_message_log "system_libraries" "(${systemfilename}) ${filename} is owned by user ${userid} (group ${groupid}), non-root user (${permissions})"
65 fi
66 ;;
67 esac
68 }
69
70 system_libraries_traverse () {
71 systemfilename="${1}"
72 file_parent_traverse "${systemfilename}" | while read filepath
73 do
74 file_show_non_symlink_perms " ${filepath}$" | while read filename permissions userid groupid
75 do
76 system_libraries_permissions "${filename}" "${permissions}" "${userid}" "${groupid}" "${systemfilename}"
77 done
78 done
79 }
80
81 system_libraries_wrapper () {
82 systemfilename="${1}"
83 file_show_non_symlink_perms " ${systemfilename}" | while read filename permissions userid groupid
84 do
85 system_libraries_permissions "${filename}" "${permissions}" "${userid}" "${groupid}" "${systemfilename}"
86 done
87 system_libraries_traverse "${systemfilename}"
88 }
89
90 system_libraries_main () {
91 linker_list_system_filenames | while read filename
92 do
93 if [ ! -e "${filename}" ]
94 then
95 stdio_message_warn "system_libraries" "${filename} does not exist, checking parent path directories' permissions"
96 system_libraries_traverse "${filename}"
97 continue
98 fi
99
100 if [ -h "${filename}" ]
101 then
102 linkedfilename="`file_show_symlinked_filename "${filename}"`"
103
104 if [ -e "${linkedfilename}" ]
105 then
106 #stdio_message_debug "system_libraries" "${filename} is a symlink to ${linkedfilename}"
107 system_libraries_wrapper "${linkedfilename}"
108 fi
109 else
110 system_libraries_wrapper "${filename}"
111 fi
112 done
113 }
114
115 system_libraries_fini () {
116 stdio_message_log "system_libraries" "Ending at: `date`"
117 }
+42
-0
lib/checks/system_mmap less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if mmap allows map to 0
22
23 . lib/misc/kernel
24 . lib/misc/stdio
25
26 system_mmap_init () {
27 stdio_message_log "system_mmap" "Starting at: `date`"
28 }
29
30 system_mmap_main () {
31 if [ "`kernel_mmap_zero_allowed`" -eq 1 ]
32 then
33 stdio_message_warn "system_mmap" "mmap allows map to 0"
34 else
35 stdio_message_debug "system_mmap" "mmap does not allow map to 0"
36 fi
37 }
38
39 system_mmap_fini () {
40 stdio_message_log "system_mmap" "Ending at: `date`"
41 }
+61
-0
lib/checks/system_nx less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if the CPU supports NX (NoExecute)
22
23 . lib/misc/kernel
24 . lib/misc/stdio
25
26 system_nx_init () {
27 stdio_message_log "system_nx" "Starting at: `date`"
28 }
29
30 system_nx_main () {
31 if [ "`kernel_nx`" -eq 0 ]
32 then
33 stdio_message_warn "system_nx" "The CPU does not support NX"
34 else
35 stdio_message_debug "system_nx" "The CPU supports NX"
36 fi
37 # TODO does uname return HP-UX or HPUX?
38 if [ "`uname`" = "SunOS" -o "`uname`" = "HP-UX" ]
39 then
40 if [ "`kernel_nx_logging`" -eq 0 ]
41 then
42 stdio_message_log "system_nx" "The system does not log NX violations"
43 else
44 stdio_message_debug "system_nx" "The system logs NX violations"
45 fi
46 fi
47 if [ "`uname`" = "SunOS" ]
48 then
49 if [ "`kernel_nx_audit`" -eq 0 ]
50 then
51 stdio_message_log "system_nx" "NX auditing not enabled"
52 else
53 stdio_message_debug "system_nx" "NX auditing enabled"
54 fi
55 fi
56 }
57
58 system_nx_fini () {
59 stdio_message_log "system_nx" "Ending at: `date`"
60 }
+42
-0
lib/checks/system_selinux less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Check if SELinux enforces system-wide
22
23 . lib/misc/kernel
24 . lib/misc/stdio
25
26 system_selinux_init () {
27 stdio_message_log "system_selinux" "Starting at: `date`"
28 }
29
30 system_selinux_main () {
31 if [ "`kernel_selinux_enforce`" -eq 0 ]
32 then
33 stdio_message_warn "system_selinux" "SELinux does not enforce system-wide"
34 else
35 stdio_message_debug "system_selinux" "SELinux enforces system-wide"
36 fi
37 }
38
39 system_selinux_fini () {
40 stdio_message_log "system_selinux" "Ending at: `date`"
41 }
+50
-0
lib/checks/world_writable less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # List world-writable files
22
23 . lib/misc/stdio
24 . lib/misc/file
25 . lib/misc/permission
26
27 world_writable_init () {
28 stdio_message_log "world_writable" "Starting at: `date`"
29 }
30
31 world_writable_main () {
32 file_show_non_symlink_perms "^........w. " | while read filename permissions userid groupid
33 do
34 case "${permissions}" in
35 ????????w?)
36 if [ "`permission_is_world_writable_sticky_bit \"${permissions}\"`" -eq 1 ]
37 then
38 stdio_message_warn "world_writable" "${filename} is owned by user ${userid} (group ${groupid}) and is world-writable with sticky bit (${permissions})"
39 else
40 stdio_message_warn "world_writable" "${filename} is owned by user ${userid} (group ${groupid}) and is world-writable (${permissions})"
41 fi
42 ;;
43 esac
44 done
45 }
46
47 world_writable_fini () {
48 stdio_message_log "world_writable" "Ending at: `date`"
49 }
+247
-0
lib/misc/binary less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux, AIX, Solaris
22
23 if [ -z "${binaryincluded}" ]
24 then
25
26 binaryincluded=1
27
28 . lib/misc/dependencies
29 . lib/misc/validate
30
31 binary_list_rpath () {
32 filename="${1}"
33 [ "`file_is_regular \"${filename}\"`" ] || false
34 # skip textual files (bash scripts, python scripts, etc)
35 if [ "`file_is_textual \"${filename}\"`" -eq 1 ]
36 then
37 printf -- ""
38 elif [ "`uname`" = "AIX" ]
39 then
40 dumpflag=0
41 dump -Hv -X 32_64 "${filename}" | while read line
42 do
43 if [ "${dumpflag}" -eq 1 ]
44 then
45 printf -- "${line}\n" | while read index base member
46 do
47 if [ "${index}" -eq 0 ]
48 then
49 printf -- "${base}\n" | tr ":" "\n" | while read filename
50 do
51 printf -- "${filename}\n"
52 done
53 fi
54 done
55 fi
56 if [ -n "`printf -- "${line}\n" | grep "INDEX"`" ]
57 then
58 dumpflag=1
59 fi
60 done | sort | uniq
61 elif [ "`uname`" = "SunOS" ]
62 then
63 dump -Lv "${filename}" | grep "RPATH" | while read _ header rpath
64 do
65 printf -- "${rpath}\n" | tr ":" "\n" | while read filename
66 do
67 printf -- "${filename}\n"
68 done
69 done | sort | uniq
70 dump -Lv "${filename}" | grep "RUNPATH" | while read _ header rpath
71 do
72 printf -- "${rpath}\n" | tr ":" "\n" | while read filename
73 do
74 printf -- "${filename}\n"
75 done
76 done | sort | uniq
77 else
78 objdump -x "${filename}" | grep -i "RPATH" | while read header rpath
79 do
80 printf -- "${rpath}\n" | tr ":" "\n" | while read filename
81 do
82 printf -- "${filename}\n"
83 done
84 done | sort | uniq
85 objdump -x "${filename}" | grep -i "RUNPATH" | while read header rpath
86 do
87 printf -- "${rpath}\n" | tr ":" "\n" | while read filename
88 do
89 printf -- "${filename}\n"
90 done
91 done | sort | uniq
92 fi
93 }
94
95 binary_pie() {
96 filename="${1}"
97 [ "`file_is_regular \"${filename}\"`" ] || false
98 # skip textual files (bash scripts, python scripts, etc)
99 if [ "`file_is_textual \"${filename}\"`" -eq 1 ]
100 then
101 printf -- "1\n"
102 elif [ "`uname`" = "Linux" ]
103 then
104 if [ -n "`objdump -x "${filename}" | head -5 | grep "DYNAMIC"`" ]
105 then
106 printf -- "1\n"
107 else
108 printf -- "0\n"
109 fi
110 else
111 printf -- "0\n"
112 fi
113 }
114
115 binary_relro_full() {
116 filename="${1}"
117 [ "`file_is_regular \"${filename}\"`" ] || false
118 # skip textual files (bash scripts, python scripts, etc)
119 if [ "`file_is_textual \"${filename}\"`" -eq 1 ]
120 then
121 printf -- "1\n"
122 elif [ "`uname`" = "Linux" ]
123 then
124 if [ -n "`objdump -x "${filename}" | grep "BIND_NOW"`" ]
125 then
126 printf -- "1\n"
127 else
128 printf -- "0\n"
129 fi
130 else
131 printf -- "0\n"
132 fi
133 }
134
135 binary_relro() {
136 filename="${1}"
137 [ "`file_is_regular \"${filename}\"`" ] || false
138 # skip textual files (bash scripts, python scripts, etc)
139 if [ "`file_is_textual \"${filename}\"`" -eq 1 ]
140 then
141 printf -- "1\n"
142 elif [ "`uname`" = "Linux" ]
143 then
144 if [ -n "`objdump -x "${filename}" | head -30 | grep "RELRO"`" ]
145 then
146 printf -- "1\n"
147 else
148 printf -- "0\n"
149 fi
150 else
151 printf -- "0\n"
152 fi
153 }
154
155 binary_nx() {
156 filename="${1}"
157 [ "`file_is_regular \"${filename}\"`" ] || false
158 # skip textual files (bash scripts, python scripts, etc)
159 if [ "`file_is_textual \"${filename}\"`" -eq 1 ]
160 then
161 printf -- "1\n"
162 elif [ "`uname`" = "Linux" ]
163 then
164 isstackline="0"
165 oldifs="${IFS}"
166 IFS="\n"
167 objdump -x "${filename}" | head -30 | while read line
168 do
169 if [ "${isstackline}" -eq 1 ]
170 then
171 if [ -n "`printf -- \"${line}\" | egrep -- \" rw-$\"`" ]
172 then
173 printf -- "1\n"
174 else
175 printf -- "0\n"
176 fi
177 break
178 elif [ -n "`printf -- \"${line}\" | grep "STACK "`" ]
179 then
180 isstackline="1"
181 fi
182 done
183 IFS="${oldifs}"
184 else
185 printf -- "0\n"
186 fi
187 }
188
189 binary_matches_string () {
190 filename="${1}"
191 pattern="${2}"
192 [ "`file_is_regular \"${filename}\"`" ] || false
193 [ "`validate_is_string \"${pattern}\"`" ] || false
194 if [ -n "`strings \"${filename}\" | egrep -- \"${pattern}\"`" ]
195 then
196 printf -- "1\n"
197 else
198 printf -- "0\n"
199 fi
200 }
201
202 binary_matches_string_grep () {
203 filename="${1}"
204 pattern="${2}"
205 [ "`file_is_regular \"${filename}\"`" ] || false
206 [ "`validate_is_string \"${pattern}\"`" ] || false
207 if [ -n "`strings \"${filename}\" | grep -- \"${pattern}\"`" ]
208 then
209 printf -- "1\n"
210 else
211 printf -- "0\n"
212 fi
213 }
214
215 binary_matches_function () {
216 filename="${1}"
217 pattern="${2}"
218 [ "`file_is_regular \"${filename}\"`" ] || false
219 [ "`validate_is_string \"${pattern}\"`" ] || false
220 # skip textual files (bash scripts, python scripts, etc)
221 if [ "`file_is_textual \"${filename}\"`" -eq 1 ]
222 then
223 printf -- "0\n"
224 elif [ -n "`objdump -T "${filename}" | egrep "${pattern}"`" ]
225 then
226 printf -- "1\n"
227 else
228 printf -- "0\n"
229 fi
230 }
231
232 binary_banned_api () {
233 filename="${1}"
234 pattern="${2}"
235 [ "`file_is_regular \"${filename}\"`" ] || false
236 [ "`validate_is_string \"${pattern}\"`" ] || false
237 # skip textual files (bash scripts, python scripts, etc)
238 if [ "`file_is_textual \"${filename}\"`" -eq 1 ]
239 then
240 printf -- ""
241 else
242 printf -- "`objdump -T "${filename}" | egrep -o "${pattern}" | sort -u | xargs | tr " " ","`"
243 fi
244 }
245
246 fi
+144
-0
lib/misc/cron less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux
22
23 if [ -z "${cronincluded}" ]
24 then
25
26 cronincluded=1
27
28 . lib/misc/file
29 . lib/misc/parse
30 . lib/misc/user
31 . lib/misc/validate
32
33 cron_crontab_list () {
34 crontab -l | egrep -v "^#|^$" | while read minute hour dom mon dow command arguments
35 do
36 # Examples of ${command} ${arguments}:
37 # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
38 # 30 6 * * * id > /tmp/test
39 printf -- "`user_show_user_name` ${command}\n"
40 done
41 }
42
43 cron_crontabs_list () {
44 file_show_perms " /var/spool/cron/crontabs/" | while read filename permissions userid groupid
45 do
46 case "${permissions}" in
47 -?????????)
48 # ignore user's own crontab file as it is retrieved by cron_crontab_list function
49 if [ "${filename}" != "`user_show_user_name`" ]
50 then
51 printf -- "${userid} ${filename}\n"
52 fi
53 ;;
54 l?????????)
55 printf -- "${userid} `file_show_symlinked_filename \"${filename}\"`\n"
56 ;;
57 d?????????)
58 # ignore directories
59 continue
60 ;;
61 esac
62 done
63 }
64
65 cron_system_crontab_list () {
66 cat "/etc/crontab" | egrep -v "^#|^$" | egrep -v "run-parts " | while read minute hour dom mon dow user command arguments
67 do
68 # Example of /etc/crontab lines:
69 # 18 23 2 * * luther command args
70 # 19 21 3 * * wu dir > /tmp/dir
71 if [ -n "${user}" -a -n "${command}" ]
72 then
73 printf -- "${user} ${command}\n"
74 fi
75 done
76 }
77
78 cron_system_get_user () {
79 filepath="${1}"
80 [ "`validate_is_string \"${filepath}\"`" ] || false
81 filepath="`dirname \"${filepath}\"`"
82 cat "/etc/crontab" | egrep -v "^#|^$" | egrep -- "run-parts " | while read minute hour dom mon dow user command arguments
83 do
84 # Example of /etc/crontab lines:
85 # 17 * * * * root cd / && run-parts --report /etc/cron.hourly
86 # 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
87 if [ -n "`printf -- \"${arguments}\" | egrep -- \" ${filepath}\"`" ]
88 then
89 printf -- "${user}\n"
90 break
91 fi
92 done
93 }
94
95 cron_system_list () {
96 file_show_perms " /etc/cron\." | while read filename permissions _ _
97 do
98 userid="`cron_system_get_user \"${filename}\"`"
99 if [ -z "${userid}" ]
100 then
101 userid="root"
102 fi
103 case "${permissions}" in
104 -?????????)
105 printf -- "${userid} ${filename}\n"
106 ;;
107 l?????????)
108 printf -- "${userid} `file_show_symlinked_filename \"${filename}\"`\n"
109 ;;
110 d?????????)
111 # ignore directories
112 continue
113 ;;
114 esac
115 done
116 }
117
118 cron_file_extract_paths () {
119 filename="${1}"
120 [ "`file_is_regular \"${filename}\"`" ] || false
121 parse_extract_absolute_filepaths "`cat -- \"${filename}\"`" | while read filepath
122 do
123 # do not return file paths that do not exist, are device files or are within /proc
124 if [ "`file_exists \"${filepath}\"`" -ne 1 -o -n "`printf -- \"${filepath}\" | egrep -- \"^/dev/\"`" -o -n "`printf -- \"${filepath}\" | egrep -- \"^/proc/\"`" ]
125 then
126 continue
127 # follow symbolic links
128 elif [ -h "${filepath}" ]
129 then
130 symlinkedfilepath="`file_show_symlinked_filename \"${filepath}\"`"
131 if [ -n "${symlinkedfilepath}" -a "`file_is_directory \"${symlinkedfilepath}\"`" -ne 1 ]
132 then
133 printf -- "root ${symlinkedfilepath}\n"
134 fi
135 # ignore directories
136 elif [ "`file_is_directory \"${filepath}\"`" -ne 1 ]
137 then
138 printf -- "root ${filepath}\n"
139 fi
140 done
141 }
142
143 fi
+43
-0
lib/misc/dependencies less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux, Solaris
22
23 if [ -z "${dependenciesincluded}" ]
24 then
25
26 dependenciesincluded=1
27
28 . lib/misc/stdio
29
30 dependencies_check () {
31 # TODO the principle is solid, but at the moment it only caters for Linux
32 #if [ -z "`which objdump`" -o -z "`which strings`" ]
33 #then
34 # stdio_message_error "dependencies" "missing mandatory tool (objdump or strings), install binutils and rerun"
35 # #exit 127
36 #fi
37 false
38 }
39
40 dependencies_check
41
42 fi
+216
-0
lib/misc/device less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux
22
23 if [ -z "${deviceincluded}" ]
24 then
25
26 deviceincluded=1
27
28 . lib/misc/file
29 . lib/misc/validate
30
31 device_fstab_check () {
32 if [ "`file_is_readable \"/etc/fstab\"`" -eq 1 ]
33 then
34 printf -- "1\n"
35 else
36 printf -- "0\n"
37 fi
38 }
39
40 device_fstab_list () {
41 if [ "`device_fstab_check`" -eq 1 ]
42 then
43 cat "/etc/fstab" | egrep -v "^#|^$" | while read device mountpoint filesystem options _ _
44 do
45 if [ -n "`printf -- \"${device}\" | egrep -- \"^/\"`" ]
46 then
47 printf -- "${device}\n"
48 fi
49 done | sort | uniq
50 fi
51 }
52
53 device_mounted_list () {
54 if [ "`uname`" = "SunOS" ]
55 then
56 mount | egrep -- "xattr" | while read device _ mountpoint _ filesystem options
57 do
58 if [ "`printf -- \"${device}\" | egrep -- \"^/\"`" ]
59 then
60 printf -- "${device}\n"
61 fi
62 done | sort | uniq
63 else
64 mount | while read device _ mountpoint _ filesystem options
65 do
66 if [ "`printf -- \"${device}\" | egrep -- \"^/\"`" ]
67 then
68 printf -- "${device}\n"
69 fi
70 done | sort | uniq
71 fi
72 }
73
74 device_blkid_list () {
75 [ "`file_show_real_filename \"blkid\"`" ] || false
76 blkid="`file_show_real_filename \"blkid\"`"
77 blkid -o device | while read device
78 do
79 printf -- "${device}\n"
80 done | sort | uniq
81 }
82
83 device_swap_list () {
84 # TODO does uname return HP-UX or HPUX?
85 if [ "`uname`" = "HP-UX" ]
86 then
87 swapinfo | egrep -v "^dev" | egrep -- "^/" | while read _ _ _ _ _ _ _ _ device _
88 do
89 printf -- "${device}\n"
90 done | sort | uniq
91 else
92 swapon -s | egrep -- "^/" | while read device _ _ _ _
93 do
94 printf -- "${device}\n"
95 done | sort | uniq
96 fi
97 }
98
99 device_list () {
100 device_mounted_list
101 device_fstab_list
102 device_blkid_list
103 device_swap_list
104 }
105
106 device_list_options () {
107 if [ "`device_fstab_check`" -eq 1 ]
108 then
109 cat "/etc/fstab" | egrep -v "^#|^$" | while read device mountpoint filesystem options _ _
110 do
111 # retrieve device file path from UUID representation
112 if [ -n "`printf -- \"${device}\" | egrep -- \"^UUID=\"`" ]
113 then
114 uuid="`printf \"${device}\" | cut -c6-`"
115 device="`device_uuid_to_filename \"${uuid}\"`"
116 # ignore swap
117 elif [ "${filesystem}" = "swap" ]
118 then
119 continue
120 fi
121 printf -- "${device} ${options}\n"
122 done
123 fi
124 }
125
126 device_get_mountpoint_from_blkid () {
127 pattern="${1}"
128 [ "`validate_is_string \"${pattern}\"`" ] || false
129 [ "`file_show_real_filename \"blkid\"`" ] || false
130 blkid="`file_show_real_filename \"blkid\"`"
131 #blkid -o list | while read device filesystem label mountpoint uuid
132 blkid -o list | while read device filesystem mountpoint uuid
133 do
134 if [ "${device}" = "${pattern}" ]
135 then
136 printf -- "${mountpoint}\n"
137 fi
138 done
139 }
140
141 device_get_mountpoint_from_fstab () {
142 pattern="${1}"
143 [ "`validate_is_string \"${pattern}\"`" ] || false
144 if [ "`device_fstab_check`" -eq 1 ]
145 then
146 cat "/etc/fstab" | egrep -v "^#|^$" | while read device mountpoint filesystem options _ _
147 do
148 if [ "${device}" = "${pattern}" ]
149 then
150 printf -- "${mountpoint}\n"
151 fi
152 done
153 fi
154 }
155
156 device_get_mountpoint_from_mount () {
157 pattern="${1}"
158 [ "`validate_is_string \"${pattern}\"`" ] || false
159 mount | egrep -- "^${pattern}" | while read device _ mountpoint _ _ _
160 do
161 if [ "${device}" = "${pattern}" ]
162 then
163 printf -- "${mountpoint}\n"
164 fi
165 done
166 }
167
168 device_get_mountpoint () {
169 pattern="${1}"
170 [ "`validate_is_string \"${pattern}\"`" ] || false
171 if [ -n "`device_get_mountpoint_from_mount \"${pattern}\" | egrep -- \"^/\"`" ]
172 then
173 printf -- "`device_get_mountpoint_from_mount \"${pattern}\" | egrep -- \"^/\"`\n"
174 elif [ -n "`device_get_mountpoint_from_fstab \"${pattern}\" | egrep -- \"^/\"`" ]
175 then
176 printf -- "`device_get_mountpoint_from_fstab \"${pattern}\" | egrep -- \"^/\"`\n"
177 elif [ -n "`device_get_mountpoint_from_blkid \"${pattern}\" | egrep -- \"^/\"`" ]
178 then
179 printf -- "`device_get_mountpoint_from_blkid \"${pattern}\" | egrep -- \"^/\"`\n"
180
181 fi
182 }
183
184 device_uuid_to_filename () {
185 pattern="${1}"
186 [ "`validate_is_string \"${pattern}\"`" ] || false
187 [ "`file_show_real_filename \"blkid\"`" ] || false
188 blkid="`file_show_real_filename \"blkid\"`"
189 #blkid -o list | while read device filesystem label mountpoint uuid
190 blkid -o list | while read device filesystem mountpoint uuid
191 do
192 if [ "${uuid}" = "${pattern}" ]
193 then
194 printf -- "${device}\n"
195 break
196 fi
197 done
198 }
199
200 device_is_swap () {
201 pattern="${1}"
202 [ "`validate_is_string \"${pattern}\"`" ] || false
203 ret="0"
204 device_swap_list | while read device
205 do
206 if [ "${device}" = "${pattern}" ]
207 then
208 ret="1"
209 break
210 fi
211 done
212 printf -- "${ret}\n"
213 }
214
215 fi
+255
-0
lib/misc/file less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: AIX, Solaris, Linux
22
23 if [ -z "${fileincluded}" ]
24 then
25
26 fileincluded=1
27 filecachefilename="files_cache.$$"
28 filecacherootpath="/"
29
30 . lib/misc/stdio
31 . lib/misc/validate
32
33 file_check_or_generate_cache () {
34 if [ ! -f "${filecachefilename}" ]
35 then
36 stdio_message_log "file" "Generating file cache..."
37 # the below looks a bit odd but it's the best way to normalise file's output since we're not interested in inodes, device major/minor numbers etc
38 find "${filecacherootpath}" -ls | sed "s/%/%%/g" | while read _ _ permissions _ userid groupid _ _ _ _ filename restofline
39 do
40 printf -- "${permissions} ${userid} ${groupid} ${filename}"
41 if [ -n "${restofline}" ]
42 then
43 printf -- " ${restofline}"
44 fi
45 printf "\n"
46 done >"${filecachefilename}"
47 stdio_message_log "file" "Cache generated..."
48 fi
49 }
50
51 file_list_by_perm () {
52 # patterns must always take the form "^.......... " i.e. regular expressions. for example "^...s...... |^....S...... " will select setuid binaries
53 pattern="${1}"
54 [ "`validate_is_string \"${pattern}\"`" ] || false
55 egrep -- "${pattern}" "${filecachefilename}" | while read permissions userid groupid filename _
56 do
57 printf -- "${filename}\n"
58 done
59 }
60
61 file_list_by_filename () {
62 # patterns must always take the form " /path/*/find" i.e. regular expressions
63 pattern="${1}"
64 [ "`validate_is_string \"${pattern}\"`" ] || false
65 # this will only work for files, not dirs - mostly what we want I think
66 egrep -- "^-.*${pattern}" "${filecachefilename}" | while read permissions userid groupid filename _
67 do
68 # TODO what if pattern matches on symlink? we may still revert to glob() style checking
69 printf -- "${filename}\n"
70 done
71 }
72
73 file_show_perms () {
74 # patterns must always take the form " /path/*/find" (permission are allowed too i.e. "^........w. ") regular expressions
75 pattern="${1}"
76 [ "`validate_is_string \"${pattern}\"`" ] || false
77 egrep -- "${pattern}" "${filecachefilename}" | while read permissions userid groupid filename _
78 do
79 # TODO what if pattern matches on symlink? we may still revert to glob() style checking
80 printf -- "${filename} ${permissions} ${userid} ${groupid}\n"
81 done
82 }
83
84 file_show_non_symlink_perms () {
85 # patterns must always take the form " /path/*/find" (permission are allowed too i.e. "^........w. ") regular expressions
86 pattern="${1}"
87 [ "`validate_is_string \"${pattern}\"`" ] || false
88 egrep -- "${pattern}" "${filecachefilename}" | while read permissions userid groupid filename _
89 do
90 case "${permissions}" in
91 l?????????)
92 continue
93 ;;
94 *)
95 printf -- "${filename} ${permissions} ${userid} ${groupid}\n"
96 ;;
97 esac
98 done
99 }
100
101 file_show_real_filename () {
102 pattern="${1}"
103 [ "`validate_is_string \"${pattern}\"`" ] || false
104 # TODO we could be smarter about this, but for now, which should suffice.. alternatives could include whereis, locate etc
105 case "${pattern}" in
106 /*)
107 printf -- "${pattern}\n"
108 ;;
109 *)
110 # AIX errors to stdout, ideally we'd use $? but which on Solaris doesn't exit() differently depending on result :(
111 # TODO maybe we should break it out with uname checks?
112 realfilename="`which \"\`basename \\\"${pattern}\\\"\`\" 2>&1 | egrep -v \"There is no |^(which: )?no \"`"
113 if [ -n "${realfilename}" ]
114 then
115 printf -- "${realfilename}\n"
116 fi
117 ;;
118 esac
119 }
120
121 file_show_symlinked_filename () {
122 pattern="${1}"
123 [ "`validate_is_string \"${pattern}\"`" ] || false
124 # leave grep here otherwise libraries with ++ in the name will not be grepped properly (i.e. /usr/lib/i386-linux-gnu/libstdc++.so.6.0.16)
125 grep -- " ${pattern} ->" "${filecachefilename}" | while read permissions userid groupid filename _ linkedfilename
126 # FIXME The grep above is not always effective. Example: if file_show_symlinked_filename is passed "/lib64/ld-linux-x86-64.so.2"
127 # "/lib64/ld-linux-x86-64.so.2" does not appear in files_cache.temp
128 # Why? Because /lib64 is a symlink to /lib. The "find" therefore never recurses through /lib64.
129 # I have enabled lots of debug statements. To recreate the bug, run ./upc.sh --check binary_dependency
130 # and look for "linkedlibrary=" in the output - i.e. the linkedlibrary is empty.
131 do
132 # echo "file_show_symlinked_filename in loop with ${linkedfilename}" 1>&2
133 case "${linkedfilename}" in
134 /*)
135 if [ -h "${linkedfilename}" ]
136 then
137 file_show_symlinked_filename "${linkedfilename}"
138 else
139 printf -- "${linkedfilename}\n"
140 #stdio_message_debug "file" "file_show_symlinked_filename returning ${linkedfilename}"
141 fi
142 ;;
143 # TODO handle the case where symlinked file is a relative path (e.g. ../linkedfilename)
144 *)
145 if [ -n "${linkedfilename}" ]
146 then
147 printf -- "`dirname \"${filename}\"`/${linkedfilename}\n"
148 #stdio_message_debug "file" "file_show_symlinked_filename returning `dirname \"${filename}\"`/${linkedfilename}"
149 fi
150 ;;
151 esac
152 done
153 }
154
155 file_matches_string () {
156 filename="${1}"
157 pattern="${2}"
158 [ "`file_is_regular \"${filename}\"`" ] || false
159 [ "`validate_is_string \"${pattern}\"`" ] || false
160 if [ -n "`egrep \"${pattern}\" \"${filename}\"`" ]
161 then
162 printf -- "1\n"
163 else
164 printf -- "0\n"
165 fi
166 }
167
168 file_parent_traverse () {
169 filename="${1}"
170 [ "`file_is_regular \"${filename}\"`" ] || false
171 # start with the dependency itself and then use dirname to find the parent directory
172 while [ "${filename}" != "/" ]
173 do
174 printf -- "${filename}\n"
175 # find the parent directory
176 filename="`dirname \"${filename}\"`"
177 done
178 }
179
180 file_is_textual () {
181 filename="${1}"
182 [ "`file_is_regular \"${filename}\"`" ] || false
183 if [ -n "`file \"${filename}\" | grep -i \" text\"`" ]
184 then
185 printf -- "1\n"
186 # consider empty files as textual files
187 elif [ -n "`file \"${filename}\" | grep -i \" empty\"`" ]
188 then
189 printf -- "1\n"
190 else
191 printf -- "0\n"
192 fi
193 }
194
195 file_exists () {
196 filename="${1}"
197 [ "`validate_is_string \"${filename}\"`" ] || false
198 if [ -e "${filename}" ]
199 then
200 printf -- "1\n"
201 else
202 printf -- "0\n"
203 fi
204 }
205
206 file_is_regular () {
207 filename="${1}"
208 [ "`validate_is_string \"${filename}\"`" ] || false
209 if [ -f "${filename}" ]
210 then
211 printf -- "1\n"
212 else
213 printf -- "0\n"
214 fi
215 }
216
217 file_is_readable () {
218 filename="${1}"
219 [ "`validate_is_string \"${filename}\"`" ] || false
220 if [ -r "${filename}" ]
221 then
222 printf -- "1\n"
223 else
224 printf -- "0\n"
225 fi
226 }
227
228 file_is_directory () {
229 filename="${1}"
230 [ "`validate_is_string \"${filename}\"`" ] || false
231 if [ -d "${filename}" ]
232 then
233 printf -- "1\n"
234 else
235 printf -- "0\n"
236 fi
237 }
238
239 file_is_basename () {
240 filepath="${1}"
241 filename="${2}"
242 [ "`validate_is_string \"${filepath}\"`" ] || false
243 [ "`validate_is_string \"${filename}\"`" ] || false
244 if [ "`basename \"${filepath}\"`" = "${filename}" ]
245 then
246 printf -- "1\n"
247 else
248 printf -- "0\n"
249 fi
250 }
251
252 file_check_or_generate_cache
253
254 fi
+118
-0
lib/misc/group less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux
22
23 if [ -z "${groupincluded}" ]
24 then
25
26 groupincluded=1
27
28 . lib/misc/validate
29
30 group_is_trusted () {
31 group="${1}"
32 [ "`validate_is_string \"${group}\"`" ] || false
33 # TODO write this
34 false
35 }
36
37 group_is_root () {
38 group="${1}"
39 [ "`validate_is_string \"${group}\"`" ] || false
40 root="`grep -E '[^:]+:[^:]+:0:' /etc/passwd | head -1 | cut -d: -f1`"
41 if [ "${group}" = "`id -g -n \"${root}\"`" ]
42 then
43 printf -- "1\n"
44 else
45 printf -- "0\n"
46 fi
47 }
48
49 group_is_group_id () {
50 groupid="${1}"
51 [ "`validate_is_number \"${groupid}\"`" ] || false
52 if [ "`group_show_group_id`" = "${groupid}" ]
53 then
54 printf -- "1\n"
55 else
56 printf -- "0\n"
57 fi
58 }
59
60 group_is_group_name () {
61 group="${1}"
62 [ "`validate_is_string \"${group}\"`" ] || false
63 if [ "`group_show_group_name`" = "${group}" ]
64 then
65 printf -- "1\n"
66 else
67 printf -- "0\n"
68 fi
69 }
70
71 group_is_in_group_id () {
72 groupid="${1}"
73 ret="0"
74 [ "`validate_is_number \"${groupid}\"`" ] || false
75 group_show_group_ids | while read usergroupid
76 do
77 if [ "${usergroupid}" = "${groupid}" ]
78 then
79 ret="1"
80 break
81 fi
82 done
83 printf -- "${ret}\n"
84 }
85
86 group_is_in_group_name () {
87 group="${1}"
88 ret="0"
89 [ "`validate_is_string \"${group}\"`" ] || false
90 group_show_group_names | while read usergroup
91 do
92 if [ "${usergroup}" = "${group}" ]
93 then
94 ret="1"
95 break
96 fi
97 done
98 printf -- "${ret}\n"
99 }
100
101 group_show_group_id () {
102 printf -- "`id -g`\n"
103 }
104
105 group_show_group_ids () {
106 printf -- "`id -G | tr \" \" \"\n\"`\n"
107 }
108
109 group_show_group_name () {
110 printf -- "`id -g -n`\n"
111 }
112
113 group_show_group_names () {
114 printf -- "`id -G -n | tr \" \" \"\n\"`\n"
115 }
116
117 fi
+74
-0
lib/misc/inetd less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux
22
23 if [ -z "${inetdincluded}" ]
24 then
25
26 inetdincluded=1
27
28 . lib/misc/validate
29
30 inetd_list () {
31 egrep -v "^#|^$" "/etc/inetd.conf" | while read portnumber sockettype protocol flags userid command arguments argumentsarguments
32 do
33 printf -- "${portnumber}-${protocol}\n";
34 done
35 }
36
37 inetd_show_command () {
38 pattern="${1}"
39 [ "`validate_is_string \"${pattern}\"`" ] || false
40 egrep -v "^#|^$" "/etc/inetd.conf" | while read portnumber sockettype protocol flags userid command arguments argumentsarguments
41 do
42 if [ "${portnumber}-${protocol}" = "${pattern}" ]
43 then
44 printf -- "${command}\n"
45 fi
46 done
47 }
48
49 inetd_show_userid () {
50 pattern="${1}"
51 [ "`validate_is_string \"${pattern}\"`" ] || false
52 egrep -v "^#|^$" "/etc/inetd.conf" | while read portnumber sockettype protocol flags userid command arguments argumentsarguments
53 do
54 if [ "${portnumber}-${protocol}" = "${pattern}" ]
55 then
56 printf -- "${userid}\n"
57 fi
58 done
59 }
60
61 inetd_show_arguments () {
62 pattern="${1}"
63 [ "`validate_is_string \"${pattern}\"`" ] || false
64 egrep -v "^#|^$" "/etc/inetd.conf" | while read portnumber sockettype protocol flags userid command arguments argumentsarguments
65 do
66 if [ "${portnumber}-${protocol}" = "${pattern}" ]
67 then
68 printf -- "${arguments}\n"
69 fi
70 done
71 }
72
73 fi
+75
-0
lib/misc/init less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux
22
23 if [ -z "${initincluded}" ]
24 then
25
26 initincluded=1
27
28 . lib/misc/file
29 . lib/misc/parse
30 . lib/misc/user
31 . lib/misc/validate
32
33 init_list () {
34 file_show_perms " /etc/init.d/" | while read filename permissions userid groupid
35 do
36 if [ -h "${filename}" ]
37 then
38 symlinkedfilename="`file_show_symlinked_filename \"${filename}\"`"
39 if [ -n "${symlinkedfilename}" -a "`file_is_directory \"${symlinkedfilename}\"`" -ne 1 ]
40 then
41 printf -- "root ${symlinkedfilename}\n"
42 fi
43 else
44 printf -- "root ${filename}\n"
45 fi
46 done
47 }
48
49 init_file_extract_paths () {
50 filename="${1}"
51 [ "`file_is_regular \"${filename}\"`" ] || false
52 parse_extract_absolute_filepaths "`cat -- \"${filename}\"`" | while read filepath
53 do
54 # do not return file paths that do not exist, are device files or are within /proc
55 if [ "`file_exists \"${filepath}\"`" -ne 1 -o -n "`printf -- \"${filepath}\" | egrep -- \"^/dev/\"`" -o -n "`printf -- \"${filepath}\" | egrep -- \"^/proc/\"`" ]
56 then
57 continue
58 # follow symbolic links
59 elif [ -h "${filepath}" ]
60 then
61 symlinkedfilepath="`file_show_symlinked_filename \"${filepath}\"`"
62 if [ -n "${symlinkedfilepath}" -a "`file_is_directory \"${symlinkedfilepath}\"`" -ne 1 ]
63 then
64 printf -- "root ${symlinkedfilepath}\n"
65 fi
66 # ignore directories
67 elif [ "`file_is_directory \"${filepath}\"`" -ne 1 ]
68 then
69 printf -- "root ${filepath}\n"
70 fi
71 done
72 }
73
74 fi
+58
-0
lib/misc/inittab less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux
22
23 if [ -z "${inittabincluded}" ]
24 then
25
26 inittabincluded=1
27
28 . lib/misc/file
29
30 inittab_check () {
31 if [ "`file_is_readable \"/etc/inittab\"`" -eq 1 ]
32 then
33 printf -- "1\n"
34 else
35 printf -- "0\n"
36 fi
37 }
38
39 inittab_list () {
40 if [ "`inittab_check`" -eq 1 ]
41 then
42 oldifs="${IFS}"
43 IFS=":"
44 egrep -v "^#|^$" "/etc/inittab" | while read _ _ _ filename _
45 do
46 IFS="${oldifs}"
47 if [ "`file_is_regular \"${filename}\"`" -eq 1 ]
48 then
49 printf -- "root ${filename}\n"
50 fi
51 IFS=":"
52 done
53 IFS="${oldifs}"
54 fi
55 }
56
57 fi
+169
-0
lib/misc/kernel less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux, AIX, Solaris
22
23 if [ -z "${kernelincluded}" ]
24 then
25
26 kernelincluded=1
27
28 . lib/misc/dependencies
29 . lib/misc/file
30 . lib/misc/validate
31
32 kernel_aslr_pax() {
33 if [ -n "`cat /proc/1/status | grep \"PaX:\" | grep \"R\"`" ]
34 then
35 printf -- "1\n"
36 else
37
38 printf -- "0\n"
39 fi
40 }
41
42 kernel_aslr() {
43 if [ "`uname`" = "Linux" ]
44 then
45 sysctl kernel.randomize_va_space | while read _ _ value
46 do
47 printf -- "${value}\n"
48 break
49 done
50 else
51 printf -- "0\n"
52 fi
53 }
54
55 kernel_nx() {
56 if [ "`uname`" = "Linux" ]
57 then
58 if [ -n "`egrep -- \"^flags\" /proc/cpuinfo | egrep -- \"nx\"`" ]
59 then
60 printf -- "1\n"
61 else
62 printf -- "0\n"
63 fi
64 elif [ "`uname`" = "SunOS" ]
65 then
66 if [ -n "`egrep -- \"noexec_user_stack\" /etc/system | egrep -v \"_log\" | egrep -- \"1\"`" ]
67 then
68 printf -- "1\n"
69 else
70 printf -- "0\n"
71 fi
72 # TODO does uname return HP-UX or HPUX?
73 elif [ "`uname`" = "HP-UX" ]
74 then
75 kmtune -q "executable_stack" | egrep -- \"executable_stack\" | while read _ value _
76 do
77 case "${value}" in
78 0)
79 printf -- "1\n"
80 ;;
81 1)
82 printf -- "0\n"
83 ;;
84 esac
85 done
86 fi
87 }
88
89 kernel_nx_logging () {
90 if [ "`uname`" = "SunOS" ]
91 then
92 if [ -n "`egrep -- \"noexec_user_stack_log\" /etc/system | egrep -- \"1\"`" ]
93 then
94 printf -- "1\n"
95 else
96 printf -- "0\n"
97 fi
98 # TODO does uname return HP-UX or HPUX?
99 elif [ "`uname`" = "HP-UX" ]
100 then
101 kmtune -q "executable_stack" | egrep -- \"executable_stack\" | while read _ value _
102 do
103 case "${value}" in
104 2)
105 printf -- "0\n"
106 ;;
107 *)
108 printf -- "1\n"
109 ;;
110 esac
111 done
112 else
113 printf -- "0\n"
114 fi
115 }
116
117 kernel_nx_audit () {
118 if [ "`uname`" = "SunOS" ]
119 then
120 if [ -n "`egrep -- \"c2audit:audit_load\" /etc/system | egrep -- \"1\"`" ]
121 then
122 printf -- "1\n"
123 else
124 printf -- "0\n"
125 fi
126 else
127 printf -- "0\n"
128 fi
129 }
130
131 kernel_mmap_zero_allowed () {
132 if [ "`uname`" = "Linux" ]
133 then
134 if [ "`cat /proc/sys/vm/mmap_min_addr`" -eq 0 -o -z "`cat /proc/sys/vm/mmap_min_addr`" ]
135 then
136 printf -- "1\n"
137 else
138 printf -- "0\n"
139 fi
140 else
141 printf -- "0\n"
142 fi
143
144 }
145
146 kernel_selinux_enforce () {
147 if [ "`file_exists_file \"/selinux/enforce\"`" -eq 1 ]
148 then
149 printf -- "1\n"
150 else
151 printf -- "0\n"
152 fi
153 }
154
155 kernel_release() {
156 printf -- "`uname -r`\n"
157 }
158
159 kernel_release_is_backported() {
160 if [ -n "`kernel_version | egrep -- \"-\"`" ]
161 then
162 printf -- "1\n"
163 else
164 printf -- "0\n"
165 fi
166 }
167
168 fi
+59
-0
lib/misc/ldap less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: AIX, Linux
22
23 if [ -z "${ldapincluded}" ]
24 then
25
26 ldapincluded=1
27
28 . lib/misc/file
29
30 ldap_authentication_in_use () {
31 # ldap_nis Uses LDAP NIS services for resolving names
32 # ldap4 Uses LDAP services for resolving only IPv4 addresses
33 # ldap6 Uses LDAP services for resolving only IPv6 addresses
34 # ldap_nis4 Uses NIS LDAP services for resolving only IPv4 addresses
35 # ldap_nis6 Uses NIS LDAP services for resolving only IPv6 addresses
36 # ldap Uses LDAP services for resolving names
37 if [ "`uname`" = "AIX" -a "`file_is_readable \"/etc/netsvc.conf\"`" -eq 1 ]
38 then
39 if [ -n "`egrep -- \"^host\" \"/etc/netsvc.conf\" | egrep -- \"ldap\"`" ]
40 then
41 printf -- "1\n"
42 else
43 printf -- "0\n"
44 fi
45 elif [ "`file_is_readable \"/etc/nsswitch.conf\"`" -eq 1 ]
46 then
47 if [ -n "`egrep -- \"^passwd\" \"/etc/nsswitch.conf\" | egrep -- \"ldap\"`" ]
48 then
49 printf -- "1\n"
50 else
51 printf -- "0\n"
52 fi
53 else
54 printf -- "0\n"
55 fi
56 }
57
58 fi
+101
-0
lib/misc/linker less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux, AIX
22
23 if [ -z "${linkerincluded}" ]
24 then
25
26 linkerincluded=1
27
28 . lib/misc/file
29
30 linker_list_dependencies () {
31 filename="${1}"
32 [ "`file_is_regular \"${filename}\"`" ] || false
33 [ "`file_is_textual \"${filename}\"`" -eq 0 ] || false
34 if [ "`uname`" = "AIX" ]
35 then
36 ldd "${filename}" | grep -v "needs:" | while read library
37 do
38 case "${library}" in
39 /*)
40 library="`printf -- \"${library}\" | sed \"s/(.*//g\"`"
41 printf -- "${library}\n"
42 ;;
43 esac
44 done | sort | uniq
45 else
46 ldd "${filename}" | while read relativelibrary _ library _
47 do
48 case "${library}" in
49 /*)
50 printf -- "${library}\n"
51 ;;
52 not)
53 printf -- "${relativelibrary}\n"
54 ;;
55 esac
56 done | sort | uniq
57 # this is for cases where the first column of the ldd is not a symlink (for example a ldd /bin/umount has amongst its libraries also /lib/ld-linux.so.2 (0xb76e6000), not symlinked)
58 ldd "${filename}" | while read library _ _ _
59 do
60 case "${library}" in
61 /*)
62 printf -- "${library}\n"
63 ;;
64 esac
65 done | sort | uniq
66 fi
67 }
68
69 linker_list_system_filenames () {
70 if [ "`uname`" = "AIX" ]
71 then
72 printf -- "/lib\n"
73 printf -- "/usr/lib\n"
74 elif [ "`uname`" = "Linux" ]
75 then
76 while read line
77 do
78 case "${line}" in
79 /*)
80 printf -- "${line}\n"
81 ;;
82 include*)
83 printf -- "${line}\n" | while read _ filename
84 do
85 cat ${filename} | while read line
86 do
87 case "${line}" in
88 /*)
89 printf -- "${line}\n"
90 ;;
91 esac
92 done
93 done
94 ;;
95 esac
96 done <"/etc/ld.so.conf" | sort | uniq
97 fi
98 }
99
100 fi
+60
-0
lib/misc/nis less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: AIX, Linux
22
23 if [ -z "${nisincluded}" ]
24 then
25
26 nisincluded=1
27
28 . lib/misc/file
29
30 nis_authentication_in_use () {
31 # ldap_nis Uses LDAP NIS services for resolving names
32 # nis4 Uses NIS services for resolving only IPv4 addresses
33 # nis6 Uses NIS services for resolving only IPv6 addresses
34 # nis+4 Uses NIS plus services for resolving only IPv4 addresses
35 # nis+6 Uses NIS plus services for resolving only IPv6 addresses
36 # ldap_nis4 Uses NIS LDAP services for resolving only IPv4 addresses
37 # ldap_nis6 Uses NIS LDAP services for resolving only IPv6 addresses
38 if [ "`uname`" = "AIX" -a "`file_is_readable \"/etc/netsvc.conf\"`" -eq 1 ]
39 then
40 if [ -n "`egrep -- \"^host\" \"/etc/netsvc.conf\" | egrep -- \"nis\"`" ]
41 then
42 printf -- "1\n"
43 else
44 printf -- "0\n"
45 fi
46 elif [ "`file_is_readable \"/etc/nsswitch.conf\"`" -eq 1 ]
47 then
48 if [ -n "`egrep -- \"^passwd\" \"/etc/nsswitch.conf\" | egrep -- \"nis\"`" ]
49 then
50 printf -- "1\n"
51 else
52 printf -- "0\n"
53 fi
54 else
55 printf -- "0\n"
56 fi
57 }
58
59 fi
+55
-0
lib/misc/parse less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: AIX, Solaris, Linux
22
23 if [ -z "${parseincluded}" ]
24 then
25
26 parseincluded=1
27
28 . lib/misc/file
29 . lib/misc/validate
30
31 parse_extract_absolute_filepaths () {
32 pattern="${1}"
33 if [ -z "${pattern}" ]
34 then
35 printf -- ""
36 fi
37 printf -- "${pattern}" | egrep -o "/[a-z|A-Z|0-9|/|-|_|.]*" | while read filepath
38 do
39 printf -- "${filepath}\n"
40 done
41 }
42
43 parse_environ_cwd () {
44 pid="${1}"
45 [ "`validate_is_number \"${pid}\"`" ] || false
46 if [ "`file_is_readable \"/proc/${pid}/environ\"`" -eq 1 ]
47 then
48 # the tail is because /proc/PID/environ contains multiple PWD values, only the last is the current working directory
49 # the cut is to strip the 'PWD=' from the grepped pattern
50 printf -- "`egrep -a -o \"PWD=/[a-z|A-Z|0-9|/|-|_|.]*\" \"/proc/${pid}/environ\" | tail -1 | cut -c5-`\n"
51 fi
52 }
53
54 fi
+78
-0
lib/misc/passwd less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux
22
23 if [ -z "${passwdincluded}" ]
24 then
25
26 passwdincluded=1
27
28 . lib/misc/validate
29
30 passwd_list () {
31 oldifs="${IFS}"
32 IFS=":"
33 egrep -v "^#|^$" "/etc/passwd" | while read username hash userid groupid gecos homefilename shellfilename
34 do
35 IFS="${oldifs}"
36 printf -- "${username}\n"
37 IFS=":"
38 done
39 IFS="${oldifs}"
40 }
41
42 passwd_show_hash () {
43 pattern="${1}"
44 [ "`validate_is_string \"${pattern}\"`" ] || false
45 oldifs="${IFS}"
46 IFS=":"
47 egrep -v "^#|^$" "/etc/passwd" | while read username hash userid groupid gecos homefilename shellfilename
48 do
49 hash="`printf \"${hash}\" | sed \"s/\\\!/\\\\\!/g\"`"
50 IFS="${oldifs}"
51 if [ "${username}" = "${pattern}" ]
52 then
53 printf -- "${hash}\n"
54 fi
55 IFS=":"
56 done
57 IFS="${oldifs}"
58 }
59
60 passwd_show_homedir () {
61 pattern="${1}"
62 [ "`validate_is_string \"${pattern}\"`" ] || false
63 oldifs="${IFS}"
64 IFS=":"
65 egrep -v "^#|^$" "/etc/passwd" | while read username hash userid groupid gecos homefilename shellfilename
66 do
67 IFS="${oldifs}"
68 if [ "${username}" = "${pattern}" ]
69 then
70 printf -- "${homefilename}\n"
71 fi
72 IFS=":"
73 done
74 IFS="${oldifs}"
75 }
76
77 fi
+141
-0
lib/misc/permission less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux
22
23 if [ -z "${permissionincluded}" ]
24 then
25
26 permissionincluded=1
27
28 . lib/misc/validate
29
30 permission_is_owner_readable () {
31 permissions="${1}"
32 [ "`validate_is_string \"${permissions}\"`" ] || false
33 if [ -n "`printf -- \"${permissions}\" | egrep -- \"^.r........$\"`" ]
34 then
35 printf -- "1\n"
36 else
37 printf -- "0\n"
38 fi
39 }
40
41 permission_is_owner_writable () {
42 permissions="${1}"
43 [ "`validate_is_string \"${permissions}\"`" ] || false
44 if [ -n "`printf -- \"${permissions}\" | egrep -- \"^..w.......$\"`" ]
45 then
46 printf -- "1\n"
47 else
48 printf -- "0\n"
49 fi
50 }
51
52 permission_is_owner_executable () {
53 permissions="${1}"
54 [ "`validate_is_string \"${permissions}\"`" ] || false
55 if [ -n "`printf -- \"${permissions}\" | egrep -- \"^...x......$\"`" ]
56 then
57 printf -- "1\n"
58 else
59 printf -- "0\n"
60 fi
61 }
62
63 permission_is_group_readable () {
64 permissions="${1}"
65 [ "`validate_is_string \"${permissions}\"`" ] || false
66 if [ -n "`printf -- \"${permissions}\" | egrep -- \"^....r.....$\"`" ]
67 then
68 printf -- "1\n"
69 else
70 printf -- "0\n"
71 fi
72 }
73
74 permission_is_group_writable () {
75 permissions="${1}"
76 [ "`validate_is_string \"${permissions}\"`" ] || false
77 if [ -n "`printf -- \"${permissions}\" | egrep -- \"^.....w....$\"`" ]
78 then
79 printf -- "1\n"
80 else
81 printf -- "0\n"
82 fi
83 }
84
85 permission_is_group_executable () {
86 permissions="${1}"
87 [ "`validate_is_string \"${permissions}\"`" ] || false
88 if [ -n "`printf -- \"${permissions}\" | egrep -- \"^......x...$\"`" ]
89 then
90 printf -- "1\n"
91 else
92 printf -- "0\n"
93 fi
94 }
95
96 permission_is_world_readable () {
97 permissions="${1}"
98 [ "`validate_is_string \"${permissions}\"`" ] || false
99 if [ -n "`printf -- \"${permissions}\" | egrep -- \"^.......r..$\"`" ]
100 then
101 printf -- "1\n"
102 else
103 printf -- "0\n"
104 fi
105 }
106
107 permission_is_world_writable () {
108 permissions="${1}"
109 [ "`validate_is_string \"${permissions}\"`" ] || false
110 if [ -n "`printf -- \"${permissions}\" | egrep -- \"^........w.$\"`" ]
111 then
112 printf -- "1\n"
113 else
114 printf -- "0\n"
115 fi
116 }
117
118 permission_is_world_writable_sticky_bit () {
119 permissions="${1}"
120 [ "`validate_is_string \"${permissions}\"`" ] || false
121 if [ -n "`printf -- \"${permissions}\" | egrep -- \"^........wt$\"`" ]
122 then
123 printf -- "1\n"
124 else
125 printf -- "0\n"
126 fi
127 }
128
129 permission_is_world_executable () {
130 permissions="${1}"
131 [ "`validate_is_string \"${permissions}\"`" ] || false
132 if [ -n "`printf -- \"${permissions}\" | egrep -- \"^.........x$\"`" ]
133 then
134 printf -- "1\n"
135 else
136 printf -- "0\n"
137 fi
138 }
139
140 fi
+70
-0
lib/misc/postgresql less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: AIX, Linux
22
23 if [ -z "${postgresqlincluded}" ]
24 then
25
26 postgresqlincluded=1
27
28 . lib/misc/validate
29
30 postgresql_query () {
31 host="${1}"
32 port="${2}"
33 dbuser="${3}"
34 dbname="${4}"
35 query="${5}"
36 [ "`validate_is_string \"${host}\"`" ] || false
37 [ "`validate_is_number \"${port}\"`" ] || false
38 [ "`validate_is_string \"${dbuser}\"`" ] || false
39 [ "`validate_is_string \"${dbname}\"`" ] || false
40 [ "`validate_is_string \"${query}\"`" ] || false
41 psql -h "${host}" -p "${port}" -U "${dbuser}" -W "${dbname}" -c "${query}" -q -w 2>/dev/null
42 }
43
44 postgresql_version () {
45 host="${1}"
46 port="${2}"
47 dbuser="${3}"
48 dbname="${4}"
49 [ "`validate_is_string \"${host}\"`" ] || false
50 [ "`validate_is_number \"${port}\"`" ] || false
51 [ "`validate_is_string \"${dbuser}\"`" ] || false
52 [ "`validate_is_string \"${dbname}\"`" ] || false
53 postgresql_query "${host}" "${port}" "${dbuser}" "${dbname}" "SELECT version()"
54 }
55
56 postgresql_check_no_password () {
57 port="${1}"
58 dbuser="${2}"
59 [ "`validate_is_number \"${port}\"`" ] || false
60 [ "`validate_is_string \"${dbuser}\"`" ] || false
61 if [ -n "`postgresql_version \"127.0.0.1\" \"${port}\" \"${dbuser}\" \"template1\"`" ]
62 then
63 printf -- "1\n"
64 else
65 printf -- "0\n"
66 fi
67 }
68
69 fi
+193
-0
lib/misc/privileged less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20
21 if [ -z "${privilegedincluded}" ]
22 then
23
24 privilegedincluded=1
25
26 . lib/misc/cron
27 . lib/misc/file
28 . lib/misc/inetd
29 . lib/misc/init
30 . lib/misc/inittab
31 . lib/misc/process
32 . lib/misc/stdio
33 . lib/misc/sudo
34
35 privilegedcachefilename="privileged_cache.$$"
36
37 privileged_check_or_generate_cache () {
38 if [ ! -f "${privilegedcachefilename}" ]
39 then
40 stdio_message_debug "privileged" "Generating privileged cache"
41 file_list_by_perm "^-..s...... |^-..S...... " | while read filename
42 do
43 file_show_perms " ${filename}$" | while read filename permissions userid groupid
44 do
45 printf -- "setuid ${filename} ${userid}\n"
46 done
47 done >>"${privilegedcachefilename}"
48 file_list_by_perm "^-.....s... |^-.....S... " | while read filename
49 do
50 file_show_perms " ${filename}$" | while read filename permissions userid groupid
51 do
52 printf -- "setgid ${filename} ${groupid}\n"
53 done
54 done >>"${privilegedcachefilename}"
55 inetd_list | while read portnumberprotocol
56 do
57 privilegedfilename="`inetd_show_command \"${portnumberprotocol}\"`"
58 file_show_real_filename "${privilegedfilename}" | while read realfilename
59 do
60 userid="`inetd_show_userid \"${portnumberprotocol}\"`"
61 printf -- "inetd ${realfilename} ${userid}\n"
62 done
63 privilegedarguments="`inetd_show_arguments \"${portnumberprotocol}\"`"
64 file_show_real_filename "${privilegedarguments}" | while read realfilename
65 do
66 userid="`inetd_show_userid \"${portnumberprotocol}\"`"
67 printf -- "inetd-argument ${realfilename} ${userid}\n"
68 done
69 done >>"${privilegedcachefilename}"
70 inittab_list | while read userid filename
71 do
72 file_show_real_filename "${filename}" | while read realfilename
73 do
74 printf -- "inittab ${realfilename} ${userid}\n"
75 done
76 done >>"${privilegedcachefilename}"
77 init_list | while read userid filename
78 do
79 printf -- "init.d ${filename} ${userid}\n"
80 init_file_extract_paths "${filename}" | while read userid filepath
81 do
82 # avoid duplicates' file paths
83 if [ -n "`egrep \"^init.d-path ${filepath} ${userid}$\" ${privilegedcachefilename}`" ]
84 then
85 continue
86 else
87 printf -- "init.d-path ${filepath} ${userid}\n"
88 fi
89 done
90 done >>"${privilegedcachefilename}"
91 sudo_list | while read privilegeduser passwd privilegedfilename
92 do
93 file_show_real_filename "${privilegedfilename}" | while read realfilename
94 do
95 printf -- "sudo-${passwd} ${realfilename} ${privilegeduser}\n"
96 done
97 done >>"${privilegedcachefilename}"
98 sudo_sudoers_list | while read privilegeduser passwd privilegedfilename
99 do
100 file_show_real_filename "${privilegedfilename}" | while read realfilename
101 do
102 printf -- "sudoers-${passwd} ${realfilename} ${privilegeduser}\n"
103 done
104 done >>"${privilegedcachefilename}"
105 cron_crontab_list | while read userid filename
106 do
107 file_show_real_filename "${filename}" | while read realfilename
108 do
109 printf -- "crontab ${realfilename} ${userid}\n"
110 done
111 done >>"${privilegedcachefilename}"
112 cron_crontabs_list | while read userid filename
113 do
114 printf -- "crontabs ${filename} ${userid}\n"
115 cron_file_extract_paths "${filename}" | while read userid filepath
116 do
117 # avoid duplicates' file paths
118 if [ -n "`egrep \"^crontabs-path ${filepath} ${userid}$\" ${privilegedcachefilename}`" ]
119 then
120 continue
121 else
122 printf -- "crontabs-path ${filepath} ${userid}\n"
123 fi
124 done
125 done >>"${privilegedcachefilename}"
126 # crontab can set a different PATH for its process, hence we need to prepend the crontab PATH to ours
127 oldpath="${PATH}"
128 if [ "`file_is_readable \"/etc/crontab\"`" ]
129 then
130 cronpath="`egrep -o \"^PATH=.*\n\" \"/etc/crontab\" | cut -c6-`"
131 PATH="${cronpath}:${PATH}"
132 export PATH
133 fi
134 cron_system_crontab_list | while read userid filename
135 do
136 file_show_real_filename "${filename}" | while read realfilename
137 do
138 printf -- "crontab-system ${realfilename} ${userid}\n"
139 done
140 done >>"${privilegedcachefilename}"
141 cron_system_list | while read userid filename
142 do
143 printf -- "cron-system ${filename} ${userid}\n"
144 cron_file_extract_paths "${filename}" | while read userid filepath
145 do
146 # avoid duplicates' file paths
147 if [ -n "`egrep \"^cron-system-path ${filepath} ${userid}$\" ${privilegedcachefilename}`" ]
148 then
149 continue
150 else
151 printf -- "cron-system-path ${filepath} ${userid}\n"
152 fi
153 done
154 done >>"${privilegedcachefilename}"
155 # reset PATH to ours
156 PATH="${oldpath}"
157 process_list ".*" | while read processid
158 do
159 filename="`process_show_command \"${processid}\"`"
160 if [ -z "${filename}" ]
161 then
162 continue
163 fi
164 file_show_real_filename "${filename}" | while read realfilename
165 do
166 if [ -n "${realfilename}" ]
167 then
168 userid="`process_show_userid "${processid}"`"
169 # avoid duplicates' processes
170 if [ -n "`egrep \"^running ${realfilename} ${userid}$\" ${privilegedcachefilename}`" ]
171 then
172 continue
173 else
174 printf -- "running ${realfilename} ${userid}\n"
175 fi
176 fi
177 done
178 done >>"${privilegedcachefilename}"
179 # TODO still need to add similar checks for stuff spawned from init, fscaps and binds a listening port not via inetd
180 stdio_message_debug "privileged" "Cache generated"
181 fi
182 }
183
184 privileged_list () {
185 cat "${privilegedcachefilename}"
186 }
187
188 # TODO what we really need is a privileged_matches function for binary_dependency etc
189
190 privileged_check_or_generate_cache
191
192 fi
+96
-0
lib/misc/process less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux
22
23 if [ -z "${processincluded}" ]
24 then
25
26 processincluded=1
27
28 . lib/misc/parse
29 . lib/misc/validate
30
31 process_list () {
32 pattern="${1}"
33 [ "`validate_is_string \"${pattern}\"`" ] || false
34 ps -aeo ruser,rgroup,pid,ppid,args | grep -v "PID" | grep "${pattern}" | grep -v "grep" | while read userid groupid processid parentid command arguments
35 do
36 printf -- "${processid}\n"
37 done
38 }
39
40 process_show_userid () {
41 pattern="${1}"
42 [ "`validate_is_number \"${pattern}\"`" ] || false
43 ps -aeo ruser,rgroup,pid,ppid,args | grep -v "PID" | grep "${pattern}" | grep -v "grep" | while read userid groupid processid parentid command arguments
44 do
45 if [ "${processid}" -eq "${pattern}" ]
46 then
47 printf -- "${userid}\n"
48 fi
49 done
50 }
51
52 process_show_parentid () {
53 pattern="${1}"
54 [ "`validate_is_number \"${pattern}\"`" ] || false
55 ps -aeo ruser,rgroup,pid,ppid,args | grep -v "PID" | grep "${pattern}" | grep -v "grep" | while read userid groupid processid parentid command arguments
56 do
57 if [ "${processid}" -eq "${pattern}" ]
58 then
59 printf -- "${parentid}\n"
60 fi
61 done
62 }
63
64 process_show_command () {
65 pattern="${1}"
66 [ "`validate_is_number \"${pattern}\"`" ] || false
67 ps -aeo ruser,rgroup,pid,ppid,args | grep -v "PID" | grep "${pattern}" | grep -v "grep" | while read userid groupid processid parentid command argument _
68 do
69 if [ "${processid}" -eq "${pattern}" ]
70 then
71 if [ -n "`printf -- \"${command}\" | egrep -- \"awk|ruby|python|perl|/sh|bash|dash|ksh|csh|expect\"`" ]
72 then
73 case "${argument}" in
74 /*)
75 printf -- "${argument}\n"
76 ;;
77 # for cases where the script has been executed following a cd into its parent path it will show in the ps output as follows:
78 # foobar foobar pid ppid /bin/sh ./scriptname.sh
79 ./*)
80 filepath="`parse_environ_cwd \"${processid}\"`"
81 if [ -n "${filepath}" ]
82 then
83 # the cut is to strip the './' as filepath is the absolute path
84 printf -- "${filepath}/`printf -- \"${argument}\" | cut -c3-`\n"
85 fi
86 ;;
87 esac
88 else
89 printf -- "${command}\n"
90 fi
91 fi
92 done
93 }
94
95 fi
+107
-0
lib/misc/shadow less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux, AIX
22
23 if [ -z "${shadowincluded}" ]
24 then
25
26 shadowincluded=1
27
28 . lib/misc/file
29 . lib/misc/validate
30
31 shadow_list () {
32 if [ "`uname`" = "AIX" ]
33 then
34 grep "^[A-Za-z0-9]:$" "/etc/security/passwd" | sed "s/:$//g" | while read username
35 do
36 printf -- "${username}\n"
37 done
38 else
39 oldifs="${IFS}"
40 IFS=":"
41 egrep -v "^#|^$" "/etc/shadow" | while read username _
42 do
43 IFS="${oldifs}"
44 printf -- "${username}\n"
45 IFS=":"
46 done
47 IFS="${oldifs}"
48 fi
49 }
50
51 shadow_show_hash () {
52 pattern="${1}"
53 [ "`validate_is_string \"${pattern}\"`" ] || false
54 if [ "`uname`" = "AIX" ]
55 then
56 passwordflag=0
57 while read line
58 do
59 if [ "${passwordflag}" -eq 1 ]
60 then
61 if [ -n "`printf -- \"${line}\" | grep \"password = \"`" ]
62 then
63 passwordflag=0
64 printf -- "${line}\n" | while read _ _ hash
65 do
66 hash="`printf \"${hash}\" | sed \"s/!/\!/g\"`"
67 printf -- "${hash}\n"
68 done
69 fi
70 else
71 if [ "${line}" = "${pattern}:" ]
72 then
73 passwordflag=1
74 fi
75 fi
76 done <"/etc/security/passwd"
77 else
78 oldifs="${IFS}"
79 IFS=":"
80 egrep -v "^#|^$" "/etc/shadow" | while read username hash userid groupid gecos homefilename shellfilename
81 do
82 IFS="${oldifs}"
83 if [ "${username}" = "${pattern}" ]
84 then
85 hash="`printf \"${hash}\" | sed \"s/!/\!/g\"`"
86 printf -- "${hash}\n"
87 fi
88 IFS=":"
89 done
90 IFS="${oldifs}"
91 fi
92 }
93
94 shadow_file_check () {
95 if [ "`uname`" = "AIX" -a "`file_is_readable \"/etc/security/passwd\"`" -eq 1 ]
96 then
97 printf -- "1\n"
98 elif [ "`file_is_readable \"/etc/shadow\"`" -eq 1 ]
99 then
100 printf -- "1\n"
101 else
102 printf -- "0\n"
103 fi
104 }
105
106 fi
+53
-0
lib/misc/ssh_agent less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux
22
23 if [ -z "${ssh_agentincluded}" ]
24 then
25
26 ssh_agentincluded=1
27
28 . lib/misc/validate
29
30 ssh_agent_list () {
31 parentprocessid="${1}"
32 [ "`validate_is_number \"${parentprocessid}\"`" ] || false
33 # when ssh-agent parent process id is 10571, the temporary agent file is
34 # /tmp/ssh-???????10570/agent.10570 (not 10571) - tested on Ubuntu 12.04
35 processid="`expr ${2} - 1`"
36 for pid in ${parentprocessid} ${processid}
37 do
38 SSH_AUTH_SOCK="`ls /tmp/ssh-*/agent.${pid}`"
39 if [ -n "${SSH_AUTH_SOCK}" ]
40 then
41 export SSH_AUTH_SOCK
42
43 ssh-add -l | grep -v "The agent has no identities" | while read _ _ filename _
44 do
45 printf -- "${filename}\n"
46 done
47 fi
48 unset SSH_AUTH_SOCK
49 done
50 }
51
52 fi
+86
-0
lib/misc/stdio less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux, AIX, Solaris, HP-UX
22
23 if [ -z "${stdioincluded}" ]
24 then
25
26 stdioincluded=1
27
28 . lib/misc/validate
29
30 stdio_message_log () {
31 check="${1}"
32 message="${2}"
33 [ "`validate_is_string \"${check}\"`" ] || false
34 [ "`validate_is_string \"${message}\"`" ] || false
35 if [ "${VERBOSE}" -ge 1 ]
36 then
37 stdio_format_message "32" "I" "${check}" "${message}"
38 fi
39 }
40
41 stdio_message_warn () {
42 check="${1}"
43 message="${2}"
44 [ "`validate_is_string \"${check}\"`" ] || false
45 [ "`validate_is_string \"${message}\"`" ] || false
46 stdio_format_message "33" "W" "${check}" "${message}"
47 }
48
49 stdio_message_debug () {
50 check="${1}"
51 message="${2}"
52 [ "`validate_is_string \"${check}\"`" ] || false
53 [ "`validate_is_string \"${message}\"`" ] || false
54 if [ "${VERBOSE}" -ge 2 ]
55 then
56 stdio_format_message "35" "D" "${check}" "${message}" >&2
57 fi
58 }
59
60 stdio_message_error () {
61 check="${1}"
62 message="${2}"
63 [ "`validate_is_string \"${check}\"`" ] || false
64 [ "`validate_is_string \"${message}\"`" ] || false
65 stdio_format_message "31" "E" "${check}" "${message}" >&2
66 }
67
68 stdio_format_message () {
69 color="${1}"
70 type="${2}"
71 check="${3}"
72 message="${4}"
73 [ "`validate_is_string \"${type}\"`" ] || false
74 [ "`validate_is_string \"${check}\"`" ] || false
75 [ "`validate_is_string \"${message}\"`" ] || false
76 [ "`validate_is_number \"${color}\"`" ] || false
77 if [ "${COLORING}" -eq 1 ]
78 then
79 printf "\033[${color}m${type}: [${check}] ${message}\033[m\n"
80 else
81 printf "${type}: [${check}] ${message}\n"
82 fi
83 }
84
85 fi
+114
-0
lib/misc/sudo less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux
22
23 if [ -z "${sudoincluded}" ]
24 then
25
26 sudoincluded=1
27
28 . lib/misc/file
29 . lib/misc/parse
30 . lib/misc/validate
31
32 sudo_is_password_required () {
33 pattern="${1}"
34 [ "`validate_is_string \"${pattern}\"`" ] || false
35 if [ -z "`sudo -l | egrep -- \"${pattern}\" | egrep \"NOPASSWD\"`" ]
36 then
37 printf -- "1\n"
38 else
39 printf -- "0\n"
40 fi
41 }
42
43 sudo_list () {
44 sudo -l | egrep -v "^#|^$" | egrep -- "^ \(" | tr -d "(" | tr -d ")" | while read privilegeduser settings
45 do
46 if [ "`sudo_is_password_required \"${settings}\"`" -eq 1 ]
47 then
48 passwd="passwd"
49 else
50 passwd="nopasswd"
51 fi
52 # Examples of ${settings} (sudo -l relevant lines):
53 # /bin/su operator
54 # NOPASSWD: /usr/bin/test
55 # /sbin/, (foobar) /usr/sbin, (foobar) /usr/local/apps/check.pl
56 # /usr/sbin/lpc, /usr/bin/lprm
57 # All of the above cases are correctly handled here
58 # TODO this does not consider the common case (i.e. in Ubuntu) where a user can run all commands and the sudo -l output is " (root) NOPASSWD: ALL"
59 parse_extract_absolute_filepaths "${settings}" | while read filepath
60 do
61 case "${filepath}" in
62 /*/)
63 printf -- "${privilegeduser} ${passwd} ${filepath}*\n"
64 ;;
65 /*)
66 printf -- "${privilegeduser} ${passwd} ${filepath}\n"
67 ;;
68 esac
69 done
70 done
71 }
72
73 sudo_sudoers_check () {
74 if [ "`file_is_readable \"/etc/sudoers\"`" -eq 1 ]
75 then
76 printf -- "1\n"
77 else
78 printf -- "0\n"
79 fi
80 }
81
82 sudo_sudoers_list () {
83 if [ "`sudo_sudoers_check`" -eq 1 ]
84 then
85 sudoers_entries="`egrep -v \"^#\" \"/etc/sudoers\" | egrep -v \"^[ \t]*$\" | egrep -v \"^[ \t]*Default\" | egrep -- \"=\"`"
86 # FIXME this printf fails when the an entry starts with percentage character (%) which is common for sudoers group
87 printf -- "${sudoers_entries}" | while read privilegeduser passwd settings
88 do
89 if [ -n "`printf -- \"${privilegeduser}\" | egrep -- \"_Alias\"`" ]
90 then
91 continue
92 fi
93 # TODO this does not consider command aliases (Cmnd_Alias setting)
94 if [ -z "`parse_extract_absolute_filepaths \"${settings}\"`" ]
95 then
96 printf -- "${privilegeduser} ${passwd} ${settings}\n"
97 fi
98 parse_extract_absolute_filepaths "${settings}" | while read filepath
99 do
100 case "${filepath}" in
101 /*/)
102 printf -- "${privilegeduser} ${passwd} ${filepath}*\n"
103 ;;
104 /*)
105 printf -- "${privilegeduser} ${passwd} ${filepath}\n"
106 ;;
107 esac
108 done
109 done
110 fi
111 }
112
113 fi
+127
-0
lib/misc/user less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux
22
23 if [ -z "${userincluded}" ]
24 then
25
26 userincluded=1
27
28 . lib/misc/passwd
29 . lib/misc/validate
30
31 user_is_trusted () {
32 username="${1}"
33 [ "`validate_is_string \"${username}\"`" ] || false
34 # TODO write this
35 false
36 }
37
38 user_is_root () {
39 username="${1}"
40 [ "`validate_is_string \"${username}\"`" ] || false
41 if [ "`id -u \"${username}\"`" = "0" ]
42 then
43 printf -- "1\n"
44 else
45 printf -- "0\n"
46 fi
47 }
48
49 user_is_user_root () {
50 if [ "`user_show_user_id`" = "0" ]
51 then
52 printf -- "1\n"
53 else
54 printf -- "0\n"
55 fi
56 }
57
58 user_is_user_id () {
59 userid="${1}"
60 [ "`validate_is_number \"${userid}\"`" ] || false
61 if [ "`user_show_user_id`" = "${userid}" ]
62 then
63 printf -- "1\n"
64 else
65 printf -- "0\n"
66 fi
67 }
68
69 user_is_user_name () {
70 username="${1}"
71 [ "`validate_is_string \"${username}\"`" ] || false
72 if [ "`user_show_user_name`" = "${username}" ]
73 then
74 printf -- "1\n"
75 else
76 printf -- "0\n"
77 fi
78 }
79
80 user_is_in_group_id () {
81 username="${1}"
82 groupid="${2}"
83 [ "`validate_is_string \"${username}\"`" ] || false
84 [ "`validate_is_number \"${groupid}\"`" ] || false
85 # TODO write this
86 false
87 }
88
89 user_is_in_group_name () {
90 username="${1}"
91 group="${2}"
92 ret="0"
93 [ "`validate_is_string \"${username}\"`" ] || false
94 [ "`validate_is_string \"${group}\"`" ] || false
95 groups "${username}" | while read usergroup
96 do
97 if [ "${usergroup}" = "${group}" ]
98 then
99 ret="1"
100 break
101 fi
102 done
103 printf -- "${ret}\n"
104 }
105
106 user_show_user_id () {
107 printf -- "`id -u`\n"
108 }
109
110 user_show_user_name () {
111 printf -- "`id -u -n`\n"
112 }
113
114 user_match_user_name () {
115 pattern="${1}"
116 [ "`validate_is_string \"${pattern}\"`" ] || false
117 passwd_list | while read username
118 do
119 if [ -n "`printf -- \"${username}\" | egrep -- \"${pattern}\"`" ]
120 then
121 printf -- "${username}\n"
122 fi
123 done
124 }
125
126 fi
+75
-0
lib/misc/validate less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20 #
21 # Supports: Linux, AIX, Solaris, HP-UX
22
23 if [ -z "${validateincluded}" ]
24 then
25
26 validateincluded=1
27
28 . lib/misc/stdio
29
30 validate_matches_regex () {
31 value="${1}"
32 regex="${2}"
33 if [ -n "`printf -- \"${value}\" | egrep -- \"$regex\"`" ]
34 then
35 printf -- "1\n"
36 else
37 printf -- "0\n"
38 fi
39 }
40
41 validate_is_string () {
42 value="${1}"
43 if [ "`validate_matches_regex \"${value}\" \".*\"`" -eq 1 ]
44 then
45 printf -- "1\n"
46 else
47 stdio_message_error "validate" "invalid string: ${value}"
48 printf -- "0\n"
49 fi
50 }
51
52 validate_is_number () {
53 value="${1}"
54 if [ "`validate_matches_regex \"${value}\" \"^[0-9]+$\"`" -eq 1 ]
55 then
56 printf -- "1\n"
57 else
58 stdio_message_error "validate" "invalid number: ${value}"
59 printf -- "0\n"
60 fi
61 }
62
63 validate_is_boolean () {
64 value="${1}"
65 if [ "`validate_is_regex \"${value}\" \"^[0-1]$\"`" -eq 1 ]
66 then
67 printf -- "1\n"
68 else
69 stdio_message_error "validate" "invalid boolean: ${value}"
70 printf -- "0\n"
71 fi
72 }
73
74 fi
+29
-0
tools/generate_banned.sh less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20
21 wget -O - -o /dev/null https://raw.githubusercontent.com/x509cert/banned/master/banned.h | grep -E "^#.+deprecated" | sed -e 's/^.*(\([^)]*\).*$/\1/' | tr ',' $'\n' | tr -d " " | sort | uniq | while read functionname
22 do
23 whatis "${functionname}" >/dev/null 2>&1
24 if [ "${?}" -eq 0 ]
25 then
26 printf "${functionname}\n"
27 fi
28 done | tr "\n" "|"
+75
-0
tools/generate_docs.sh less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20
21 FILENAME="${1}"
22 if [ -f "${FILENAME}" ]
23 then
24 filelength="`wc -l ${FILENAME} | awk '{ print $1 }'`"
25 codechunk="`expr \"${filelength}\" - 20`"
26 printf -- "= ${FILENAME} =\n"
27 printf -- "\n";
28 tail -n "${codechunk}" "${FILENAME}" | sed "s/%/%%/g" | while read line
29 do
30 if [ -n "`printf -- \"${line}\" | egrep \"^\\.\"`" ]
31 then
32 filename="`printf -- \"${line}\" | sed -e \"s/\\. //g\"`"
33 printf -- "Depends on: `printf -- \"${filename}\"`\n"
34 printf -- "\n"
35 fi
36 if [ -n "`printf -- \"${line}\" | egrep \"() {\"`" ]
37 then
38 functionname="`printf -- \"${line}\" | sed -e \"s/ () {//g\" -e \"s/%/%%/g\"`"
39 printf -- "* ${functionname}\n"
40 printf -- "\n"
41 fi
42 if [ -n "`printf -- \"${line}\" | egrep \"=\\".{[1-9]}\"`" ]
43 then
44 variablename="`printf -- \"${line}\" | cut -f 1 -d \"=\" | sed \"s/%/%%/g\"`"
45 printf -- " < ${variablename}\n"
46 printf -- "\n"
47 fi
48 if [ -n "`printf -- \"${line}\" | egrep \"#\" | egrep -v \"^#$\"`" ]
49 then
50 if [ -n "`printf -- \"${line}\" | egrep \"#\" | egrep -v \"^#$\" | egrep \"TODO\"`" ]
51 then
52 comment="`printf -- \"${line}\" | sed -e \"s/.*# //g\" -e \"s/TODO //g\" -e \"s/%/%%/g\"`"
53 printf -- " <TODO>\n"
54 printf -- " ${comment}\n"
55 printf -- " </TODO>\n"
56 printf -- "\n";
57 else
58 comment="`printf -- \"${line}\" | sed -e \"s/.*# //g\" -e \"s/%/%%/g\"`"
59 printf -- " <comment>\n"
60 printf -- " ${comment}\n"
61 printf -- " </comment>\n"
62 printf -- "\n";
63 fi
64 fi
65 if [ -n "`printf -- \"${line}\" | egrep \"error\"`" ]
66 then
67 errorstring="`printf \"${line}\" | cut -f 4 -d \"\\"\"`"
68 printf -- " <error>\n"
69 printf -- " ${errorstring}\n"
70 printf -- " </error>\n"
71 printf -- "\n"
72 fi
73 done
74 fi
+0
-1086
unix-privesc-check less more
0 #!/bin/sh
1 # unix-privesc-check - Checks Unix system for simple privilege escalations
2 # Copyright (C) 2008 [email protected]
3 #
4 #
5 # License
6 # -------
7 # This tool may be used for legal purposes only. Users take full responsibility
8 # for any actions performed using this tool. The author accepts no liability
9 # for damage caused by this tool. If you do not accept these condition then
10 # you are prohibited from using this tool.
11 #
12 # In all other respects the GPL version 2 applies:
13 #
14 # This program is free software; you can redistribute it and/or modify
15 # it under the terms of the GNU General Public License version 2 as
16 # published by the Free Software Foundation.
17 #
18 # This program is distributed in the hope that it will be useful,
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 # GNU General Public License for more details.
22 #
23 # You should have received a copy of the GNU General Public License along
24 # with this program; if not, write to the Free Software Foundation, Inc.,
25 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 #
27 # You are encouraged to send comments, improvements or suggestions to
28 # me at [email protected]
29 #
30 #
31 # Description
32 # -----------
33 # Auditing tool to check for weak file permissions and other problems that
34 # may allow local attackers to escalate privileges.
35 #
36 # It is intended to be run by security auditors and pentetration testers
37 # against systems they have been engaged to assess, and also by system
38 # admnisitrators who want to check for "obvious" misconfigurations. It
39 # can even be run as a cron job so you can check regularly for misconfigurations
40 # that might be introduced.
41 #
42 # Ensure that you have the appropriate legal permission before running it
43 # someone else's system.
44 #
45 # TODO List
46 # ---------
47 # There's still plenty that this script doesn't do...
48 # - Doesn't work for shell scripts! These appear as "/bin/sh my.sh" in the process listing.
49 # This script only checks the perms of /bin/sh. Not what we're after. :-(
50 # - Similarly for perl scripts. Probably python, etc. too.
51 # - Check /proc/pid/cmdline for absolute path names. Check security of these (e.g. /etc/snmp/snmpd.conf)
52 # - Check everything in root's path - how to find root's path?
53 # - /proc/pid/maps, smaps are readable and lists some shared objects. We should check these.
54 # - /proc/pid/fd contain symlinks to all open files (but you can't see other people FDs)
55 # - check for trust relationships in /etc/hosts.equiv
56 # - NFS imports / exports / automounter
57 # - Insecure stuff in /etc/fstab (e.g. allowing users to mount file systems)
58 # - Inspecting people's PATH. tricky. maybe read from /proc/pid/environ, .bashrc, /etc/profile, .bash_profile
59 # - Check if /etc/init.d/* scripts are readable. Advise user to audit them if they are.
60 # - .exrc?
61 # - X11 trusts, apache passwd files, mysql trusts?
62 # - Daemons configured in an insecure way: tftpd, sadmind, rexd
63 # - World writable dirs aren't as bad if the sticky bit is set. Check for this before reporting vulns.
64 # - Maybe do a strings of binaries (and their .so's?)
65 # - Do a better job of parsing cron lines - search for full paths
66 # - Maybe LDPATHs from /etc/env.d
67 # - Check if ldd, ld.so.conf changes have broken this script on non-linux systems.
68 # - Avoid check certain paths e.g. /-/_ clearly isn't a real directory.
69 # - create some sort of readable report
70 # - indicate when it's likely a result is a false positive and when it's not.
71 # - Skip pseudo processes e.g. [usb-storage]
72 # - File permission on kernel modules
73 # - Replace calls to echo with a my_echo func. Should be passed a string and an "importance" value:
74 # - my_echo 1 "This is important and should always be printed out"
75 # - my_echo 2 "This is less important and should only be printed in verbose mode"
76 # - We check some files / dirs multiple times. Slow. Can we implement a cache?
77 # - grep for PRIVATE KEY to find private ssh and ssl keys. Where to grep?
78 # - check SGID programs
79
80 VERSION="1.4"
81 HOME_DIR_FILES=".netrc .ssh/id_rsa .ssh/id_dsa .rhosts .shosts .my.cnf .ssh/authorized_keys .bash_history .sh_history .forward"
82 CONFIG_FILES="/etc/passwd /etc/group /etc/master.passwd /etc/inittab /etc/inetd.conf /etc/xinetd.con /etc/xinetd.d/* /etc/contab /etc/fstab /etc/profile /etc/sudoers"
83 PGDIRS="/usr/local/pgsql/data ~postgres/postgresql/data ~postgres/data ~pgsql/data ~pgsql/pgsql/data /var/lib/postgresql/data /etc/postgresql/8.2/main /var/lib/pgsql/data"
84
85 get_owner () {
86 GET_OWNER_FILE=$1
87 GET_OWNER_RETURN=`ls -lLd "$GET_OWNER_FILE" | awk '{print $3}'`
88 }
89
90 get_group () {
91 GET_GROUP_FILE=$1
92 GET_GROUP_RETURN=`ls -lLd "$GET_GROUP_FILE" | awk '{print $4}'`
93 }
94
95 usage () {
96 echo "unix-privesc-check v$VERSION ( http://pentestmonkey.net/tools/unix-privesc-check )"
97 echo
98 echo "Usage: unix-privesc-check { standard | detailed }"
99 echo
100 echo '"standard" mode: Speed-optimised check of lots of security settings.'
101 echo
102 echo '"detailed" mode: Same as standard mode, but also checks perms of open file'
103 echo ' handles and called files (e.g. parsed from shell scripts,'
104 echo ' linked .so files). This mode is slow and prone to false '
105 echo ' positives but might help you find more subtle flaws in 3rd'
106 echo ' party programs.'
107 echo
108 echo "This script checks file permissions and other settings that could allow"
109 echo "local users to escalate privileges."
110 echo
111 echo "Use of this script is only permitted on systems which you have been granted"
112 echo "legal permission to perform a security assessment of. Apart from this "
113 echo "condition the GPL v2 applies."
114 echo
115 echo "Search the output for the word 'WARNING'. If you don't see it then this"
116 echo "script didn't find any problems."
117 echo
118 }
119
120 banner () {
121 echo "Starting unix-privesc-check v$VERSION ( http://pentestmonkey.net/tools/unix-privesc-check )"
122 echo
123 echo "This script checks file permissions and other settings that could allow"
124 echo "local users to escalate privileges."
125 echo
126 echo "Use of this script is only permitted on systems which you have been granted"
127 echo "legal permission to perform a security assessment of. Apart from this "
128 echo "condition the GPL v2 applies."
129 echo
130 echo "Search the output below for the word 'WARNING'. If you don't see it then"
131 echo "this script didn't find any problems."
132 echo
133 }
134
135 MODE=$1
136
137 if [ ! "$MODE" = "standard" ] && [ ! "$MODE" = "detailed" ]; then
138 usage
139 exit 0
140 fi
141
142 # Parse any full paths from $1 (config files, progs, dirs).
143 # Check the permissions on each of these.
144 check_called_programs () {
145 CCP_MESSAGE_STACK=$1
146 CCP_FILE=$2
147 CCP_USER=$3
148 CCP_PATH=$4 # optional
149
150 # Check the perms of the supplied file regardless
151 # The caller doesn't want to have to call check_perms as well as check_called_programs
152 check_perms "$CCP_MESSAGE_STACK" "$CCP_FILE" "$CCP_USER" "$CCP_PATH"
153
154 # Skip the slow check if we're in quick mode
155 if [ "$MODE" = "standard" ]; then
156 return 0;
157 fi
158
159 # Check if file is text or not
160 IS_TEXT=`file "$CCP_FILE" | grep -i text`
161 IS_DYNBIN=`file "$CCP_FILE" | grep -i 'dynamically linked'`
162
163 # Process shell scripts (would also work on config files that reference other files)
164 if [ ! -z "$IS_TEXT" ]; then
165 # Parse full paths from file - ignoring commented lines
166 CALLED_FILES=`grep -v '^#' "$CCP_FILE" | sed -e 's/^[^\/]*//' -e 's/["'\'':}$]/\x0a/g' | grep '/' | sed -e 's/[ \*].*//' | grep '^/[a-zA-Z0-9_/-]*$' | sort -u`
167 for CALLED_FILE in $CALLED_FILES; do
168 # echo "$CCP_FILE contains a reference to $CALLED_FILE. Checking perms."
169 check_perms "$CCP_MESSAGE_STACK $CCP_FILE contains the string $CALLED_FILE." "$CALLED_FILE" "$CCP_USER" "$CCP_PATH"
170 done
171 else
172 # Process dynamically linked binaries
173 if [ ! -z "$IS_DYNBIN" ]; then
174
175 CALLED_FILES=`ldd "$CCP_FILE" 2>/dev/null | grep '/' | sed 's/[^\/]*\//\//' | cut -f 1 -d ' '`
176 for CALLED_FILE in $CALLED_FILES; do
177 check_perms "$CCP_MESSAGE_STACK $CCP_FILE uses the library $CALLED_FILE." "$CALLED_FILE" "$CCP_USER" "$CCP_PATH"
178 done
179
180 # Strings binary to look for hard-coded config files
181 # or other programs that might be called.
182 for CALLED_FILE in `strings "$CCP_FILE" | sed -e 's/^[^\/]*//' -e 's/["'\'':}$]/\x0a/g' | grep '/' | sed -e 's/[ \*].*//' | grep '^/[a-zA-Z0-9_/-]*$' | sort -u`; do
183 check_perms "$CCP_MESSAGE_STACK $CCP_FILE contains the string $CALLED_FILE." "$CALLED_FILE" "$CCP_USER" "$CCP_PATH"
184 done
185 fi
186 fi
187 }
188
189 # Parse any full paths from $1 (config files, progs, dirs).
190 # Check the permissions on each of these.
191 check_called_programs_suid () {
192 CCP_FILE=$1
193 CCP_PATH=$2 # optional
194
195 get_owner $CCP_FILE; CCP_USER=$GET_OWNER_RETURN
196 CCP_MESSAGE_STACK="$CCP_FILE is SUID $CCP_USER."
197 LS=`ls -l $CCP_FILE`
198 echo "Checking SUID-$CCP_USER program $CCP_FILE: $LS"
199
200 # Don't check perms of executable itself
201 # check_perms "$CCP_MESSAGE_STACK" "$CCP_FILE" "$CCP_USER" "$CCP_PATH"
202
203 # Check if file is text or not
204 IS_TEXT=`file "$CCP_FILE" | grep -i text`
205 IS_DYNBIN=`file "$CCP_FILE" | grep -i 'dynamically linked'`
206
207 # Process shell scripts (would also work on config files that reference other files)
208 if [ ! -z "$IS_TEXT" ]; then
209 # Skip the slow check if we're in quick mode
210 if [ "$MODE" = "standard" ]; then
211 return 0;
212 fi
213
214 # Parse full paths from file - ignoring commented lines
215 CALLED_FILES=`grep -v '^#' "$CCP_FILE" | sed -e 's/^[^\/]*//' -e 's/["'\'':}$]/\x0a/g' | grep '/' | sed -e 's/[ \*].*//' | grep '^/[a-zA-Z0-9_/-]*$' | sort -u`
216 for CALLED_FILE in $CALLED_FILES; do
217 # echo "$CCP_FILE contains a reference to $CALLED_FILE. Checking perms."
218 check_perms "$CCP_MESSAGE_STACK $CCP_FILE contains the string $CALLED_FILE." "$CALLED_FILE" "$CCP_USER" "$CCP_PATH"
219 done
220 else
221 # Process dynamically linked binaries
222 if [ ! -z "$IS_DYNBIN" ]; then
223
224 CALLED_FILES=`ldd "$CCP_FILE" 2>/dev/null | grep '/' | sed 's/[^\/]*\//\//' | cut -f 1 -d ' '`
225 for CALLED_FILE in $CALLED_FILES; do
226 check_perms "$CCP_MESSAGE_STACK $CCP_FILE uses the library $CALLED_FILE." "$CALLED_FILE" "$CCP_USER" "$CCP_PATH"
227 done
228
229 # Skip the slow check if we're in quick mode
230 if [ "$MODE" = "standard" ]; then
231 return 0;
232 fi
233
234 # Strings binary to look for hard-coded config files
235 # or other programs that might be called.
236 for CALLED_FILE in `strings "$CCP_FILE" | sed -e 's/^[^\/]*//' -e 's/["'\'':}$]/\x0a/g' | grep '/' | sed -e 's/[ \*].*//' | grep '^/[a-zA-Z0-9_/-]*$' | sort -u`; do
237 check_perms "$CCP_MESSAGE_STACK $CCP_FILE contains the string $CALLED_FILE." "$CALLED_FILE" "$CCP_USER" "$CCP_PATH"
238 done
239 fi
240 fi
241 }
242
243 # Check if $1 can be changed by users who are not $2
244 check_perms () {
245 CP_MESSAGE_STACK=$1
246 CHECK_PERMS_FILE=$2
247 CHECK_PERMS_USER=$3
248 CHECK_PERMS_PATH=$4 # optional
249
250 if [ ! -f "$CHECK_PERMS_FILE" ] && [ ! -d "$CHECK_PERMS_FILE" ] && [ ! -b "$CHECK_PERMS_FILE" ]; then
251 CHECK_PERMS_FOUND=0
252 if [ ! -z "$CHECK_PERMS_PATH" ]; then
253 # Look for it in the supplied path
254 for DIR in `echo "$CHECK_PERMS_PATH" | sed 's/:/ /g'`; do
255 if [ -f "$DIR/$CHECK_PERMS_FILE" ]; then
256 CHECK_PERMS_FOUND=1
257 CHECK_PERMS_FILE="$DIR/$CHECK_PERMS_FILE"
258 break
259 fi
260 done
261 fi
262
263 #if [ "$CHECK_PERMS_FOUND" = "0" ]; then
264 # echo "ERROR: File $CHECK_PERMS_FILE doesn't exist. Checking parent path anyway."
265 # # return 0
266 # fi
267 fi
268
269 C=`echo "$CHECK_PERMS_FILE" | cut -c 1`
270 if [ ! "$C" = "/" ]; then
271 echo "ERROR: Can't find absolute path for $CHECK_PERMS_FILE. Skipping."
272 return 0
273 fi
274
275 echo " Checking if anyone except $CHECK_PERMS_USER can change $CHECK_PERMS_FILE"
276
277 while [ -n "$CHECK_PERMS_FILE" ]; do
278 perms_secure "$CP_MESSAGE_STACK" $CHECK_PERMS_FILE $CHECK_PERMS_USER
279 CHECK_PERMS_FILE=`echo $CHECK_PERMS_FILE | sed 's/\/[^\/]*$//'`
280 done
281 }
282
283 # Check if $1 can be read by users who are not $2
284 check_read_perms () {
285 CP_MESSAGE_STACK=$1
286 CHECK_PERMS_FILE=$2
287 CHECK_PERMS_USER=$3
288
289 if [ ! -f "$CHECK_PERMS_FILE" ] && [ ! -b "$CHECK_PERMS_FILE" ]; then
290 echo "ERROR: File $CHECK_PERMS_FILE doesn't exist"
291 return 0
292 fi
293
294 echo " Checking if anyone except $CHECK_PERMS_USER can read file $CHECK_PERMS_FILE"
295
296 perms_secure_read "$CP_MESSAGE_STACK" "$CHECK_PERMS_FILE" "$CHECK_PERMS_USER"
297 }
298
299 perms_secure_read () {
300 PS_MESSAGE_STACK=$1
301 PERMS_SECURE_FILE=$2
302 PERMS_SECURE_USER=$3
303
304 if [ ! -b "$PERMS_SECURE_FILE" ] && [ ! -f "$PERMS_SECURE_FILE" ] && [ ! -d "$PERMS_SECURE_FILE" ]; then
305 echo "ERROR: No such file or directory: $PERMS_SECURE_FILE. Skipping."
306 return 0
307 fi
308
309 # Check if owner is different (but ignore root ownership, that's OK)
310 only_user_can_read "$PS_MESSAGE_STACK" $PERMS_SECURE_FILE $PERMS_SECURE_USER
311
312 # Check group read perm (but ignore root group, that's OK)
313 group_can_read "$PS_MESSAGE_STACK" $PERMS_SECURE_FILE $PERMS_SECURE_USER
314
315 # Check world read perm
316 world_can_read "$PS_MESSAGE_STACK" $PERMS_SECURE_FILE
317 }
318
319 perms_secure () {
320 PS_MESSAGE_STACK=$1
321 PERMS_SECURE_FILE=$2
322 PERMS_SECURE_USER=$3
323
324 if [ ! -d "$PERMS_SECURE_FILE" ] && [ ! -f "$PERMS_SECURE_FILE" ] && [ ! -b "$PERMS_SECURE_FILE" ]; then
325 # echo "ERROR: No such file or directory: $PERMS_SECURE_FILE. Skipping."
326 return 0
327 fi
328
329 # Check if owner is different (but ignore root ownership, that's OK)
330 only_user_can_write "$PS_MESSAGE_STACK" $PERMS_SECURE_FILE $PERMS_SECURE_USER
331
332 # Check group write perm (but ignore root group, that's OK)
333 group_can_write "$PS_MESSAGE_STACK" $PERMS_SECURE_FILE $PERMS_SECURE_USER
334
335 # Check world write perm
336 world_can_write "$PS_MESSAGE_STACK" $PERMS_SECURE_FILE
337 }
338
339 only_user_can_write () {
340 O_MESSAGE_STACK=$1
341 O_FILE=$2
342 O_USER=$3
343
344 # We just need to check the owner really as the owner
345 # can always grant themselves write access
346 get_owner $O_FILE; O_FILE_USER=$GET_OWNER_RETURN
347 if [ ! "$O_USER" = "$O_FILE_USER" ] && [ ! "$O_FILE_USER" = "root" ]; then
348 echo "WARNING: $O_MESSAGE_STACK The user $O_FILE_USER can write to $O_FILE"
349 fi
350 }
351
352 group_can_write () {
353 O_MESSAGE_STACK=$1
354 O_FILE=$2
355 O_USER=$3 # ignore group write access $3 is only member of group
356
357 get_group $O_FILE; O_FILE_GROUP=$GET_GROUP_RETURN
358 P=`ls -lLd $O_FILE | cut -c 6`
359 if [ "$P" = "w" ] && [ ! "$O_GROUP" = "root" ]; then
360 # check the group actually has some members other than $O_USER
361 group_has_other_members "$O_FILE_GROUP" "$O_USER"; # sets OTHER_MEMBERS to 1 or 0
362 if [ "$OTHER_MEMBERS" = "1" ]; then
363 echo "WARNING: $O_MESSAGE_STACK The group $O_FILE_GROUP can write to $O_FILE"
364 fi
365 fi
366 }
367
368 group_has_other_members () {
369 G_GROUP=$1
370 G_USER=$2
371
372 # If LDAP/NIS is being used this script can't check group memberships
373 # we therefore assume the worst.
374 if [ "$EXT_AUTH" = 1 ]; then
375 OTHER_MEMBERS=1
376 return 1
377 fi
378
379 GROUP_LINE=`grep "^$G_GROUP:" /etc/group`
380 MEMBERS=`echo "$GROUP_LINE" | cut -f 4 -d : | sed 's/,/ /g'`
381
382 GID=`echo "$GROUP_LINE" | cut -f 3 -d :`
383 EXTRA_MEMBERS=`grep "^[^:]*:[^:]*:[0-9]*:$GID:" /etc/passwd | cut -f 1 -d : | xargs echo`
384
385 for M in $MEMBERS; do
386 if [ ! "$M" = "$G_USER" ] && [ ! "$M" = "root" ]; then
387 OTHER_MEMBERS=1
388 return 1
389 fi
390 done
391
392 for M in $EXTRA_MEMBERS; do
393 if [ ! "$M" = "$G_USER" ] && [ ! "$M" = "root" ]; then
394 OTHER_MEMBERS=1
395 return 1
396 fi
397 done
398
399 OTHER_MEMBERS=0
400 return 0
401 }
402
403 world_can_write () {
404 O_MESSAGE_STACK=$1
405 O_FILE=$2
406
407 P=`ls -lLd $O_FILE | cut -c 9`
408 S=`ls -lLd $O_FILE | cut -c 10`
409
410 if [ "$P" = "w" ]; then
411 if [ "$S" = "t" ]; then
412 echo "WARNING: $O_MESSAGE_STACK World write is set for $O_FILE (but sticky bit set)"
413 else
414 echo "WARNING: $O_MESSAGE_STACK World write is set for $O_FILE"
415 fi
416 fi
417 }
418
419 only_user_can_read () {
420 O_MESSAGE_STACK=$1
421 O_FILE=$2
422 O_USER=$3
423
424 # We just need to check the owner really as the owner
425 # can always grant themselves read access
426 get_owner $O_FILE; O_FILE_USER=$GET_OWNER_RETURN
427 if [ ! "$O_USER" = "$O_FILE_USER" ] && [ ! "$O_FILE_USER" = "root" ]; then
428 echo "WARNING: $O_MESSAGE_STACK The user $O_FILE_USER can read $O_FILE"
429 fi
430 }
431
432 group_can_read () {
433 O_MESSAGE_STACK=$1
434 O_FILE=$2
435 O_USER=$3
436
437 get_group $O_FILE; O_FILE_GROUP=$GET_GROUP_RETURN
438 P=`ls -lLd $O_FILE | cut -c 5`
439 if [ "$P" = "r" ] && [ ! "$O_GROUP" = "root" ]; then
440 # check the group actually has some members other than $O_USER
441 group_has_other_members "$O_FILE_GROUP" "$O_USER"; # sets OTHER_MEMBERS to 1 or 0
442 if [ "$OTHER_MEMBERS" = "1" ]; then
443 echo "WARNING: $O_MESSAGE_STACK The group $O_FILE_GROUP can read $O_FILE"
444 fi
445 fi
446 }
447
448 world_can_read () {
449 O_MESSAGE_STACK=$1
450 O_FILE=$2
451
452 P=`ls -lLd $O_FILE | cut -c 8`
453
454 if [ "$P" = "w" ]; then
455 echo "WARNING: $O_MESSAGE_STACK World read is set for $O_FILE"
456 fi
457 }
458
459 section () {
460 echo
461 echo '############################################'
462 echo $1
463 echo '############################################'
464 }
465
466 # Guess OS
467 if [ -x /usr/bin/showrev ]; then
468 OS="solaris"
469 SHADOW="/etc/shadow"
470 elif [ -x /usr/sbin/sam -o -x /usr/bin/sam ]; then
471 OS="hpux"
472 SHADOW="/etc/shadow"
473 elif [ -f /etc/master.passwd ]; then
474 OS="bsd"
475 SHADOW="/etc/master.passwd"
476 else
477 OS="linux"
478 SHADOW="/etc/shadow"
479 fi
480 echo "Assuming the OS is: $OS"
481 CONFIG_FILES="$CONFIG_FILES $SHADOW"
482
483 # Set path so we can access usual directories. HPUX and some linuxes don't have sbin in the path.
484 PATH=$PATH:/usr/bin:/bin:/sbin:/usr/sbin; export PATH
485
486 # Check dependent programs are installed
487 # Assume "which" is installed!
488 PROGS="ls awk grep cat mount xargs file ldd strings"
489 for PROG in $PROGS; do
490 which $PROG 2>&1 > /dev/null
491 if [ ! $? = "0" ]; then
492 echo "ERROR: Dependend program '$PROG' is mising. Can't run. Sorry!"
493 exit 1
494 fi
495 done
496
497 banner
498
499 section "Recording hostname"
500 hostname
501
502 section "Recording uname"
503 uname -a
504
505 section "Recording Interface IP addresses"
506 if [ $OS = 'hpux' ]; then
507 for IFACE in `lanscan | grep x | awk '{print $5}' 2>/dev/null`; do
508 ifconfig $IFACE 2>/dev/null
509 done
510 else
511 ifconfig -a
512 fi
513
514 section "Checking if external authentication is allowed in /etc/passwd"
515 FLAG=`grep '^+:' /etc/passwd`
516 if [ -n "$FLAG" ]; then
517 echo "WARNING: /etc/passwd allows external authentcation:"
518 grep '^+:' /etc/passwd
519 EXT_AUTH=1
520 else
521 echo "No +:... line found in /etc/passwd"
522 fi
523
524 section "Checking nsswitch.conf for addition authentication methods"
525 if [ -r "/etc/nsswitch.conf" ]; then
526 NIS=`grep '^passwd' /etc/nsswitch.conf | grep 'nis'`
527 if [ -n "$NIS" ]; then
528 echo "WARNING: NIS is used for authentication on this system"
529 EXT_AUTH=1
530 fi
531 LDAP=`grep '^passwd' /etc/nsswitch.conf | grep 'ldap'`
532 if [ -n "$LDAP" ]; then
533 echo "WARNING: LDAP is used for authentication on this system"
534 EXT_AUTH=1
535 fi
536
537 if [ -z "$NIS" ] && [ -z "$LDAP" ]; then
538 echo "Neither LDAP nor NIS are used for authentication"
539 fi
540 else
541 echo "ERROR: File /etc/nsswitch.conf isn't readable. Skipping checks."
542 fi
543
544 # Check important config files aren't writable
545 section "Checking for writable config files"
546 for FILE in $CONFIG_FILES; do
547 if [ -f "$FILE" ]; then
548 check_perms "$FILE is a critical config file." "$FILE" root
549 fi
550 done
551
552 section "Checking if $SHADOW is readable"
553 check_read_perms "/etc/shadow holds authentication data" $SHADOW root
554
555 section "Checking for password hashes in /etc/passwd"
556 FLAG=`grep -v '^[^:]*:[x\*]*:' /etc/passwd | grep -v '^#'`
557 if [ -n "$FLAG" ]; then
558 echo "WARNING: There seem to be some password hashes in /etc/passwd"
559 grep -v '^[^:]*:[x\*]*:' /etc/passwd | grep -v '^#'
560 EXT_AUTH=1
561 else
562 echo "No password hashes found in /etc/passwd"
563 fi
564
565 section "Checking account settings"
566 # Check for something nasty like r00t::0:0::/:/bin/sh in /etc/passwd
567 # We only need read access to /etc/passwd to be able to check this.
568 if [ -r "/etc/passwd" ]; then
569 OPEN=`grep "^[^:][^:]*::" /etc/passwd | cut -f 1 -d ":"`
570 if [ -n "$OPEN" ]; then
571 echo "WARNING: The following accounts have no password:"
572 grep "^[^:][^:]*::" /etc/passwd | cut -f 1 -d ":"
573 fi
574 fi
575 if [ -r "$SHADOW" ]; then
576 echo "Checking for accounts with no passwords"
577 if [ "$OS" = "linux" ]; then
578 passwd -S -a | while read LINE
579 do
580 USER=`echo "$LINE" | awk '{print $1}'`
581 STATUS=`echo "$LINE" | awk '{print $2}'`
582 if [ "$STATUS" = "NP" ]; then
583 echo "WARNING: User $USER doesn't have a password"
584 fi
585 done
586 elif [ "$OS" = "solaris" ]; then
587 passwd -s -a | while read LINE
588 do
589 USER=`echo "$LINE" | awk '{print $1}'`
590 STATUS=`echo "$LINE" | awk '{print $2}'`
591 if [ "$STATUS" = "NP" ]; then
592 echo "WARNING: User $USER doesn't have a password"
593 fi
594 done
595 fi
596 else
597 echo "File $SHADOW isn't readable. Skipping some checks."
598 fi
599
600 section "Checking library directories from /etc/ld.so.conf"
601 if [ -f "/etc/ld.so.conf" ] && [ -r "/etc/ld.so.conf" ]; then
602 for DIR in `grep '^/' /etc/ld.so.conf`; do
603 check_perms "$DIR is in /etc/ld.so.conf." $DIR root
604 done
605
606 #FILES=`grep '^include' /etc/ld.so.conf | sed 's/^include *//'`
607 #if [ ! -z "$FILES" ]; then
608 # for DIR in `echo $FILES | xargs cat | sort -u`; do
609 # done
610 #fi
611 else
612 echo "File /etc/ld.so.conf not present. Skipping checks."
613 fi
614
615 # Check sudoers if we have permission - needs root normally
616 section "Checking sudo configuration"
617 if [ -f "/etc/sudoers" ] && [ -r "/etc/sudoers" ]; then
618 echo -----------------
619 echo "Checking if sudo is configured"
620 SUDO_USERS=`grep -v '^#' /etc/sudoers | grep -v '^[ \t]*$' | grep -v '^[ \t]*Default' | grep =`
621 if [ ! -z "$SUDO_USERS" ]; then
622 echo "WARNING: Sudo is configured. Manually check nothing unsafe is allowed:"
623 grep -v '^#' /etc/sudoers | grep -v '^[ \t]*$' | grep = | grep -v '^[ \t]*Default'
624 fi
625
626 echo -----------------
627 echo "Checking sudo users need a password"
628 SUDO_NOPASSWD=`grep -v '^#' /etc/sudoers | grep -v '^[ \t]*$' | grep NOPASSWD`
629 if [ ! -z "$SUDO_NOPASSWD" ]; then
630 echo "WARNING: Some users can use sudo without a password:"
631 grep -v '^#' /etc/sudoers | grep -v '^[ \t]*$' | grep NOPASSWD
632 fi
633 else
634 echo "File /etc/sudoers not present. Skipping checks."
635 fi
636
637 section "Checking permissions on swap file(s)"
638 for SWAP in `swapon -s | grep -v '^Filename' | cut -f 1 -d ' '`; do
639 check_perms "$SWAP is used for swap space." $SWAP root
640 check_read_perms "$SWAP is used for swap space." $SWAP root
641 done
642
643 section "Checking programs run from inittab"
644 if [ -f "/etc/inittab" ] && [ -r "/etc/inittab" ]; then
645 for FILE in `cat /etc/inittab | grep : | grep -v '^#' | cut -f 4 -d : | grep '/' | cut -f 1 -d ' ' | sort -u`; do
646 check_called_programs "$FILE is run from /etc/inittab as root." $FILE root
647 done
648 else
649 echo "File /etc/inittab not present. Skipping checks."
650 fi
651
652 section "Checking postgres trust relationships"
653 for DIR in $PGDIRS; do
654 if [ -d "$DIR" ] && [ -r "$DIR/pg_hba.conf" ]; then
655 grep -v '^#' "$DIR/pg_hba.conf" | grep -v '^[ \t]*$' | while read LINE
656 do
657 AUTH=`echo "$LINE" | awk '{print $NF}'`
658 if [ "$AUTH" = "trust" ]; then
659 PGTRUST=1
660 echo "WARNING: Postgres trust configured in $DIR/pg_hba.conf: $LINE"
661 fi
662 done
663 fi
664 done
665
666 PGVER1=`psql -U postgres template1 -c 'select version()' 2>/dev/null | grep version`
667
668 if [ -n "$PGVER1" ]; then
669 PGTRUST=1
670 echo "WARNING: Can connect to local postgres database as \"postgres\" without a password"
671 fi
672
673 PGVER2=`psql -U pgsql template1 -c 'select version()' 2>/dev/null | grep version`
674
675 if [ -n "$PGVER2" ]; then
676 PGTRUST=1
677 echo "WARNING: Can connect to local postgres database as \"pgsql\" without a password"
678 fi
679
680 if [ -z "$PGTRUST" ]; then
681 echo "No postgres trusts detected"
682 fi
683
684 # Check device files for mounted file systems are secure
685 # cat /proc/mounts | while read LINE # Doesn't work so well when LVM is used - need to be root
686 section "Checking permissions on device files for mounted partitions"
687 if [ "$OS" = "linux" ]; then
688 mount | while read LINE
689 do
690 DEVICE=`echo "$LINE" | awk '{print $1}'`
691 FS=`echo "$LINE" | awk '{print $5}'`
692 if [ "$FS" = "ext2" ] || [ "$FS" = "ext3" ] ||[ "$FS" = "reiserfs" ]; then
693 echo "Checking device $DEVICE"
694 check_perms "$DEVICE is a mounted file system." $DEVICE root
695 fi
696 done
697 elif [ "$OS" = "bsd" ]; then
698 mount | grep ufs | while read LINE
699 do
700 DEVICE=`echo "$LINE" | awk '{print $1}'`
701 echo "Checking device $DEVICE"
702 check_perms "$DEVICE is a mounted file system." $DEVICE root
703 done
704 elif [ "$OS" = "solaris" ]; then
705 mount | grep xattr | while read LINE
706 do
707 DEVICE=`echo "$LINE" | awk '{print $3}'`
708 if [ ! "$DEVICE" = "swap" ]; then
709 echo "Checking device $DEVICE"
710 check_perms "$DEVICE is a mounted file system." $DEVICE root
711 fi
712 done
713 elif [ "$OS" = "hpux" ]; then
714 mount | while read LINE
715 do
716 DEVICE=`echo "$LINE" | awk '{print $3}'`
717 C=`echo $DEVICE | cut -c 1`
718 if [ "$C" = "/" ]; then
719 echo "Checking device $DEVICE"
720 check_perms "$DEVICE is a mounted file system." $DEVICE root
721 fi
722 done
723
724 NFS=`mount | grep NFS`
725 if [ -n "$NFS" ]; then
726 echo "WARNING: This system is an NFS client. Check for nosuid and nodev options."
727 mount | grep NFS
728 fi
729 fi
730
731 # Check cron jobs if they're readable
732 # TODO check that cron is actually running
733 section "Checking cron job programs aren't writable (/etc/crontab)"
734 CRONDIRS=""
735 if [ -f "/etc/crontab" ] && [ -r "/etc/crontab" ]; then
736 MYPATH=`grep '^PATH=' /etc/crontab | cut -f 2 -d = `
737 echo Crontab path is $MYPATH
738
739 # Check if /etc/cron.(hourly|daily|weekly|monthly) are being used
740 CRONDIRS=`grep -v '^#' /etc/crontab | grep -v '^[ \t]*$' | grep '[ \t][^ \t][^ \t]*[ \t][ \t]*' | grep run-crons`
741
742 # Process run-parts
743 grep -v '^#' /etc/crontab | grep -v '^[ \t]*$' | grep '[ \t][^ \t][^ \t]*[ \t][ \t]*' | grep run-parts | while read LINE
744 do
745 echo "Processing crontab run-parts entry: $LINE"
746 USER=`echo "$LINE" | awk '{print $6}'`
747 DIR=`echo "$LINE" | sed 's/.*run-parts[^()&|;\/]*\(\/[^ ]*\).*/\1/'`
748 check_perms "$DIR holds cron jobs which are run as $USER." "$DIR" "$USER"
749 if [ -d "$DIR" ]; then
750 echo " Checking directory: $DIR"
751 for FILE in $DIR/*; do
752 FILENAME=`echo "$FILE" | sed 's/.*\///'`
753 if [ "$FILENAME" = "*" ]; then
754 echo " No files in this directory."
755 continue
756 fi
757 check_called_programs "$FILE is run by cron as $USER." "$FILE" "$USER"
758 done
759 fi
760 done
761
762 # TODO bsd'd periodic:
763 # 1 3 * * * root periodic daily
764 # 15 4 * * 6 root periodic weekly
765 # 30 5 1 * * root periodic monthly
766
767 grep -v '^#' /etc/crontab | grep -v '^[ ]*$' | grep '[ ][^ ][^ ]*[ ][ ]*' | while read LINE
768 do
769 echo "Processing crontab entry: $LINE"
770 USER=`echo "$LINE" | awk '{print $6}'`
771 PROG=`echo "$LINE" | awk '{print $7}'`
772 check_called_programs "$PROG is run from crontab as $USER." $PROG $USER $MYPATH
773 done
774 else
775 echo "File /etc/crontab not present. Skipping checks."
776 fi
777
778 # Do this if run-crons is run from /etc/crontab
779 if [ -n "$CRONDIRS" ]; then
780 USER=`echo "$CRONDIRS" | awk '{print $6}'`
781 section "Checking /etc/cron.(hourly|daily|weekly|monthly)"
782 for DIR in hourly daily weekly monthly; do
783 if [ -d "/etc/cron.$DIR" ]; then
784 echo " Checking directory: /etc/cron.$DIR"
785 for FILE in /etc/cron.$DIR/*; do
786 FILENAME=`echo "$FILE" | sed 's/.*\///'`
787 if [ "$FILENAME" = "*" ]; then
788 echo "No files in this directory."
789 continue
790 fi
791 check_called_programs "$FILE is run via cron as $USER." "$FILE" $USER
792 done
793 fi
794 done
795 fi
796
797 section "Checking cron job programs aren't writable (/var/spool/cron/crontabs)"
798 if [ -d "/var/spool/cron/crontabs" ]; then
799 for FILE in /var/spool/cron/crontabs/*; do
800 USER=`echo "$FILE" | sed 's/^.*\///'`
801 if [ "$USER" = "*" ]; then
802 echo "No user crontabs found in /var/spool/cron/crontabs. Skipping checks."
803 continue
804 fi
805 echo "Processing crontab for $USER: $FILE"
806 if [ -r "$FILE" ]; then
807 MYPATH=`grep '^PATH=' "$FILE" | cut -f 2 -d = `
808 if [ -n "$MYPATH" ]; then
809 echo Crontab path is $MYPATH
810 fi
811 grep -v '^#' "$FILE" | grep -v '^[ \t]*$' | grep '[ \t][^ \t][^ \t]*[ \t][ \t]*' | while read LINE
812 do
813 echo "Processing crontab entry: $LINE"
814 PROG=`echo "$LINE" | awk '{print $6}'`
815 check_called_programs "$PROG is run via cron as $USER." "$PROG" $USER
816 done
817 else
818 echo "ERROR: Can't read file $FILE"
819 fi
820 done
821 else
822 echo "Directory /var/spool/cron/crontabs is not present. Skipping checks."
823 fi
824
825 section "Checking cron job programs aren't writable (/var/spool/cron/tabs)"
826 if [ -d "/var/spool/cron/tabs" ]; then
827 for FILE in /var/spool/cron/tabs/*; do
828 USER=`echo "$FILE" | sed 's/^.*\///'`
829 if [ "$USER" = "*" ]; then
830 echo "No user crontabs found in /var/spool/cron/crontabs. Skipping checks."
831 continue
832 fi
833 echo "Processing crontab for $USER: $FILE"
834 if [ -r "$FILE" ]; then
835 MYPATH=`grep '^PATH=' "$FILE" | cut -f 2 -d = `
836 if [ -n "$MYPATH" ]; then
837 echo Crontab path is $MYPATH
838 fi
839 grep -v '^#' "$FILE" | grep -v '^[ \t]*$' | grep '[ \t][^ \t][^ \t]*[ \t][ \t]*' | while read LINE
840 do
841 echo "Processing crontab entry: $LINE"
842 PROG=`echo "$LINE" | awk '{print $6}'`
843 check_called_programs "$PROG is run from cron as $USER." $PROG $USER $MYPATH
844 done
845 else
846 echo "ERROR: Can't read file $FILE"
847 fi
848 done
849 else
850 echo "Directory /var/spool/cron/tabs is not present. Skipping checks."
851 fi
852
853 # Check programs run from /etc/inetd.conf have secure permissions
854 # TODO: check inetd is actually running
855 section "Checking inetd programs aren't writable"
856 if [ -f /etc/inetd.conf ] && [ -r /etc/inetd.conf ]; then
857 grep -v '^#' /etc/inetd.conf | grep -v '^[ \t]*$' | while read LINE
858 do
859 USER=`echo $LINE | awk '{print $5}'`
860 PROG=`echo $LINE | awk '{print $6}'` # could be tcpwappers ...
861 PROG2=`echo $LINE | awk '{print $7}'` # ... and this is the real prog
862 if [ -z "$PROG" ] || [ "$PROG" = "internal" ]; then
863 # Not calling an external program
864 continue
865 fi
866 echo Processing inetd line: $LINE
867 if [ -f "$PROG" ]; then
868 check_called_programs "$PROG is run from inetd as $USER." $PROG $USER
869 fi
870 if [ -f "$PROG2" ]; then
871 check_called_programs "$PROG is run from inetd as $USER." $PROG2 $USER
872 fi
873 done
874 else
875 echo "File /etc/inetd.conf not present. Skipping checks."
876 fi
877
878 # Check programs run from /etc/xinetd.d/*
879 # TODO: check xinetd is actually running
880 section "Checking xinetd programs aren't writeable"
881 if [ -d /etc/xinetd.d ]; then
882 for FILE in `grep 'disable[ \t]*=[ \t]*no' /etc/xinetd.d/* | cut -f 1 -d :`; do
883 echo Processing xinetd service file: $FILE
884 PROG=`grep '^[ \t]*server[ \t]*=[ \t]*' $FILE | sed 's/.*server.*=[ \t]*//'`
885 USER=`grep '^[ \t]*user[ \t]*=[ \t]*' $FILE | sed 's/.*user.*=[ \t]*//'`
886 check_called_programs "$PROG is run from xinetd as $USER." $PROG $USER
887 done
888 else
889 echo "Directory /etc/xinetd.d not present. Skipping checks."
890 fi
891
892 # Check for writable home directories
893 section "Checking home directories aren't writable"
894 cat /etc/passwd | grep -v '^#' | while read LINE
895 do
896 echo Processing /etc/passwd line: $LINE
897 USER=`echo $LINE | cut -f 1 -d :`
898 DIR=`echo $LINE | cut -f 6 -d :`
899 SHELL=`echo $LINE | cut -f 7 -d :`
900 if [ "$SHELL" = "/sbin/nologin" ] || [ "$SHELL" = "/bin/false" ]; then
901 echo " Skipping user $USER. They don't have a shell."
902 else
903 if [ "$DIR" = "/dev/null" ]; then
904 echo " Skipping /dev/null home directory"
905 else
906 check_perms "$DIR is the home directory of $USER." $DIR $USER
907 fi
908 fi
909 done
910
911 # Check for readable files in home directories
912 section "Checking for readable sensitive files in home directories"
913 cat /etc/passwd | while read LINE
914 do
915 USER=`echo $LINE | cut -f 1 -d :`
916 DIR=`echo $LINE | cut -f 6 -d :`
917 SHELL=`echo $LINE | cut -f 7 -d :`
918 for FILE in $HOME_DIR_FILES; do
919 if [ -f "$DIR/$FILE" ]; then
920 check_read_perms "$DIR/$FILE is in the home directory of $USER." "$DIR/$FILE" $USER
921 fi
922 done
923 done
924
925 section "Checking SUID programs"
926 if [ "$MODE" = "detailed" ]; then
927 for FILE in `find / -type f -perm -04000 2>/dev/null`; do
928 check_called_programs_suid $FILE
929 done
930 else
931 echo "Skipping checks of SUID programs (it's slow!). Run again in 'detailed' mode."
932 fi
933
934 # Check for private SSH keys in home directories
935 section "Checking for Private SSH Keys home directories"
936 for HOMEDIR in `cut -f 6 -d : /etc/passwd`; do
937 if [ -d "$HOMEDIR/.ssh" ]; then
938 PRIV_KEYS=`grep -l 'BEGIN [RD]SA PRIVATE KEY' $HOMEDIR/.ssh/* 2>/dev/null`
939 if [ -n "$PRIV_KEYS" ]; then
940 for KEY in $PRIV_KEYS; do
941 ENC_KEY=`grep -l 'ENCRYPTED' "$KEY" 2>/dev/null`
942 if [ -n "$ENC_KEY" ]; then
943 echo "WARNING: Encrypted Private SSH Key Found in $KEY"
944 else
945 echo "WARNING: Unencrypted Private SSH Key Found in $KEY"
946 fi
947 done
948 fi
949 fi
950 done
951
952 # Check for public SSH keys in home directories
953 section "Checking for Public SSH Keys home directories"
954 for HOMEDIR in `cut -f 6 -d : /etc/passwd`; do
955 if [ -r "$HOMEDIR/.ssh/authorized_keys" ]; then
956 KEYS=`grep '^ssh-' $HOMEDIR/.ssh/authorized_keys 2>/dev/null`
957 if [ -n "$KEYS" ]; then
958 echo "WARNING: Public SSH Key Found in $HOMEDIR/.ssh/authorized_keys"
959 fi
960 fi
961 done
962
963 # Check for any SSH agents running on the box
964 section "Checking for SSH agents"
965 AGENTS=`ps -ef | grep ssh-agent | grep -v grep`
966 if [ -n "$AGENTS" ]; then
967 echo "WARNING: There are SSH agents running on this system:"
968 ps -ef | grep ssh-agent | grep -v grep
969 # for PID in `ps aux | grep ssh-agent | grep -v grep | awk '{print $2}'`; do
970 for SOCK in `ls /tmp/ssh-*/agent.* 2>/dev/null`; do
971 SSH_AUTH_SOCK=$SOCK; export SSH_AUTH_SOCK
972 AGENT_KEYS=`ssh-add -l | grep -v 'agent has no identities.' 2>/dev/null`
973 if [ -n "$AGENT_KEYS" ]; then
974 echo "WARNING: SSH Agent has keys loaded [SSH_AUTH_SOCK=$SSH_AUTH_SOCK]"
975 ssh-add -l
976 fi
977 done
978 else
979 echo "No SSH agents found"
980 fi
981
982 # Check for any GPG agents running on the box
983 section "Checking for GPG agents"
984 AGENTS=`ps -ef | grep gpg-agent | grep -v grep`
985 if [ -n "$AGENTS" ]; then
986 echo "WARNING: There are GPG agents running on this system:"
987 ps aux | grep gpg-agent | grep -v grep
988 else
989 echo "No GPG agents found"
990 fi
991
992 # Check files in /etc/init.d/* can't be modified by non-root users
993 section "Checking startup files (init.d / rc.d) aren't writable"
994 for DIR in /etc/init.d /etc/rc.d /usr/local/etc/rc.d; do
995 if [ -d "$DIR" ]; then
996 for FILE in $DIR/*; do
997 F=`echo "$FILE" | sed 's/^.*\///'`
998 if [ "$F" = "*" ]; then
999 echo "No user startup script found in $DIR. Skipping checks."
1000 continue
1001 fi
1002 echo Processing startup script $FILE
1003 check_called_programs "$FILE is run by root at startup." $FILE root
1004 done
1005 fi
1006 done
1007
1008 section "Checking if running programs are writable"
1009 if [ $OS = "solaris" ]; then
1010 # use the output of ps command
1011 ps -ef -o user,comm | while read LINE
1012 do
1013 USER=`echo "$LINE" | awk '{print $1}'`
1014 PROG=`echo "$LINE" | awk '{print $2}'`
1015 check_called_programs "$PROG is currently running as $USER." "$PROG" "$USER"
1016 done
1017 elif [ $OS = "bsd" ]; then
1018 # use the output of ps command
1019 ps aux | while read LINE
1020 do
1021 USER=`echo "$LINE" | awk '{print $1}'`
1022 PROG=`echo "$LINE" | awk '{print $11}'`
1023 check_called_programs "$PROG is currently running as $USER." "$PROG" "$USER"
1024 done
1025 elif [ $OS = "hpux" ]; then
1026 # use the output of ps command
1027 ps -ef | while read LINE
1028 do
1029 USER=`echo "$LINE" | awk '{print $1}'`
1030 PROG1=`echo "$LINE" | awk '{print $8}'`
1031 PROG2=`echo "$LINE" | awk '{print $9}'`
1032 if [ -f "$PROG1" ]; then
1033 check_called_programs "$PROG is currently running as $USER." "$PROG1" "$USER"
1034 fi
1035 if [ -f "$PROG2" ]; then
1036 check_called_programs "$PROG is currently running as $USER." "$PROG2" "$USER"
1037 fi
1038 done
1039 elif [ $OS = "linux" ]; then
1040 # use the /proc file system
1041 for PROCDIR in /proc/[0-9]*; do
1042 unset PROGPATH
1043 PID=`echo $PROCDIR | cut -f 3 -d /`
1044 echo ------------------------
1045 echo "PID: $PID"
1046 if [ -d "$PROCDIR" ]; then
1047 if [ -r "$PROCDIR/exe" ]; then
1048 PROGPATH=`ls -l "$PROCDIR/exe" 2>&1 | sed 's/ (deleted)//' | awk '{print $NF}'`
1049 else
1050 if [ -r "$PROCDIR/cmdline" ]; then
1051 P=`cat $PROCDIR/cmdline | tr "\0" = | cut -f 1 -d = | grep '^/'`
1052 if [ -z "$P" ]; then
1053 echo "ERROR: Can't find full path of running program: "`cat $PROCDIR/cmdline`
1054 else
1055 PROGPATH=$P
1056 fi
1057 else
1058 echo "ERROR: Can't find full path of running program: "`cat $PROCDIR/cmdline`
1059 continue
1060 fi
1061 fi
1062 get_owner $PROCDIR; OWNER=$GET_OWNER_RETURN
1063 echo "Owner: $OWNER"
1064 else
1065 echo "ERROR: Can't find OWNER. Process has gone."
1066 continue
1067 fi
1068
1069 if [ -n "$PROGPATH" ]; then
1070 get_owner $PROGPATH; PROGOWNER=$GET_OWNER_RETURN
1071 echo "Program path: $PROGPATH"
1072 check_called_programs "$PROGPATH is currently running as $OWNER." $PROGPATH $OWNER
1073 fi
1074
1075 if [ "$MODE" == "detailed" ]; then
1076 for FILE in $PROCDIR/fd/*; do
1077 F=`echo "$FILE" | sed 's/^.*\///'`
1078 if [ "$F" = "*" ]; then
1079 continue
1080 fi
1081 check_perms "$FILE is an open file descriptor for process $PID running as $OWNER." $FILE $OWNER
1082 done
1083 fi
1084 done
1085 fi
+137
-0
upc.sh less more
0 #!/bin/sh
1 # $Revision$
2 #
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 2 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
16 #
17 # (c) Tim Brown, 2012
18 # <mailto:[email protected]>
19 # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
20
21 . lib/misc/stdio
22
23 header () {
24 VERSION="2.1"
25 SVNVERSION="$Revision$" # Don't change this line. Auto-updated.
26 SVNVNUM="`echo $SVNVERSION | sed \"s/[^0-9]//g\"`"
27 if [ -n "${SVNVNUM}" ]; then
28 VERSION="${VERSION}-svn-${SVNVNUM}"
29 fi
30 printf "unix-privesc-check v${VERSION} ( http://code.google.com/p/unix-privesc-check )\n\n"
31 }
32
33 version () {
34 header
35 preamble
36 printf "Brought to you by:\n"
37 cat doc/AUTHORS
38 exit 1
39 }
40
41 preamble () {
42 printf "Shell script to check for simple privilege escalation vectors on UNIX systems.\n\n"
43 }
44
45 usage () {
46 header
47 preamble
48 printf "Usage: ${0}\n"
49 printf "\n"
50 printf "\t--help\tdisplay this help and exit\n"
51 printf "\t--version\tdisplay version and exit\n"
52 printf "\t--color\tenable output coloring\n"
53 printf "\t--verbose\tverbose level (0-2, default: 1)\n"
54 printf "\t--type\tselect from one of the following check types:\n"
55 for checktype in lib/checks/enabled/*
56 do
57 printf "\t\t`basename ${checktype}`\n"
58 done
59 printf "\t--checks\tprovide a comma separated list of checks to run, select from the following checks:\n"
60 for check in lib/checks/*
61 do
62 if [ "`basename \"${check}\"`" != "enabled" ]
63 then
64 printf "\t\t`basename ${check}`\n"
65 fi
66 done
67 exit 1
68 }
69
70 # TODO make it use lib/misc/validate
71 CHECKS=""
72 TYPE="all"
73 COLORING="0"
74 VERBOSE="1"
75 while [ -n "${1}" ]
76 do
77 case "${1}" in
78 --help|-h)
79 usage
80 ;;
81 --version|-v|-V)
82 version
83 ;;
84 --color)
85 COLORING="1"
86 ;;
87 --verbose)
88 shift
89 VERBOSE="${1}"
90 ;;
91 --type|-t)
92 shift
93 TYPE="${1}"
94 ;;
95 --checks|-c)
96 shift
97 CHECKS="${1}"
98 ;;
99 esac
100 shift
101 done
102 header
103 if [ "${VERBOSE}" != "0" -a "${VERBOSE}" != "1" -a "${VERBOSE}" != "2" ]
104 then
105 stdio_message_error "upc" "the provided verbose level ${VERBOSE} is invalid - use 0, 1 or 2 next time"
106 VERBOSE="1"
107 fi
108 if [ -n "${CHECKS}" ]
109 then
110 for checkfilename in `printf "${CHECKS}" | tr -d " " | tr "," " "`
111 do
112 if [ ! -e "lib/checks/${checkfilename}" ]
113 then
114 stdio_message_error "upc" "the provided check name '${checkfilename}' does not exist"
115 else
116 . "lib/checks/${checkfilename}"
117 `basename "${checkfilename}"`_init
118 `basename "${checkfilename}"`_main
119 `basename "${checkfilename}"`_fini
120 fi
121 done
122 else
123 if [ ! -d "lib/checks/enabled/${TYPE}" ]
124 then
125 stdio_message_error "upc" "the provided check type '${TYPE}' does not exist"
126 else
127 for checkfilename in lib/checks/enabled/${TYPE}/*
128 do
129 . "${checkfilename}"
130 `basename "${checkfilename}"`_init
131 `basename "${checkfilename}"`_main
132 `basename "${checkfilename}"`_fini
133 done
134 fi
135 fi
136 exit 0