Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 485a005

Browse files
nanchealnancheal
committed
9/10
1 parent d901a99 commit 485a005

File tree

5 files changed

+252
-22
lines changed

5 files changed

+252
-22
lines changed

README.md

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,17 @@
11
# lynis-plugins
22

3-
## 0x00 plugin_tests_passwd_phase2
3+
## 0x01 plugin_tests_passwd_phase2
44

55
check if there is senstive password hashes store in /etc/passwd file
66

7-
## 0x01 plugin_check_pwnable_binary_phase2
7+
## 0x02 plugin_check_pwnable_binary_phase2
88

9-
check if current user can run a pwnable programs, need to enter current user password
9+
check if current user can run a pwnable programs, need to enter current user password
10+
11+
## 0x03 plugin_check_hidden_file_phase2
12+
13+
find hidden file on system
14+
15+
## 0x04 plugin_check_docker_group_phase2
16+
17+
check if there is docker group user

default.prf

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -148,8 +148,11 @@ plugin=software
148148
plugin=system-integrity
149149
plugin=systemd
150150
plugin=users
151-
plugin=check_hashes_passwd
151+
plugin=check_passwd_shadow
152152
plugin=check_pwnable_binary
153+
plugin=check_hidden_file
154+
plugin=check_suid_file
155+
plugin=chech_docker_group
153156

154157
#################################################################################
155158
#

plugins/plugin_check_hashes_passwd_phase2 renamed to plugins/plugin_check_docker_group_phase2

Lines changed: 16 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -15,54 +15,52 @@
1515
# * DO NOT REMOVE *
1616
#-----------------------------------------------------
1717
# [email protected]___
18-
# PLUGIN_CATEGORY=PASS
19-
# PLUGIN_DESC=A test for check if there is password hashes stored in /etc/passwd
20-
# PLUGIN_NAME=check_hashes_passwd
18+
# PLUGIN_CATEGORY=SUID
19+
# PLUGIN_DESC=A test for check if there is docker group user
20+
# PLUGIN_NAME=check_docker_group
2121
# PLUGIN_REQUIRED_TESTS=
2222
#-----------------------------------------------------
2323
#
2424
#########################################################################
2525

26-
check_password_hashes() {
26+
check_docker_group() {
2727
# define some constant
2828
IFS_OLD=$IFS
29-
IFS=$'\n'
30-
ENCRYPTEDPASS='x'
29+
IFS=$'\n'
3130
#start
32-
LogText "Test:obtain /etc/passwd file content"
33-
passwd_content=$(${AWKBINARY} '{print $0}' /etc/passwd)
34-
for each_passwd in ${passwd_content};
31+
LogText "Test:obtain group info"
32+
groups=$(${AWKBINARY} '{print $0}' /etc/group)
33+
for each_group in ${groups};
3534
do
3635
IFS=':'
37-
passwd_split_colon=($each_passwd)
38-
if [ "${passwd_split_colon[1]}" != "$ENCRYPTEDPASS" ];then
39-
IFS=$'\n'
40-
Report "sensetive_passwd_hashes[]=$each_passwd"
36+
group_split_colon=($each_group)
37+
if [ "${group_split_colon[0]}" == "docker" ];then
38+
Report "docker_group[]=$each_group for more detail look at:https://fosterelli.co/privilege-escalation-via-docker.html && http://www.freebuf.com/articles/system/170783.html"
4139
fi
4240
done
4341
IFS=$IFS_OLD
4442
}
4543
#########################################################################
4644
#
4745
# Add custom section to screen output
48-
InsertSection "PASS"
46+
InsertSection "GROUP"
4947
#
5048
#################################################################################
5149
#
52-
# Test : PASS-0001
50+
# Test : GROUP-0001
5351
# Description : We show some lines on the screen
5452

5553
# Register our first custom test
5654
# We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed
57-
Register --test-no PASS-0001 --weight L --network NO --description "A test for check if there is password hashess stored in /etc/passwd"
55+
Register --test-no GROUP-0001 --weight L --network NO --description "A test for check if there is docker group user"
5856
if [ ${SKIPTEST} -eq 0 ]; then
5957
# The Display function makes it easy to show something on screen, with colors.
6058
# --indent defines amount of spaces
6159
# --text text to be displayed on screen
6260
# --result text at end of line
6361
# --color color of result text
64-
Display --indent 2 --text "- Checking if there is a password hashes on /etc/passwd file" --result OK --color GREEN
65-
check_password_hashes;
62+
Display --indent 2 --text "- checking docker group" --result OK --color GREEN
63+
check_docker_group;
6664
fi
6765
#
6866
#################################################################################

plugins/plugin_check_passwd_shadow_phase2

Lines changed: 126 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,126 @@
1+
#!/bin/sh
2+
3+
# -------------------------- CUT THIS SECTION ---------------------------
4+
# This is a template to create a customized plugin
5+
#
6+
# Each plugin should at least have several variables defined with the
7+
# prefix PLUGIN_* (see below)
8+
#
9+
# If you want to learn what functions you can use, check include/functions
10+
#
11+
# -------------------------- CUT THIS SECTION ---------------------------
12+
13+
#########################################################################
14+
#
15+
# * DO NOT REMOVE *
16+
#-----------------------------------------------------
17+
# [email protected]___
18+
# PLUGIN_CATEGORY=PASS
19+
# PLUGIN_DESC=A test for check if there is password hashes stored in /etc/passwd and if /etc/passwd is writeable also if /etc/shadow is readable
20+
# PLUGIN_NAME=check_passwd_shadow
21+
# PLUGIN_REQUIRED_TESTS=
22+
#-----------------------------------------------------
23+
#
24+
#########################################################################
25+
26+
check_password_hashes() {
27+
# define some constant
28+
IFS_OLD=$IFS
29+
IFS=$'\n'
30+
ENCRYPTEDPASS='x'
31+
#start
32+
LogText "Test:obtain /etc/passwd file content"
33+
passwd_content=$(${AWKBINARY} '{print $0}' /etc/passwd)
34+
for each_passwd in ${passwd_content};
35+
do
36+
IFS=':'
37+
passwd_split_colon=($each_passwd)
38+
if [ "${passwd_split_colon[1]}" != "$ENCRYPTEDPASS" ];then
39+
IFS=$'\n'
40+
Report "sensetive_passwd_hashes[]=$each_passwd"
41+
fi
42+
done
43+
IFS=$IFS_OLD
44+
}
45+
46+
check_passwd_writeable() {
47+
#start
48+
LogText "Test:obtain /etc/passwd file permission in number format"
49+
passwd_permission_number=$(stat -c %a /etc/passwd)
50+
if [ "$passwd_permission_number" -gt "644" ];then
51+
Report "passwd_writeable[]=$(ls -la /etc/passwd)"
52+
fi
53+
}
54+
55+
check_shadow_readable() {
56+
#start
57+
LogText "Test:obtain /etc/shadow file permission in number format"
58+
shadow_permission_number=$(stat -c %a /etc/shadow)
59+
if [ "$shadow_permission_number" -gt "640" ];then
60+
Report "shadow_readable[]=$(ls -la /etc/shadow)"
61+
fi
62+
}
63+
#########################################################################
64+
#
65+
# Add custom section to screen output
66+
InsertSection "PASS"
67+
#
68+
#################################################################################
69+
#
70+
# Test : PASS-0001
71+
# Description : We show some lines on the screen
72+
73+
# Register our first custom test
74+
# We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed
75+
Register --test-no PASS-0001 --weight L --network NO --description "A test for check if there is password hashess stored in /etc/passwd"
76+
if [ ${SKIPTEST} -eq 0 ]; then
77+
# The Display function makes it easy to show something on screen, with colors.
78+
# --indent defines amount of spaces
79+
# --text text to be displayed on screen
80+
# --result text at end of line
81+
# --color color of result text
82+
Display --indent 2 --text "- Checking if there is a password hashes on /etc/passwd file" --result OK --color GREEN
83+
check_password_hashes;
84+
fi
85+
#
86+
#################################################################################
87+
#
88+
# Test : PASS-0002
89+
# Description : We show some lines on the screen
90+
91+
# Register our first custom test
92+
# We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed
93+
Register --test-no PASS-0002 --weight L --network NO --description "A test for check if /etc/shadow is readable"
94+
if [ ${SKIPTEST} -eq 0 ]; then
95+
# The Display function makes it easy to show something on screen, with colors.
96+
# --indent defines amount of spaces
97+
# --text text to be displayed on screen
98+
# --result text at end of line
99+
# --color color of result text
100+
Display --indent 2 --text "- Checking if /etc/shadow is readable" --result OK --color GREEN
101+
check_shadow_readable;
102+
fi
103+
#
104+
#################################################################################
105+
#
106+
# Test : PASS-0003
107+
# Description : We show some lines on the screen
108+
109+
# Register our first custom test
110+
# We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed
111+
Register --test-no PASS-0003 --weight L --network NO --description "A test for check if /etc/passwd is writeable"
112+
if [ ${SKIPTEST} -eq 0 ]; then
113+
# The Display function makes it easy to show something on screen, with colors.
114+
# --indent defines amount of spaces
115+
# --text text to be displayed on screen
116+
# --result text at end of line
117+
# --color color of result text
118+
Display --indent 2 --text "- Checking if /etc/passwd is writeable" --result OK --color GREEN
119+
check_passwd_writeable;
120+
fi
121+
#
122+
#################################################################################
123+
# Wait for keypress (unless --quick is being used)
124+
WaitForKeyPress
125+
126+
#EOF

plugins/plugin_check_suid_file_phase2

Lines changed: 95 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,95 @@
1+
#!/bin/sh
2+
3+
# -------------------------- CUT THIS SECTION ---------------------------
4+
# This is a template to create a customized plugin
5+
#
6+
# Each plugin should at least have several variables defined with the
7+
# prefix PLUGIN_* (see below)
8+
#
9+
# If you want to learn what functions you can use, check include/functions
10+
#
11+
# -------------------------- CUT THIS SECTION ---------------------------
12+
13+
#########################################################################
14+
#
15+
# * DO NOT REMOVE *
16+
#-----------------------------------------------------
17+
# [email protected]___
18+
# PLUGIN_CATEGORY=SUID
19+
# PLUGIN_DESC=A test for find suid file
20+
# PLUGIN_NAME=check_suid_file
21+
# PLUGIN_REQUIRED_TESTS=
22+
#-----------------------------------------------------
23+
#
24+
#########################################################################
25+
26+
check_suid_file() {
27+
# define some constant
28+
IFS_OLD=$IFS
29+
IFS=$'\n'
30+
#start
31+
LogText "Test:obtain suid file name"
32+
suid_files=$(find / -perm 2000 -o -perm -4000 -type f -exec ls -la {} 2>/dev/null \;)
33+
for each_file in ${suid_files};
34+
do
35+
Report "suid_file[]=$each_file"
36+
done
37+
IFS=$IFS_OLD
38+
}
39+
#########################################################################
40+
#
41+
# Add custom section to screen output
42+
InsertSection "SUID"
43+
#
44+
#################################################################################
45+
#
46+
# Test : SUID-0001
47+
# Description : We show some lines on the screen
48+
49+
# Register our first custom test
50+
# We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed
51+
Register --test-no SUID-0001 --weight L --network NO --description "A test for find suid file"
52+
if [ ${SKIPTEST} -eq 0 ]; then
53+
# The Display function makes it easy to show something on screen, with colors.
54+
# --indent defines amount of spaces
55+
# --text text to be displayed on screen
56+
# --result text at end of line
57+
# --color color of result text
58+
Display --indent 2 --text "- Finding hidden file" --result OK --color GREEN
59+
check_suid_file;
60+
fi
61+
#
62+
#################################################################################
63+
#
64+
65+
# First check if OPENSSLBINARY is known as a prerequisite for this test.
66+
if [ ! -z "${OPENSSLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
67+
Register --test-no CUST-0001 --preqs-met ${PREQS_MET} --weight M --network NO --description "Description of custom test"
68+
if [ ${SKIPTEST} -eq 0 ]; then
69+
FOUNDPROBLEM=0
70+
DIR="/my/path"
71+
LogText "Test: we are going to check if we can find a particular directory (${DIR})"
72+
# Check if a directory exists
73+
if [ -d ${DIR} ]; then
74+
LogText "Result: log entry for easier debugging or additional information"
75+
else
76+
FOUNDPROBLEM=1
77+
LogText "Result: directory ${DIR} was not found!"
78+
ReportWarning "${TEST_NO}" "This is a test warning line" "${DIR}" "text:Create directory ${DIR}"
79+
fi
80+
81+
if [ ${FOUNDPROBLEM} -eq 0 ]; then
82+
Display --indent 2 --text "- Checking if everything is OK..." --result OK --color GREEN
83+
else
84+
Display --indent 2 --text "- Checking if everything is OK..." --result WARNING --color RED
85+
ReportSuggestion ${TEST_NO} "This is a suggestion"
86+
fi
87+
fi
88+
#
89+
#################################################################################
90+
#
91+
92+
# Wait for keypress (unless --quick is being used)
93+
WaitForKeyPress
94+
95+
#EOF

0 commit comments

Comments
 (0)