infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #11050, Add protection checks to Msf::Post::Linux::Kernel lib

4.x
Brent Cook 2018-12-03 13:16:46 -06:00 committed by Metasploit
parent dc7954c829
commit 67155d33cf
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
lib/msf/core/post/linux/kernel.rb
View File

@ -123,6 +123,18 @@ module Kernel
raise 'Could not determine ASLR status'
end
#
# Returns true if Exec-Shield is enabled
#
# @return [Boolean]
#
def exec_shield_enabled?
exec_shield = cmd_exec('cat /proc/sys/kernel/exec-shield').to_s.strip
(exec_shield.eql?('1') || exec_shield.eql?('2'))
rescue
raise 'Could not determine exec-shield status'
end
#
# Returns true if unprivileged bpf is disabled
#
@ -169,6 +181,24 @@ module Kernel
raise 'Could not determine system mmap_min_addr'
end
#
# Returns true if grsecurity is installed
#
def grsec_installed?
cmd_exec('test -c /dev/grsec && echo true').to_s.strip.include? 'true'
rescue
raise 'Could not determine grsecurity status'
end
#
# Returns true if PaX is installed
#
def pax_installed?
cmd_exec('test -x /sbin/paxctl && echo true').to_s.strip.include? 'true'
rescue
raise 'Could not determine PaX status'
end
#
# Returns true if SELinux is installed
#