Land #11060, Add checks to post/linux/gather/enum_protections
commit
71f84fe6a7
|
@ -5,20 +5,21 @@
|
|||
|
||||
class MetasploitModule < Msf::Post
|
||||
include Msf::Post::File
|
||||
include Msf::Post::Linux::Kernel
|
||||
include Msf::Post::Linux::System
|
||||
|
||||
def initialize(info = {})
|
||||
super( update_info( info,
|
||||
super(update_info(info,
|
||||
'Name' => 'Linux Gather Protection Enumeration',
|
||||
'Description' => %q{
|
||||
This module tries to find certain installed applications that can be used
|
||||
to prevent, or detect our attacks, which is done by locating certain
|
||||
binary locations, and see if they are indeed executables. For example,
|
||||
if we are able to run 'snort' as a command, we assume it's one of the files
|
||||
we are looking for.
|
||||
This module checks whether popular system hardening mechanisms are
|
||||
in place, such as SMEP, SMAP, SELinux, PaX and grsecurity. It also
|
||||
tries to find installed applications that can be used to hinder,
|
||||
prevent, or detect attacks, such as tripwire, snort, and apparmor.
|
||||
|
||||
This module is meant to cover various antivirus, rootkits, IDS/IPS,
|
||||
firewalls, and other software.
|
||||
This module is meant to identify Linux Secure Modules (LSM) in addition
|
||||
to various antivirus, IDS/IPS, firewalls, sandboxes and other security
|
||||
related software.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => 'ohdae <bindshell[at]live.com>',
|
||||
|
@ -35,44 +36,111 @@ class MetasploitModule < Msf::Post
|
|||
print_status "\t#{distro[:version]}"
|
||||
print_status "\t#{distro[:kernel]}"
|
||||
|
||||
print_status 'Finding system protections...'
|
||||
check_hardening
|
||||
|
||||
print_status 'Finding installed applications...'
|
||||
find_apps
|
||||
|
||||
if framework.db.active
|
||||
print_status 'System protections saved to notes.'
|
||||
end
|
||||
end
|
||||
|
||||
def which(env_paths, cmd)
|
||||
env_paths.each do |path|
|
||||
cmd_path = "#{path}/#{cmd}"
|
||||
return cmd_path if file_exist? cmd_path
|
||||
def report(data)
|
||||
report_note(
|
||||
:host => session,
|
||||
:type => 'linux.protection',
|
||||
:data => data,
|
||||
:update => :unique_data
|
||||
)
|
||||
end
|
||||
|
||||
def check_hardening
|
||||
if aslr_enabled?
|
||||
r = 'ASLR is enabled'
|
||||
print_good r
|
||||
report r
|
||||
end
|
||||
|
||||
if exec_shield_enabled?
|
||||
r = 'Exec-Shield is enabled'
|
||||
print_good r
|
||||
report r
|
||||
end
|
||||
|
||||
if kaiser_enabled?
|
||||
r = "KAISER is enabled"
|
||||
print_good r
|
||||
report r
|
||||
end
|
||||
|
||||
if smep_enabled?
|
||||
r = "SMEP is enabled"
|
||||
print_good r
|
||||
report r
|
||||
end
|
||||
|
||||
if smap_enabled?
|
||||
r = "SMAP is enabled"
|
||||
print_good r
|
||||
report r
|
||||
end
|
||||
|
||||
if grsec_installed?
|
||||
r = 'grsecurity is installed'
|
||||
print_good r
|
||||
report r
|
||||
end
|
||||
|
||||
if pax_installed?
|
||||
r = 'PaX is installed'
|
||||
print_good r
|
||||
report r
|
||||
end
|
||||
|
||||
if selinux_installed?
|
||||
if selinux_enforcing?
|
||||
r = 'SELinux is installed and enforcing'
|
||||
print_good r
|
||||
report r
|
||||
else
|
||||
r = 'SELinux is installed, but in permissive mode'
|
||||
print_good r
|
||||
report r
|
||||
end
|
||||
end
|
||||
|
||||
if yama_installed?
|
||||
if yama_enabled?
|
||||
r = 'Yama is installed and enabled'
|
||||
print_good r
|
||||
report r
|
||||
else
|
||||
r = 'Yama is installed, but not enabled'
|
||||
print_good r
|
||||
report r
|
||||
end
|
||||
end
|
||||
nil
|
||||
end
|
||||
|
||||
def find_apps
|
||||
apps = %w(
|
||||
truecrypt bulldog ufw iptables logrotate logwatch
|
||||
truecrypt bulldog ufw iptables fw-settings logrotate logwatch
|
||||
chkrootkit clamav snort tiger firestarter avast lynis
|
||||
rkhunter tcpdump webmin jailkit pwgen proxychains bastille
|
||||
psad wireshark nagios apparmor honeyd thpot
|
||||
aa-status gradm2 getenforce tripwire
|
||||
psad wireshark nagios apparmor oz-seccomp honeyd thpot
|
||||
aa-status gradm gradm2 getenforce aide tripwire paxctl
|
||||
)
|
||||
|
||||
env_paths = get_path.split ':'
|
||||
|
||||
apps.each do |app|
|
||||
next unless command_exists? app
|
||||
|
||||
path = which env_paths, app
|
||||
next unless path
|
||||
path = cmd_exec "command -v #{app}"
|
||||
next unless path.start_with? '/'
|
||||
|
||||
print_good "#{app} found: #{path}"
|
||||
report_note(
|
||||
:host => session,
|
||||
:type => 'linux.protection',
|
||||
:data => path,
|
||||
:update => :unique_data
|
||||
)
|
||||
report path
|
||||
end
|
||||
|
||||
print_status 'Installed applications saved to notes.'
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue