infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #11060, Add checks to post/linux/gather/enum_protections

master
Brent Cook 2018-12-06 20:17:50 -06:00
parent 7b654409f7 40906e0b36
commit 71f84fe6a7
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
1 changed files with 96 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
modules/post/linux/gather/enum_protections.rb
View File

@ -5,20 +5,21 @@
class MetasploitModule < Msf::Post
include Msf::Post::File
include Msf::Post::Linux::Kernel
include Msf::Post::Linux::System
def initialize(info = {})
super( update_info( info,
super(update_info(info,
'Name' => 'Linux Gather Protection Enumeration',
'Description' => %q{
This module tries to find certain installed applications that can be used
to prevent, or detect our attacks, which is done by locating certain
binary locations, and see if they are indeed executables. For example,
if we are able to run 'snort' as a command, we assume it's one of the files
we are looking for.
This module checks whether popular system hardening mechanisms are
in place, such as SMEP, SMAP, SELinux, PaX and grsecurity. It also
tries to find installed applications that can be used to hinder,
prevent, or detect attacks, such as tripwire, snort, and apparmor.
This module is meant to cover various antivirus, rootkits, IDS/IPS,
firewalls, and other software.
This module is meant to identify Linux Secure Modules (LSM) in addition
to various antivirus, IDS/IPS, firewalls, sandboxes and other security
related software.
},
'License' => MSF_LICENSE,
'Author' => 'ohdae <bindshell[at]live.com>',
@ -35,44 +36,111 @@ class MetasploitModule < Msf::Post
print_status "\t#{distro[:version]}"
print_status "\t#{distro[:kernel]}"
print_status 'Finding system protections...'
check_hardening
print_status 'Finding installed applications...'
find_apps
if framework.db.active
print_status 'System protections saved to notes.'
end
end
def which(env_paths, cmd)
env_paths.each do |path|
cmd_path = "#{path}/#{cmd}"
return cmd_path if file_exist? cmd_path
def report(data)
report_note(
:host => session,
:type => 'linux.protection',
:data => data,
:update => :unique_data
)
end
def check_hardening
if aslr_enabled?
r = 'ASLR is enabled'
print_good r
report r
end
if exec_shield_enabled?
r = 'Exec-Shield is enabled'
print_good r
report r
end
if kaiser_enabled?
r = "KAISER is enabled"
print_good r
report r
end
if smep_enabled?
r = "SMEP is enabled"
print_good r
report r
end
if smap_enabled?
r = "SMAP is enabled"
print_good r
report r
end
if grsec_installed?
r = 'grsecurity is installed'
print_good r
report r
end
if pax_installed?
r = 'PaX is installed'
print_good r
report r
end
if selinux_installed?
if selinux_enforcing?
r = 'SELinux is installed and enforcing'
print_good r
report r
else
r = 'SELinux is installed, but in permissive mode'
print_good r
report r
end
end
if yama_installed?
if yama_enabled?
r = 'Yama is installed and enabled'
print_good r
report r
else
r = 'Yama is installed, but not enabled'
print_good r
report r
end
end
nil
end
def find_apps
apps = %w(
truecrypt bulldog ufw iptables logrotate logwatch
truecrypt bulldog ufw iptables fw-settings logrotate logwatch
chkrootkit clamav snort tiger firestarter avast lynis
rkhunter tcpdump webmin jailkit pwgen proxychains bastille
psad wireshark nagios apparmor honeyd thpot
aa-status gradm2 getenforce tripwire
psad wireshark nagios apparmor oz-seccomp honeyd thpot
aa-status gradm gradm2 getenforce aide tripwire paxctl
)
env_paths = get_path.split ':'
apps.each do |app|
next unless command_exists? app
path = which env_paths, app
next unless path
path = cmd_exec "command -v #{app}"
next unless path.start_with? '/'
print_good "#{app} found: #{path}"
report_note(
:host => session,
:type => 'linux.protection',
:data => path,
:update => :unique_data
)
report path
end
print_status 'Installed applications saved to notes.'
end
end