diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2017-04-23 21:06:54 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-04-23 21:06:54 +0300 |
| commit | 70ea29483a5fcb82ddc89d656227194560b502f2 (patch) | |
| tree | d90db794f0ae7419b81e2b466ec017565ca176eb /include/tests_shells | |
| parent | 9e9b95e1daf9d64d7753d37b48e88697b297fa36 (diff) | |
Code enhancements
Diffstat (limited to 'include/tests_shells')
| -rw-r--r-- | include/tests_shells | 111 |
1 files changed, 50 insertions, 61 deletions
diff --git a/include/tests_shells b/include/tests_shells index 6fb612a1..c6c1cff5 100644 --- a/include/tests_shells +++ b/include/tests_shells @@ -39,9 +39,9 @@ # /etc/zsh/zprofile $HOME/.zprofile /etc/zshrc /etc/zsh/zshrc # $ZDOTDIR/.zshrc /etc/zlogin /etc/zsh/zlogin - SHELL_LOGIN_FILES="/etc/csh.cshrc /etc/csh.login /etc/zshenv /etc/zsh/zshenv - /etc/zprofile /etc/zsh/zprofile /etc/zshrc /etc/zsh/zshrc - /etc/zlogin /etc/zsh/zlogin" + SHELL_LOGIN_FILES="${ROOTDIR}etc/csh.cshrc ${ROOTDIR}etc/csh.login ${ROOTDIR}etc/zshenv ${ROOTDIR}etc/zsh/zshenv + ${ROOTDIR}etc/zprofile ${ROOTDIR}etc/zsh/zprofile ${ROOTDIR}etc/zshrc ${ROOTDIR}etc/zsh/zshrc + ${ROOTDIR}etc/zlogin ${ROOTDIR}etc/zsh/zlogin" # ################################################################################# # @@ -51,11 +51,11 @@ Register --test-no SHLL-6202 --os FreeBSD --weight L --network NO --category security --description "Check console TTYs" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking console TTYs" - FIND=$(${EGREPBINARY} '^console' /etc/ttys | ${GREPBINARY} -v 'insecure') - if [ "${FIND}" = "" ]; then + FIND=$(${EGREPBINARY} '^console' ${ROOTDIR}etc/ttys | ${GREPBINARY} -v 'insecure') + if [ -z "${FIND}" ]; then Display --indent 2 --text "- Checking console TTYs" --result "${STATUS_OK}" --color GREEN LogText "Result: console is secured against single user mode without password." - else + else Display --indent 2 --text "- Checking console TTYs" --result "${STATUS_WARNING}" --color RED LogText "Result: Found insecure console in /etc/ttys. Single user mode login without password allowed!" LogText "Output /etc/ttys:" @@ -71,26 +71,26 @@ # Description : which shells are available according /etc/shells Register --test-no SHLL-6211 --weight L --network NO --category security --description "Checking available and valid shells" if [ ${SKIPTEST} -eq 0 ]; then - LogText "Test: Searching for /etc/shells" + LogText "Test: Searching for ${ROOTDIR}etc/shells" if [ -f /etc/shells ]; then LogText "Result: Found /etc/shells file" LogText "Test: Reading available shells from /etc/shells" - SSHELLS=$(${GREPBINARY} "^/" /etc/shells) + SSHELLS=$(${GREPBINARY} "^/" ${ROOTDIR}etc/shells) CSSHELLS=0; CSSHELLS_ALL=0 Display --indent 2 --text "- Checking shells from /etc/shells" for I in ${SSHELLS}; do CSSHELLS_ALL=$((CSSHELLS_ALL + 1)) Report "available_shell[]=${I}" - # YYY add check for symlinked shells + # TODO add check for symlinked shells if [ -f ${I} ]; then LogText "Found installed shell: ${I}" CSSHELLS=$((CSSHELLS + 1)) - else + else LogText "Shell ${I} not installed. Probably a dummy or non existing shell." fi done Display --indent 4 --text "Result: found ${CSSHELLS_ALL} shells (valid shells: ${CSSHELLS})." - else + else LogText "Result: /etc/shells not found, skipping test" fi fi @@ -115,12 +115,12 @@ Report="session_timeout_method[]=autolog" fi - if [ -f /etc/profile ]; then + if [ -f ${ROOTDIR}etc/profile ]; then # Determine if we can find a TMOUT value - FIND=$(${GREPBINARY} 'TMOUT=' /etc/profile | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }') + FIND=$(${GREPBINARY} 'TMOUT=' ${ROOTDIR}etc/profile | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }') # Determine if the value is exported (with export, readonly, or typeset) FIND2=$(${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' /etc/profile | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }') - if [ ! "${FIND}" = "" ]; then + if [ ! -z "${FIND}" ]; then N=0; IDLE_TIMEOUT=1 for I in ${FIND}; do LogText "Output: ${I}" @@ -129,15 +129,15 @@ done if [ ${N} -eq 1 ]; then LogText "Result: found TMOUT value configured in /etc/profile" - else + else LogText "Result: found several TMOUT values configured in /etc/profile" fi Report "session_timeout_method[]=profile" - else + else LogText "Result: could not find TMOUT setting in /etc/profile" fi - if [ ! "${FIND2}" = "" ]; then + if [ ! -z "${FIND2}" ]; then N=0; for I in ${FIND2}; do LogText "Output: ${I}" @@ -148,26 +148,26 @@ if [ ${N} -gt 0 ]; then LogText "Result: found readonly setting in /etc/profile (readonly or typeset -r)" Report "session_timeout_set_readonly=1" - else + else LogText "Result: NO readonly setting found in /etc/profile (readonly or typeset -r)" Report "session_timeout_set_readonly=0" fi - else + else LogText "Result: could not find export, readonly or typeset -r in /etc/profile" fi - else + else LogText "Result: skip /etc/profile test, file not available on this system" fi - if [ -d /etc/profile.d ]; then - FIND=$(ls /etc/profile.d/*.sh 2> /dev/null) - if [ ! "${FIND}" = "" ]; then + if [ -d ${ROOTDIR}etc/profile.d ]; then + FIND=$(${LSBINARY} ${ROOTDIR}etc/profile.d/*.sh 2> /dev/null) + if [ ! -z "${FIND}" ]; then # Determine if we can find a TMOUT value - FIND=$(cat /etc/profile.d/*.sh 2> /dev/null | ${GREPBINARY} 'TMOUT=' | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }') + FIND=$(${CATBINARY} ${ROOTDIR}etc/profile.d/*.sh 2> /dev/null | ${GREPBINARY} 'TMOUT=' | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }') # Determine if the value is exported (with export, readonly, or typeset) - FIND2=$(cat /etc/profile.d/*.sh 2> /dev/null | ${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }') + FIND2=$(${CATBINARY} ${ROOTDIR}etc/profile.d/*.sh 2> /dev/null | ${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }') - if [ ! "${FIND}" = "" ]; then + if [ ! -z "${FIND}" ]; then N=0; IDLE_TIMEOUT=1 for I in ${FIND}; do LogText "Output: ${I}" @@ -176,15 +176,15 @@ done if [ ${N} -eq 1 ]; then LogText "Result: found TMOUT value configured in one of the files in /etc/profile.d directory" - else + else LogText "Result: found several TMOUT values configured in one of the files in /etc/profile.d directory" fi Report "session_timeout_method[]=profile" - else + else LogText "Result: could not find TMOUT setting in /etc/profile.d/*.sh" fi # Check for readonly - if [ ! "${FIND2}" = "" ]; then + if [ ! -z "${FIND2}" ]; then N=0; for I in ${FIND2}; do LogText "Output: ${I}" @@ -195,11 +195,11 @@ if [ ${N} -gt 0 ]; then LogText "Result: found readonly setting in /etc/profile (readonly or typeset -r)" Report "session_timeout_set_readonly=1" - else + else LogText "Result: NO readonly setting found in /etc/profile (readonly or typeset -r)" Report "session_timeout_set_readonly=0" fi - else + else LogText "Result: could not find export, readonly or typeset -r in /etc/profile" fi fi @@ -232,10 +232,10 @@ LogText "Result: file ${FILE} exists" FOUND=1 FIND=$(${GREPBINARY} umask ${FILE} | ${SEDBINARY} 's/^[ \t]*//g' | ${SEDBINARY} 's/#.*$//' | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ print $2 }') - if [ "${FIND}" = "" ]; then + if [ -z "${FIND}" ]; then LogText "Result: did not find umask configured in ${FILE}" Display --indent 4 --text "- Checking default umask in ${FILE}" --result "${STATUS_NONE}" --color YELLOW - else + else for UMASKVALUE in ${FIND}; do LogText "Result: found umask ${UMASKVALUE} in ${FILE}" case ${UMASKVALUE} in @@ -251,27 +251,22 @@ if [ ${HARDENING_POSSIBLE} -eq 0 ]; then Display --indent 4 --text "- Checking default umask in ${FILE}" --result "${STATUS_OK}" --color GREEN AddHP 3 3 - else + else Display --indent 4 --text "- Checking default umask in ${FILE}" --result WEAK --color YELLOW AddHP 1 3 fi fi else - LogText "Result: file ${FILE} not found" + LogText "Result: file ${FILE} not found" fi done - #if [ ${FOUND} -eq 1 ]; then - # if [ ${HARDENING_POSSIBLE} -eq 0 ]; then - # LogText "Result: all shell files found, contain a proper umask" - # Display --indent 4 --text "- Default umask" --result "${STATUS_OK}" --color GREEN - # fi - #fi fi # ################################################################################# # # Test : SHLL-6290 # Description : Check for Shellshock vulnerability + # TODO remove this test? Register --test-no SHLL-6290 --weight H --network NO --category security --description "Perform Shellshock vulnerability tests" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 @@ -281,13 +276,13 @@ if [ -f /etc/shells ]; then LogText "Test: checking for bash shell in /etc/shells" FIND=$(${EGREPBINARY} '(/usr)?(/local)?/bin/bash' /etc/shells | ${GREPBINARY} -v "^#" | head -1) - else + else LogText "Test: checking if bash is available via which command" FIND=$(which bash 2> /dev/null | grep -v "no [^ ]* in " | head -1) fi LogText "Result: command revealed ${FIND} as output" - if [ ! "${FIND}" = "" ]; then + if [ ! -z "${FIND}" ]; then if [ -x "${FIND}" -a ! -L "${FIND}" ]; then LogText "Result: found ${FIND} as a valid shell" CreateTempFile || ExitFatal @@ -298,14 +293,13 @@ echo "env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c \"echo test\" 2>&1 | ${GREPBINARY} 'vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null) rm -f ${SHELLSHOCK_TMP} - if [ ! "${VULNERABLE}" = "" ]; then + if [ ! -z "${VULNERABLE}" ]; then LogText "Output: ${VULNERABLE}" LogText "Result: Vulnerable to original shellshock (CVE-2014-6271)" Display --indent 2 --text "- Shellshock: CVE-2014-6271 (original shellshocker)" --result "${STATUS_WARNING}" --color RED FOUND=1 - else + else LogText "Result: Not vulnerable to original shellshock (CVE-2014-6271)" - #Display --indent 4 --text "- CVE-2014-6271 (original shellshocker)" --result "${STATUS_OK}" --color GREEN fi # CVE-2014-6277 (disabled, as this test was giving too much false positives) @@ -315,14 +309,13 @@ echo "shellshocker='() { echo vulnerable; }' bash -c shellshocker 2>/dev/null | ${GREPBINARY} 'vulnerable'" > ${SHELLSHOCK_TMP} VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null) rm -f ${SHELLSHOCK_TMP} - if [ ! "${VULNERABLE}" = "" ]; then + if [ ! -z "${VULNERABLE}" ]; then LogText "Output: ${VULNERABLE}" LogText "Result: Vulnerable to CVE-2014-6278" Display --indent 2 --text "- Shellshock: CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "${STATUS_WARNING}" --color RED FOUND=1 - else + else LogText "Result: Not vulnerable to CVE-2014-6278" - #Display --indent 4 --text "- CVE-2014-6278 (Florian's patch, lcamtuf bug #2)" --result "${STATUS_OK}" --color GREEN fi # CVE-2014-7169 @@ -335,9 +328,8 @@ LogText "Result: Vulnerable to taviso bug (CVE-2014-7169)" Display --indent 2 --text "- Shellshock: CVE-2014-7169 (taviso bug)" --result "${STATUS_WARNING}" --color RED FOUND=1 - else + else LogText "Result: Not vulnerable to taviso bug (CVE-2014-7169)" - #Display --indent 4 --text "- CVE-2014-7169 (taviso bug)" --result "${STATUS_OK}" --color GREEN fi # CVE-2014-7186 @@ -350,9 +342,8 @@ LogText "Result: Vulnerable to CVE-2014-7186" Display --indent 2 --text "- Shellshock: CVE-2014-7186 redir_stack bug" --result "${STATUS_WARNING}" --color RED FOUND=1 - else + else LogText "Result: Not vulnerable to CVE-2014-7186" - #Display --indent 4 --text "- CVE-2014-7186 redir_stack bug" --result "${STATUS_OK}" --color GREEN fi # CVE-2014-7187 @@ -365,9 +356,8 @@ LogText "Result: Vulnerable to CVE-2014-7187" Display --indent 2 --text "- Shellshock: CVE-2014-7187 nested loops off by one bug" --result "${STATUS_WARNING}" --color RED FOUND=1 - else + else LogText "Result: Not vulnerable to CVE-2014-7187" - #Display --indent 4 --text "- CVE-2014-7187 nested loops off by one bug" --result "${STATUS_OK}" --color GREEN fi # CVE-2014-//// @@ -375,26 +365,25 @@ echo "env X=' () { }; echo hello' bash -c 'date'| ${GREPBINARY} 'hello'" > ${SHELLSHOCK_TMP} VULNERABLE=$(${FIND} ${SHELLSHOCK_TMP} 2> /dev/null) rm -f ${SHELLSHOCK_TMP} - if [ ! "${VULNERABLE}" = "" ]; then + if [ ! -z "${VULNERABLE}" ]; then LogText "Output: ${VULNERABLE}" LogText "Result: Vulnerable to CVE-2014-//// (exploit #3 on shellshocker.net)" Display --indent 2 --text "- Shellshock: Exploit #3 on shellshocker.net (no CVE)" --result "${STATUS_WARNING}" --color RED FOUND=1 - else + else LogText "Result: Not vulnerable to exploit #3 on shellshocker.net (no CVE)" - #Display --indent 4 --text "- Exploit#3 on shellshocker.net (no CVE)" --result "${STATUS_OK}" --color GREEN fi - else + else LogText "Result: bash binary found, but not executable, or it is symlinked" fi - else + else LogText "Result: could not find bash to be a valid shell" fi if [ ${FOUND} -eq 1 ]; then ReportWarning ${TEST_NO} "System vulnerable to Shellshock (bash)" AddHP 0 25 - else + else AddHP 5 5 fi unset x |