def parse_sudo_list(self, sudo_list):
"""
Parse output from sudo -ll
"""
sudoers_info = []
fm = FileManager('')
user = sudo_list[sudo_list.index('User '):].split(' ')[1]
sudoers_entries = sudo_list.lower().split('sudoers entry')
for sudo_rule in sudoers_entries:
if not sudo_rule.startswith(':'):
continue
idx = sudo_rule.index('commands:\n')
info = [
i.split(':')[1].strip()
for i in sudo_rule[:idx].strip().split('\n')
]
_, run_as_users, run_as_grp, options = info
cmds = [
PathInFile(line=cmd.strip(),
paths=fm.extract_paths_from_string(cmd.strip())) for
cmd in sudo_rule[idx:].replace('commands:\n', '').split('\n')
if cmd
]
sudoers_info.append({
'users': [user],
'runas': run_as_users,
'directives': options,
'cmds': cmds,
})
self.all_rules += sudoers_info
return sudoers_info
def check_nfs_root_squashing(self):
"""
Check NFS Root Squashing - /etc/exports
"""
result = []
sfile = '/etc/exports'
fm = FileManager(sfile)
if fm.file.is_readable:
result = fm.parse_nfs_conf(sfile)
return 'nfs_root_squashing', {'file': fm, 'result': result}
def check_sudoers(self): ''' Check sudoers file - /etc/sudoers ''' result = [] sfile = '/etc/sudoers' fm = FileManager(sfile) if fm.file.is_readable: result = fm.parse_sudoers(sfile) return 'sudoers_file', result
def check_nfs_root_squashing(self):
'''
Check NFS Root Squashing - /etc/exports
'''
result = []
sfile = '/etc/exports'
fm = FileManager(sfile)
if fm.file.is_readable:
result = fm.parse_nfs_conf(sfile)
return 'nfs_root_squashing', {'file': fm, 'result': result}
def check_sudoers(self): ''' Check sudoers file (/etc/sudoers) ''' result = [] sfile = '/etc/sudoers' fm = FileManager(sfile, is_sudoers=True) if fm.file.is_readable: result = fm.parse_sudoers(sfile) return 'sudoers_file', result
def check_sudoers(self):
'''
Check sudoers file - /etc/sudoers
'''
result = ([], False)
sfile = '/etc/sudoers'
fm = FileManager(sfile)
if fm.file.is_readable:
result = fm.parse_sudoers(sfile)
return 'sudoers_file', result
def check_sudo_rules(self):
"""
Check sudoers file - /etc/sudoers
If not possible (permission denied), try using sudo -l
"""
result = ([], False)
sfile = '/etc/sudoers'
fm = FileManager(sfile)
if fm.file.is_readable:
result = fm.parse_sudoers(sfile)
else:
result = SudoList().parse()
return 'sudo_rules', result
def parse_sudo_list(self, sudo_list):
"""
Parse output from sudo -l
"""
sudoers_info = []
user_rules = False
login = None
host = None
fm = FileManager('')
for line in sudo_list.split('\n'):
if not line.strip():
continue
if user_rules:
m = self.sudoers_pattern.search(line.strip())
runas = m.group("runas")
cmds = m.group("cmds")
# cmds could be a list of many cmds with many path (split all cmd and check if writable path inside)
commands = [
PathInFile(line=cmd.strip(),
paths=fm.extract_paths_from_string(cmd.strip()))
for cmd in cmds.split(',') if cmd.strip()
]
sudoers_info.append({
'users': [user],
'hosts': [host],
'runas': runas,
'directives': m.group("directives"),
'cmds': commands,
})
if line.startswith('User'):
# Next lines will contain user rules
user_rules = True
# Extract login and host on such kinf of line: "User test may run the following commands on xxxxx:"
l = line.split()
user = l[1]
host = l[len(l) - 1][:-1]
self.all_rules += sudoers_info
return sudoers_info
def check_files_permissions(self):
"""
Check access on write permissions on sensitive files.
"""
result = []
interesting_files = [
# directories
'/etc/init.d'
'/etc/cron.d',
'/etc/cron.daily',
'/etc/cron.hourly',
'/etc/cron.monthly',
'/etc/cron.weekly',
# files
'/etc/sudoers',
'/etc/exports',
'/etc/at.allow',
'/etc/at.deny',
'/etc/crontab',
'/etc/cron.allow',
'/etc/cron.deny',
'/etc/anacrontab',
'/var/spool/cron/crontabs/root',
]
for path in interesting_files:
if os.path.isdir(path):
for root, dirs, files in os.walk(path):
for file in files:
fullpath = os.path.join(root, file)
fm = FileManager(fullpath, check_inside=True)
result.append(fm)
else:
fm = FileManager(path, check_inside=True)
result.append(fm)
return 'files_permissions', result
def parse_sudo_list(self, sudo_list):
"""
Parse output from sudo -ll
"""
sudoers_info = []
fm = FileManager('')
user = sudo_list[sudo_list.index('User '):].split(' ')[1]
sudoers_entries = sudo_list.lower().split('sudoers entry')
for sudo_rule in sudoers_entries:
if not sudo_rule.startswith(':'):
continue
pattern = re.compile(
r"\s*" + "runasusers:\s*(?P<runasusers>\w*)" + "\s*" +
"(runasgroups:\s*(?P<runasgroups>\w*))*" + "\s*" +
"(options:\s*(?P<options>[\!\w]*))*" + "\s*" +
"(commands:\s*(?P<commands>.*))*", re.DOTALL)
m = pattern.search(sudo_rule)
# Default to empty string '' for values we didn't match
data = m.groupdict('')
# Remove whitespace and extra tabs from list of commands
cmds = [
PathInFile(line=cmd.strip(),
paths=fm.extract_paths_from_string(cmd.strip())) for
cmd in data['commands'].strip().replace('\t', '').split('\n')
]
sudoers_info.append({
'users': [user],
'runas': data['runasusers'],
'directives': data['options'],
'cmds': cmds,
})
self.all_rules += sudoers_info
return sudoers_info
def check_suid_bin(self):
"""
List all suid binaries
Using find is much faster than using python to loop through all files looking for suid binaries
"""
# For GUID => find / -perm -g=s -type f 2>/dev/null
cmd = 'find / -perm -u=s -type f 2>/dev/null'
process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = process.communicate()
suid = []
for file in out.strip().decode().split('\n'):
fm = FileManager(file)
suid.append(fm)
return 'suid_bin', suid
