def parse_sudo_list(self, sudo_list): """ Parse output from sudo -ll """ sudoers_info = [] fm = FileManager('') user = sudo_list[sudo_list.index('User '):].split(' ')[1] sudoers_entries = sudo_list.lower().split('sudoers entry') for sudo_rule in sudoers_entries: if not sudo_rule.startswith(':'): continue idx = sudo_rule.index('commands:\n') info = [ i.split(':')[1].strip() for i in sudo_rule[:idx].strip().split('\n') ] _, run_as_users, run_as_grp, options = info cmds = [ PathInFile(line=cmd.strip(), paths=fm.extract_paths_from_string(cmd.strip())) for cmd in sudo_rule[idx:].replace('commands:\n', '').split('\n') if cmd ] sudoers_info.append({ 'users': [user], 'runas': run_as_users, 'directives': options, 'cmds': cmds, }) self.all_rules += sudoers_info return sudoers_info
def check_nfs_root_squashing(self): """ Check NFS Root Squashing - /etc/exports """ result = [] sfile = '/etc/exports' fm = FileManager(sfile) if fm.file.is_readable: result = fm.parse_nfs_conf(sfile) return 'nfs_root_squashing', {'file': fm, 'result': result}
def check_sudoers(self): ''' Check sudoers file - /etc/sudoers ''' result = [] sfile = '/etc/sudoers' fm = FileManager(sfile) if fm.file.is_readable: result = fm.parse_sudoers(sfile) return 'sudoers_file', result
def check_nfs_root_squashing(self): ''' Check NFS Root Squashing - /etc/exports ''' result = [] sfile = '/etc/exports' fm = FileManager(sfile) if fm.file.is_readable: result = fm.parse_nfs_conf(sfile) return 'nfs_root_squashing', {'file': fm, 'result': result}
def check_sudoers(self): ''' Check sudoers file (/etc/sudoers) ''' result = [] sfile = '/etc/sudoers' fm = FileManager(sfile, is_sudoers=True) if fm.file.is_readable: result = fm.parse_sudoers(sfile) return 'sudoers_file', result
def check_sudoers(self): ''' Check sudoers file - /etc/sudoers ''' result = ([], False) sfile = '/etc/sudoers' fm = FileManager(sfile) if fm.file.is_readable: result = fm.parse_sudoers(sfile) return 'sudoers_file', result
def check_sudo_rules(self): """ Check sudoers file - /etc/sudoers If not possible (permission denied), try using sudo -l """ result = ([], False) sfile = '/etc/sudoers' fm = FileManager(sfile) if fm.file.is_readable: result = fm.parse_sudoers(sfile) else: result = SudoList().parse() return 'sudo_rules', result
def parse_sudo_list(self, sudo_list): """ Parse output from sudo -l """ sudoers_info = [] user_rules = False login = None host = None fm = FileManager('') for line in sudo_list.split('\n'): if not line.strip(): continue if user_rules: m = self.sudoers_pattern.search(line.strip()) runas = m.group("runas") cmds = m.group("cmds") # cmds could be a list of many cmds with many path (split all cmd and check if writable path inside) commands = [ PathInFile(line=cmd.strip(), paths=fm.extract_paths_from_string(cmd.strip())) for cmd in cmds.split(',') if cmd.strip() ] sudoers_info.append({ 'users': [user], 'hosts': [host], 'runas': runas, 'directives': m.group("directives"), 'cmds': commands, }) if line.startswith('User'): # Next lines will contain user rules user_rules = True # Extract login and host on such kinf of line: "User test may run the following commands on xxxxx:" l = line.split() user = l[1] host = l[len(l) - 1][:-1] self.all_rules += sudoers_info return sudoers_info
def check_files_permissions(self): """ Check access on write permissions on sensitive files. """ result = [] interesting_files = [ # directories '/etc/init.d' '/etc/cron.d', '/etc/cron.daily', '/etc/cron.hourly', '/etc/cron.monthly', '/etc/cron.weekly', # files '/etc/sudoers', '/etc/exports', '/etc/at.allow', '/etc/at.deny', '/etc/crontab', '/etc/cron.allow', '/etc/cron.deny', '/etc/anacrontab', '/var/spool/cron/crontabs/root', ] for path in interesting_files: if os.path.isdir(path): for root, dirs, files in os.walk(path): for file in files: fullpath = os.path.join(root, file) fm = FileManager(fullpath, check_inside=True) result.append(fm) else: fm = FileManager(path, check_inside=True) result.append(fm) return 'files_permissions', result
def parse_sudo_list(self, sudo_list): """ Parse output from sudo -ll """ sudoers_info = [] fm = FileManager('') user = sudo_list[sudo_list.index('User '):].split(' ')[1] sudoers_entries = sudo_list.lower().split('sudoers entry') for sudo_rule in sudoers_entries: if not sudo_rule.startswith(':'): continue pattern = re.compile( r"\s*" + "runasusers:\s*(?P<runasusers>\w*)" + "\s*" + "(runasgroups:\s*(?P<runasgroups>\w*))*" + "\s*" + "(options:\s*(?P<options>[\!\w]*))*" + "\s*" + "(commands:\s*(?P<commands>.*))*", re.DOTALL) m = pattern.search(sudo_rule) # Default to empty string '' for values we didn't match data = m.groupdict('') # Remove whitespace and extra tabs from list of commands cmds = [ PathInFile(line=cmd.strip(), paths=fm.extract_paths_from_string(cmd.strip())) for cmd in data['commands'].strip().replace('\t', '').split('\n') ] sudoers_info.append({ 'users': [user], 'runas': data['runasusers'], 'directives': data['options'], 'cmds': cmds, }) self.all_rules += sudoers_info return sudoers_info
def check_suid_bin(self): """ List all suid binaries Using find is much faster than using python to loop through all files looking for suid binaries """ # For GUID => find / -perm -g=s -type f 2>/dev/null cmd = 'find / -perm -u=s -type f 2>/dev/null' process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) out, err = process.communicate() suid = [] for file in out.strip().decode().split('\n'): fm = FileManager(file) suid.append(fm) return 'suid_bin', suid