def __call__(self):
# Get the data from the file with the password hashes
data = get_file_contents("/etc/shadow")
# Alert if there is no password hash for the root user
if (data is not None) and ("root::" in data):
alert_obj = Alert(
None,
"No password is set for the root user, which should be done immediately.",
AlertType.PRIVACY, Severity.ALERT)
alert_obj.alert()
def __call__(self):
weak_encryption_modes = [
"none'", "wep", "owe'", "psk'", "psk+", "psk-", "wpa'", "wpa+",
"wpa-"
]
data = get_file_contents("/etc/config/wireless")
if data is None:
return
for mode in weak_encryption_modes:
if ("encryption '" + mode) in data:
alert_obj = Alert(
None, "Weak encryption is in use. Switch to WPA2 from " +
mode + ".", ALERT_TYPE.PRIVACY, SEVERITY.ALERT)
alert_obj.alert()
def __call__(self):
data = get_file_contents("/etc/config/dropbear")
if (data is not None) and ("RootPasswordAuth 'on'" in data):
alert_root_login = Alert(
None,
"Root user can login via ssh. Consider disabling this for security purposes.",
ALERT_TYPE.PRIVACY, SEVERITY.INFO)
alert_root_login.alert()
if "PasswordAuth 'on'" in data:
alert_general_login = Alert(
None,
"Password login via ssh is allowed. Consider only allowing keypair login via ssh.",
ALERT_TYPE.PRIVACY, SEVERITY.INFO)
alert_general_login.alert()
def __call__(self):
# Get the data from the file with the dropbear configuration
data = get_file_contents("/etc/config/dropbear")
# Alert if root login is allowed
if (data is not None) and ("option RootPasswordAuth 'on'" in data):
alert_root_login = Alert(None,
"Root user can login via ssh. Consider disabling this for security purposes.",
AlertType.PRIVACY, Severity.INFO)
alert_root_login.alert()
# Alert if password login is allowed
if (data is not None) and ("option PasswordAuth 'on'" in data):
alert_general_login = Alert(None,
"Password login via ssh is allowed. Consider only allowing keypair login via "
"ssh.", AlertType.PRIVACY, Severity.INFO)
alert_general_login.alert()
def __call__(self):
# Define the weak encryption modes to alert on
weak_encryption_modes = [
"none'", "wep", "owe'", "psk'", "psk+", "psk-", "wpa'", "wpa+",
"wpa-"
]
# Get the data from the file with the encryption information
data = get_file_contents("/etc/config/wireless")
if data is None:
return
# Check if any weak encryption modes are used on router
for mode in weak_encryption_modes:
if ("encryption '" + mode) in data:
alert_obj = Alert(
None,
f"Weak encryption is in use. Switch to WPA2 from {mode}.",
AlertType.PRIVACY, Severity.ALERT)
alert_obj.alert()
def __call__(self):
data = get_file_contents("/etc/shadow")
if (data is not None) and ("root::" in data):
alert_obj = Alert(None, "No root password set. Set a root password.", ALERT_TYPE.PRIVACY, SEVERITY.ALERT)
alert_obj.alert()