def _get_files(self): extensions = [ "aac", "ac3", "avi", "aiff", "bat", "bmp", "exe", "flac", "gif", "jpeg", "jpg", "mov", "m3u", "m4p", "mp2", "mp3", "mp4", "mpeg4", "midi", "msi", "ogg", "png", "txt", "sh", "wav", "wma", "vqf" ] common.warn("Only searching for prohibited files in user directories!") if "Linux" in plugin.get_os(): directory = "/home" elif "Windows" in plugin.get_os(): directory = "C:\\Users" else: return [] common.info( "Searching {} for prohibited files. This may take a while...") files = [] for extension in extensions: x = glob.glob(os.path.join(directory, "**/*." + extension), recursive=True) files.extend(x) return files
def _create_users(self, users): for user in users: common.info("Adding {}...".format(user)) if "Linux" in plugin.get_os(): common.run("useradd -s /bin/bash -m {}".format(user)) common.info("Added user {}".format(user)) elif "Windows" in plugin.get_os(): os.system("net user \"{}\" /add".format(user))
def _get_current_users(self): if "Linux" in plugin.get_os(): return common.get_current_users() elif "Windows" in plugin.get_os(): all_users = [] data = list(win32net.NetUserEnum(None, 0))[0] for piece in data: all_users.append(piece["name"]) return all_users
def _get_home_directories(self): if "Windows" in plugin.get_os(): return glob.glob("C:\\Users\\*\\") elif "Linux" in plugin.get_os(): dir_list = glob.glob("/home/*/") # This could be damaging so ask first! if common.input_yesno( "Would you like to clear the root directory too"): dir_list.append("/root/") return dir_list else: raise Exception("Unexpected Operating System")
def _set_admin_users(self, users): common.info("Setting admin users...") for user in users: if "Linux" in plugin.get_os(): # list of groups we want to add the user to admin_roles = ["sudo", "adm"] # add the admin roles common.run("usermod -aG {0} {1}".format( ",".join(admin_roles), user)) elif "Windows" in plugin.get_os(): groups = win32net.NetUserGetLocalGroups(None, user) if "Administrators" not in groups: os.system( "net localgroup Administrators \"{}\" /add".format( user))
def _set_standard_users(self, users): common.info("Setting standard users...") for user in users: if "Linux" in plugin.get_os(): # set only group to be the user's primary group common.run("usermod -G {0} {0}".format(user)) common.run("usermod -aG users {}".format(user)) common.info("Removed all groups from user {}".format(user)) elif "Windows" in plugin.get_os(): groups = win32net.NetUserGetLocalGroups(None, user) for group in groups: if group != "Users": os.system( "net localgroup \"{}\" \"{}\" /delete".format( group, user))
def _set_default_hosts(self): """Clears hosts and sets default hostname.""" if "Linux" in plugin.get_os(): hostname = "CADSHOST" common.backup("/etc/hostname") with open("/etc/hostname", "w") as out_file: out_file.write(hostname + "\n") with open("policies/hosts") as in_file: text = in_file.read() hosts = text.format(hostname) common.backup("/etc/hosts") with open("/etc/hosts", "w") as out_file: out_file.write(hosts) common.run("hostname {}".format(hostname)) else: with open("policies/hosts.win") as in_file: text = in_file.read() path = "C:\\Windows\\System32\\drivers\\etc\\hosts" # Ah ha, CI, you won't get past this! common.backup(path) with open(path, "w") as out_file: out_file.write(text)
def _delete_users(self, users): for user in users: common.info("Deleting {}...".format(user)) if "Linux" in plugin.get_os(): # TODO backup user directory # TODO find any other files elsewhere in the system that user owns common.run("crontab -r -u {}".format(user)) common.run("userdel -r {}".format(user)) common.info("Deleted user {}".format(user)) elif "Windows" in plugin.get_os(): # TODO remove this if user in "GuestAdministrator,DefaultAccount,defaultuser0": continue try: win32net.NetUserDel(None, user) except Exception as ex: common.error("Error while deleting user {}".format(user), ex)
def _add_user_js(self): if "Windows" in plugin.get_os(): home_dir = "C:\\Users" profile_dir = "AppData\\Roaming\\Mozilla\\Firefox\\profiles" elif "Linux" in plugin.get_os(): home_dir = "/home/" profile_dir = ".mozilla/firefox/" home_dirs = os.listdir(home_dir) for home in home_dirs: current_profile_dir = os.path.join(home_dir, home, profile_dir) if os.path.isdir(current_profile_dir): common.info("Adding user.js for {}".format(home)) profiles = os.listdir(current_profile_dir) for profile in profiles: path = os.path.join(current_profile_dir, profile) if os.path.isdir(path): shutil.copy("user.js", path)
def execute(self): """Execute plugin.""" if "Linux" in plugin.get_os(): common.backup("/etc/passwd") common.backup("/etc/group") common.backup("/etc/shadow") current_user = common.input_text("What is the current username") admins = self._get_users("Admin") # ensures the current user isn't in the admin list if current_user in admins: admins.remove(current_user) standard = self._get_users("Standard") # ensures the current user isn't in the standard list if current_user in standard: standard.remove(current_user) current_users = self._get_current_users() common.debug("Found users: {}".format(", ".join(current_users))) # first we need to get rid of the bad users bad_users = [] for user in current_users: if user not in [current_user] + admins + standard: bad_users.append(user) self._delete_users(bad_users) current_users = list(set(current_users) - set(bad_users)) # find new users new_users = [] for user in admins + standard: if user not in current_users: new_users.append(user) self._create_users(new_users) # set all users to a standard user self._set_standard_users(standard) # set admin users to admin self._set_admin_users(admins) # change password to a secure one common.info("Changing passwords") for index, user in enumerate([current_user] + admins + standard): if user != current_user: # Not sure if we want to do this on the main user password = "******".format(index) self._change_password(user, password) self._set_password_no_expire(user) self._change_password_on_login(user)
def main(): """Main function.""" # Need to get plugins first for arguments to function plugin.find_plugins() parser = argparse.ArgumentParser( description="Automatically fixes common security vulnerabilities.", epilog="Default behaviour is to attempt to run all plugins") parser.add_argument("--list-plugins", "-l", action="store_true", help="Lists all plugins", dest="list_plugins") parser.add_argument("--run-plugin", "-r", "-p", choices=get_plugins(), nargs="+", metavar="N", help="Run specific plugins", dest="plugins") parser.add_argument("--run-all", "-R", action="store_true", help="Run all available plugins", dest="run_all") parser.add_argument("--disable-root-check", "--no-root", "-d", action="store_true", help="Disable root check", dest="no_root_check") parser.add_argument("--disable-python-check", action="store_true", help="Disable Python version check", dest="disable_python_check") args = parser.parse_args() info("Welcome to CentSecure!") debug("This computer is running {} version {}".format( plugin.get_os(), plugin.get_os_version())) if args.list_plugins: plugins = get_plugins() for p in plugins: stdout("- {}".format(p)) sys.exit(0) if not args.disable_python_check and not _check_python_version(): warn( "CentSecure requires Python 3.7.x, you are using {}. Use the option --disable-python-check to bypass." .format(python_version())) sys.exit(1) firsttime.run_all() if args.run_all: to_run = get_plugins() elif args.plugins is not None: to_run = args.plugins else: to_run = get_default_plugins() if is_admin() or args.no_root_check: debug("Running CentSecure with the following {} plugins: {}".format( len(to_run), ", ".join(to_run))) run(to_run) else: warn( "CentSecure should be run as root or administator. Use the option --disable-root-check to bypass." ) sys.exit(1)
def execute(self): """Execute the payload.""" if "Windows" in plugin.get_os(): self._windows() else: common.debug("Skipping localisation")
def _set_password_no_expire(self, user): if "Windows" in plugin.get_os(): # Password has to be set to expire in order to enforce change password on login os.system( "wmic useraccount where \"Name='{}'\" set PasswordExpires=true" .format(user))
def _change_password_on_login(self, user): if "Linux" in plugin.get_os(): # TODO see if this can be implemented pass elif "Windows" in plugin.get_os(): os.system("net user \"{}\" /logonpasswordchg:yes".format(user))
def _change_password(self, user, password): common.info("Changing password of {0} to {1}".format(user, password)) if "Linux" in plugin.get_os(): common.run_full("echo '{0}:{1}' | chpasswd".format(user, password)) elif "Windows" in plugin.get_os(): os.system("net user \"{}\" \"{}\"".format(user, password))
"""A plugin to manage user accounts.""" import plugin import common import sys import os try: import win32net except ModuleNotFoundError: if "Windows" in plugin.get_os(): common.warn("The 'win32net' package is required for Windows systems!") sys.exit(1) class AccountManagement(plugin.Plugin): """A universal plugin to configure users. Add and remove users and promote to/demote from admin. """ name = "Account Management" os = ["ALL"] os_version = ["ALL"] def execute(self): """Execute plugin.""" if "Linux" in plugin.get_os(): common.backup("/etc/passwd") common.backup("/etc/group") common.backup("/etc/shadow")