openkylin
/
genmai
mirror of https://gitee.com/openkylin/genmai.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

update baseline yaml

This commit is contained in:
song 2023-01-04 16:35:44 +08:00
parent 726f6d1f84
commit 5647a248a5
21 changed files with 90 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
data/BaseLine/BaseLine.yaml
View File

@ -1,6 +1,6 @@
ConfigFilePrefix: /home/test/桌面/genmai/data/BaseLine/
Type: baseline
RootPasswd:
RootPasswd: sbcj1999
ExplorerItems:
- ConfigFile: UserAnalysis/checkUser.yaml #检测root权限用户
- ConfigFile: UserAnalysis/checkGid.yaml #检测特权组用户
@ -9,4 +9,6 @@ ExplorerItems:
- ConfigFile: UserAnalysis/checkRootAuthorizedKeys.yaml #检测root是否是免密登录的公钥
- ConfigFile: UserAnalysis/checkSshPwdAnalysis.yaml #检测ssh空密码登录
- ConfigFile: UserAnalysis/checkShadowFile.yaml #检测shadow文件权限
- ConfigFile: UserAnalysis/checkPasswdFile.yaml #检测Passwd文件权限
- ConfigFile: UserAnalysis/checkPasswdFile.yaml #检测Passwd文件权限
- ConfigFile: UserAnalysis/checkSshBruteProtectionAnalysis.yaml #检测ssh暴力破解防护是否开启
- ConfigFile: FileCheck/CheckFileJurisdiction.yaml

16
data/BaseLine/FileCheck/CheckFileJurisdiction.yaml Normal file
View File

@ -0,0 +1,16 @@
FormatVer: 20220411
Id: CheckFileJurisdiction
Belong: baseline
SiteInfo:
Name: 检测root目录下存在777权限的文件
Power : "root"
SiteRequests:
Implement:
ImArray:
- Exec : find
Args :
- /root
- -perm 777
Inter:
- "" #判断输出为空为不存在
Condition: None

6
data/BaseLine/UserAnalysis/checkEmpty.yaml
View File

@ -7,8 +7,10 @@ Power : "root"
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "awk -F: 'length($2)==0 {print $1}' /etc/shadow"
- Exec : awk
Args :
- "-F: "
- "'length($2)==0 {print $1}' /etc/shadow"
Inter:
- "" #判断输出为空为不存在
Condition: None

6
data/BaseLine/UserAnalysis/checkGid.yaml
View File

@ -7,8 +7,10 @@ Power :
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "cat /etc/passwd | grep '/bin/bash' | awk -F: '$4==0 {print $1}' 2>/dev/null"
- Exec : /bin/bash
Args :
- "-c"
- "cat /etc/passwd | grep '/bin/bash' | awk -F: '$4==0 {print $1}' 2>/dev/null"
Inter:
- "root" #判断输出为'uid=0(root)'为不存在
Condition: None

7
data/BaseLine/UserAnalysis/checkPasswdFile.yaml
View File

@ -7,9 +7,10 @@ Power :
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "ls -l /etc/passwd |awk '{print $1}'"
Power :
- Exec : /bin/bash
Args :
- "-c"
- "ls -l /etc/passwd |awk '{print $1}'"
Inter:
- "-rw-r--r--" #判断输出为'-rw-r--r--'为不存在
Condition: None

6
data/BaseLine/UserAnalysis/checkRootAuthorizedKeys.yaml
View File

@ -7,8 +7,10 @@ Power : "root"
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "find /root/.ssh/ -name authorized_keys"
- Exec : find
Args :
- /root/.ssh/
- -name authorized_keys
Inter:
- "" #判断输出为空为不存在
Condition: None

6
data/BaseLine/UserAnalysis/checkShadowFile.yaml
View File

@ -7,8 +7,10 @@ Power :
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "ls -l /etc/shadow |awk '{print $1}'"
- Exec : /bin/bash
Args :
- "-c"
- "ls -l /etc/shadow |awk '{print $1}'"
Power :
Inter:
- "-rw-r-----" #判断输出为'-rw-r--r--'为不存在

16
data/BaseLine/UserAnalysis/checkSshBruteProtectionAnalysis.yaml Normal file
View File

@ -0,0 +1,16 @@
FormatVer: 20220411
Id: checkSshBruteProtectionAnalysis
Belong: baseline
SiteInfo:
Name: 检测ssh暴力破解防护是否开启
Power :
SiteRequests:
Implement:
ImArray:
- Exec : /bin/bash
Args :
- "-c"
- "grep -i maxauthtries /etc/ssh/sshd_config| awk '{print $1}'"
Inter:
- "#MaxAuthTries" #判断输出为'#MaxAuthTries'为不存在
Condition: None

7
data/BaseLine/UserAnalysis/checkSshPwdAnalysis.yaml
View File

@ -7,9 +7,10 @@ Power :
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "grep -i empty /etc/ssh/sshd_config"
Power :
- Exec : /bin/bash
Args :
- "-c"
- "grep -i empty /etc/ssh/sshd_config"
Inter:
- "#PermitEmptyPasswords no" #判断输出为'-rw-r--r--'为不存在
- "#PermitEmptyPasswords yes"

7
data/BaseLine/UserAnalysis/checkUser.yaml
View File

@ -7,9 +7,10 @@ Power :
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "awk -F: '$3==0 {print $1}' /etc/passwd 2>/dev/null"
Power :
- Exec : /bin/bash
Args :
- "-c"
- "awk -F: '$3==0 {print $1}' /etc/passwd 2>/dev/null"
Inter:
- "root" #判断输出为'uid=0(root)'为不存在
Condition: None

5
data/BaseLine/UserAnalysis/checkUserAuthorizedKeys.yaml
View File

@ -7,8 +7,9 @@ Power : "root"
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "find /home -path '/home/*/.box' -prune -o -name 'authorized_keys' -print"
- Exec : find
Args :
- "/home -path '/home/*/.box' -prune -o -name 'authorized_keys' -print"
Inter:
- "" #判断输出为空为不存在
Condition: None

4
data/KernelPocs/KernelPocs.yaml
View File

@ -2,6 +2,6 @@ ConfigFilePrefix: ../data/KernelPocs/
Type: kernel
ExplorerItems:
- ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
# - ConfigFile: CVE-2021-22555/CVE-2021-22555.yaml
- ConfigFile: CVE-2021-22555/CVE-2021-22555.yaml
- ConfigFile: CVE-2022-2588/CVE-2022-2588.yaml
# - ConfigFile: CVE-2022-2639/CVE-2022-2639.yaml
- ConfigFile: CVE-2022-2639/CVE-2022-2639.yaml

0
src/exp_dir/data Normal file
View File

0
src/exp_dir/data2 Normal file
View File

1
src/exp_dir/uaf Symbolic link
View File

@ -0,0 +1 @@
./data

29
src/genmai/ExplorerBaseLine.go
View File

@ -66,8 +66,7 @@ func
func
(ek *ExplorerBaseLine)EexcBaseline(execPoc string,
args ...string ) string {
cmdStr:=args[0]
cmd := exec.Command("/bin/bash", "-c", cmdStr)
cmd := exec.Command(execPoc,args...)
var stdout, stderr bytes.Buffer
cmd.Stdout = &stdout // 标准输出
cmd.Stderr = &stderr // 标准错误
@ -86,7 +85,7 @@ func
func
(ek *ExplorerBaseLine)HPowerEexcBaseline(command string,passwd string)(result string){
(ek *ExplorerBaseLine)HPowerEexcBaseline(exec string,passwd string,args ...string)(result string){
sshHost := "127.0.0.1"
sshUser := "root"
@ -111,6 +110,12 @@ func
}
//
var command string
for i:=0;i<len(args);i++{
command=command+args[i]+" "
}
command=exec+" "+command
if sshType == "password" {
config.Auth = []ssh.AuthMethod{ssh.Password(sshPassword)}
@ -185,29 +190,29 @@ func
for _, im := range config.SiteRequests.ImArray {
if config.Power=="root"{
if len(ek.Passwd)!=0{
vul=ek.HPowerEexcBaseline(im.Args,ek.Passwd)
vul=ek.HPowerEexcBaseline(im.Exec,ek.Passwd,im.Args...)
}else{
fmt.Println("密码为空",config.Id,"不能使用进行高权限基线扫描")
log.Println("密码为空",config.Id,"不能使用进行高权限基线扫描")
return
}
}else{
vul=ek.EexcBaseline(im.Exec, im.Args)
vul=ek.EexcBaseline(im.Exec, im.Args...)
}
for i:=0;i<len(config.SiteRequests.Inter);i++{
if vul==config.SiteRequests.Inter[i]{
fmt.Println("不存在")
fmt.Println(config.Id,"不存在")
return
}
}
expvul.VICId = config.Id
expvul.VICBelong = config.Belong
expvul.VICPocHazardLevel = config.PocHazardLevel
expvul.VICSource = config.Source
expvul.VICSiteInfo = config.SiteInfo
expvul.VICSiteRequests = config.SiteRequests
/* */
} // for _, im ...
expvul.VICId = config.Id
expvul.VICBelong = config.Belong
expvul.VICPocHazardLevel = config.PocHazardLevel
expvul.VICSource = config.Source
expvul.VICSiteInfo = config.SiteInfo
expvul.VICSiteRequests = config.SiteRequests
// ending explore
///////////////

2
src/genmai/ExplorerCommon.go
View File

@ -59,7 +59,7 @@ Matchers struct{
type
ImArray struct {
Exec string
Args string
Args []string
}
//Implement 解析执行类型

2
src/genmai/ExplorerKernel.go
View File

@ -201,7 +201,7 @@ func
rc = ek.exploreWithPath(ek.ExplorerCommon.EcConfigFilePrefix +
string(os.PathSeparator) +
im.Exec ,
im.Args )
im.Args... )
expvul.VICId = config.Id
expvul.VICBelong = config.Belong

2
src/genmai/ExplorerSystem.go
View File

@ -192,7 +192,7 @@ func
rc = es.exploreWithPath(es.ExplorerCommon.EcConfigFilePrefix +
string(os.PathSeparator) +
im.Exec ,
im.Args )
im.Args... )
/* */
expvul.VICId = config.Id
expvul.VICBelong = config.Belong

BIN
src/main
View File

Binary file not shown.

2
src/main.go
View File

@ -67,8 +67,6 @@ func main(){
var vul Vul //定义vul
var RAV RAVUL
var WKV WKPWDVUL