mirror of https://gitee.com/openkylin/genmai.git
update baseline yaml
This commit is contained in:
song
parent
726f6d1f84
commit
5647a248a5
|
|
@ -1,6 +1,6 @@
|
|||
ConfigFilePrefix: /home/test/桌面/genmai/data/BaseLine/
|
||||
Type: baseline
|
||||
RootPasswd:
|
||||
RootPasswd: sbcj1999
|
||||
ExplorerItems:
|
||||
- ConfigFile: UserAnalysis/checkUser.yaml #检测root权限用户
|
||||
- ConfigFile: UserAnalysis/checkGid.yaml #检测特权组用户
|
||||
|
|
@ -10,3 +10,5 @@ ExplorerItems:
|
|||
- ConfigFile: UserAnalysis/checkSshPwdAnalysis.yaml #检测ssh空密码登录
|
||||
- ConfigFile: UserAnalysis/checkShadowFile.yaml #检测shadow文件权限
|
||||
- ConfigFile: UserAnalysis/checkPasswdFile.yaml #检测Passwd文件权限
|
||||
- ConfigFile: UserAnalysis/checkSshBruteProtectionAnalysis.yaml #检测ssh暴力破解防护是否开启
|
||||
- ConfigFile: FileCheck/CheckFileJurisdiction.yaml
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
FormatVer: 20220411
|
||||
Id: CheckFileJurisdiction
|
||||
Belong: baseline
|
||||
SiteInfo:
|
||||
Name: 检测root目录下存在777权限的文件
|
||||
Power : "root"
|
||||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- Exec : find
|
||||
Args :
|
||||
- /root
|
||||
- -perm 777
|
||||
Inter:
|
||||
- "" #判断输出为空为不存在
|
||||
Condition: None
|
||||
|
|
@ -7,8 +7,10 @@ Power : "root"
|
|||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- Exec :
|
||||
Args : "awk -F: 'length($2)==0 {print $1}' /etc/shadow"
|
||||
- Exec : awk
|
||||
Args :
|
||||
- "-F: "
|
||||
- "'length($2)==0 {print $1}' /etc/shadow"
|
||||
Inter:
|
||||
- "" #判断输出为空为不存在
|
||||
Condition: None
|
||||
|
|
@ -7,8 +7,10 @@ Power :
|
|||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- Exec :
|
||||
Args : "cat /etc/passwd | grep '/bin/bash' | awk -F: '$4==0 {print $1}' 2>/dev/null"
|
||||
- Exec : /bin/bash
|
||||
Args :
|
||||
- "-c"
|
||||
- "cat /etc/passwd | grep '/bin/bash' | awk -F: '$4==0 {print $1}' 2>/dev/null"
|
||||
Inter:
|
||||
- "root" #判断输出为'uid=0(root)'为不存在
|
||||
Condition: None
|
||||
|
|
|
|||
|
|
@ -7,9 +7,10 @@ Power :
|
|||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- Exec :
|
||||
Args : "ls -l /etc/passwd |awk '{print $1}'"
|
||||
Power :
|
||||
- Exec : /bin/bash
|
||||
Args :
|
||||
- "-c"
|
||||
- "ls -l /etc/passwd |awk '{print $1}'"
|
||||
Inter:
|
||||
- "-rw-r--r--" #判断输出为'-rw-r--r--'为不存在
|
||||
Condition: None
|
||||
|
|
|
|||
|
|
@ -7,8 +7,10 @@ Power : "root"
|
|||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- Exec :
|
||||
Args : "find /root/.ssh/ -name authorized_keys"
|
||||
- Exec : find
|
||||
Args :
|
||||
- /root/.ssh/
|
||||
- -name authorized_keys
|
||||
Inter:
|
||||
- "" #判断输出为空为不存在
|
||||
Condition: None
|
||||
|
|
@ -7,8 +7,10 @@ Power :
|
|||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- Exec :
|
||||
Args : "ls -l /etc/shadow |awk '{print $1}'"
|
||||
- Exec : /bin/bash
|
||||
Args :
|
||||
- "-c"
|
||||
- "ls -l /etc/shadow |awk '{print $1}'"
|
||||
Power :
|
||||
Inter:
|
||||
- "-rw-r-----" #判断输出为'-rw-r--r--'为不存在
|
||||
|
|
|
|||
|
|
@ -0,0 +1,16 @@
|
|||
FormatVer: 20220411
|
||||
Id: checkSshBruteProtectionAnalysis
|
||||
Belong: baseline
|
||||
SiteInfo:
|
||||
Name: 检测ssh暴力破解防护是否开启
|
||||
Power :
|
||||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- Exec : /bin/bash
|
||||
Args :
|
||||
- "-c"
|
||||
- "grep -i maxauthtries /etc/ssh/sshd_config| awk '{print $1}'"
|
||||
Inter:
|
||||
- "#MaxAuthTries" #判断输出为'#MaxAuthTries'为不存在
|
||||
Condition: None
|
||||
|
|
@ -7,9 +7,10 @@ Power :
|
|||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- Exec :
|
||||
Args : "grep -i empty /etc/ssh/sshd_config"
|
||||
Power :
|
||||
- Exec : /bin/bash
|
||||
Args :
|
||||
- "-c"
|
||||
- "grep -i empty /etc/ssh/sshd_config"
|
||||
Inter:
|
||||
- "#PermitEmptyPasswords no" #判断输出为'-rw-r--r--'为不存在
|
||||
- "#PermitEmptyPasswords yes"
|
||||
|
|
|
|||
|
|
@ -7,9 +7,10 @@ Power :
|
|||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- Exec :
|
||||
Args : "awk -F: '$3==0 {print $1}' /etc/passwd 2>/dev/null"
|
||||
Power :
|
||||
- Exec : /bin/bash
|
||||
Args :
|
||||
- "-c"
|
||||
- "awk -F: '$3==0 {print $1}' /etc/passwd 2>/dev/null"
|
||||
Inter:
|
||||
- "root" #判断输出为'uid=0(root)'为不存在
|
||||
Condition: None
|
||||
|
|
|
|||
|
|
@ -7,8 +7,9 @@ Power : "root"
|
|||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- Exec :
|
||||
Args : "find /home -path '/home/*/.box' -prune -o -name 'authorized_keys' -print"
|
||||
- Exec : find
|
||||
Args :
|
||||
- "/home -path '/home/*/.box' -prune -o -name 'authorized_keys' -print"
|
||||
Inter:
|
||||
- "" #判断输出为空为不存在
|
||||
Condition: None
|
||||
|
|
@ -2,6 +2,6 @@ ConfigFilePrefix: ../data/KernelPocs/
|
|||
Type: kernel
|
||||
ExplorerItems:
|
||||
- ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
|
||||
# - ConfigFile: CVE-2021-22555/CVE-2021-22555.yaml
|
||||
- ConfigFile: CVE-2021-22555/CVE-2021-22555.yaml
|
||||
- ConfigFile: CVE-2022-2588/CVE-2022-2588.yaml
|
||||
# - ConfigFile: CVE-2022-2639/CVE-2022-2639.yaml
|
||||
- ConfigFile: CVE-2022-2639/CVE-2022-2639.yaml
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
./data
|
||||
|
|
@ -66,8 +66,7 @@ func
|
|||
func
|
||||
(ek *ExplorerBaseLine)EexcBaseline(execPoc string,
|
||||
args ...string ) string {
|
||||
cmdStr:=args[0]
|
||||
cmd := exec.Command("/bin/bash", "-c", cmdStr)
|
||||
cmd := exec.Command(execPoc,args...)
|
||||
var stdout, stderr bytes.Buffer
|
||||
cmd.Stdout = &stdout // 标准输出
|
||||
cmd.Stderr = &stderr // 标准错误
|
||||
|
|
@ -86,7 +85,7 @@ func
|
|||
|
||||
|
||||
func
|
||||
(ek *ExplorerBaseLine)HPowerEexcBaseline(command string,passwd string)(result string){
|
||||
(ek *ExplorerBaseLine)HPowerEexcBaseline(exec string,passwd string,args ...string)(result string){
|
||||
sshHost := "127.0.0.1"
|
||||
|
||||
sshUser := "root"
|
||||
|
|
@ -111,6 +110,12 @@ func
|
|||
|
||||
}
|
||||
|
||||
//
|
||||
var command string
|
||||
for i:=0;i<len(args);i++{
|
||||
command=command+args[i]+" "
|
||||
}
|
||||
command=exec+" "+command
|
||||
if sshType == "password" {
|
||||
|
||||
config.Auth = []ssh.AuthMethod{ssh.Password(sshPassword)}
|
||||
|
|
@ -185,29 +190,29 @@ func
|
|||
for _, im := range config.SiteRequests.ImArray {
|
||||
if config.Power=="root"{
|
||||
if len(ek.Passwd)!=0{
|
||||
vul=ek.HPowerEexcBaseline(im.Args,ek.Passwd)
|
||||
vul=ek.HPowerEexcBaseline(im.Exec,ek.Passwd,im.Args...)
|
||||
}else{
|
||||
fmt.Println("密码为空",config.Id,"不能使用进行高权限基线扫描")
|
||||
log.Println("密码为空",config.Id,"不能使用进行高权限基线扫描")
|
||||
return
|
||||
}
|
||||
}else{
|
||||
vul=ek.EexcBaseline(im.Exec, im.Args)
|
||||
vul=ek.EexcBaseline(im.Exec, im.Args...)
|
||||
}
|
||||
for i:=0;i<len(config.SiteRequests.Inter);i++{
|
||||
if vul==config.SiteRequests.Inter[i]{
|
||||
fmt.Println("不存在")
|
||||
fmt.Println(config.Id,"不存在")
|
||||
return
|
||||
}
|
||||
}
|
||||
/* */
|
||||
} // for _, im ...
|
||||
expvul.VICId = config.Id
|
||||
expvul.VICBelong = config.Belong
|
||||
expvul.VICPocHazardLevel = config.PocHazardLevel
|
||||
expvul.VICSource = config.Source
|
||||
expvul.VICSiteInfo = config.SiteInfo
|
||||
expvul.VICSiteRequests = config.SiteRequests
|
||||
/* */
|
||||
} // for _, im ...
|
||||
|
||||
// ending explore
|
||||
///////////////
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ Matchers struct{
|
|||
type
|
||||
ImArray struct {
|
||||
Exec string
|
||||
Args string
|
||||
Args []string
|
||||
}
|
||||
|
||||
//Implement 解析执行类型
|
||||
|
|
|
|||
|
|
@ -201,7 +201,7 @@ func
|
|||
rc = ek.exploreWithPath(ek.ExplorerCommon.EcConfigFilePrefix +
|
||||
string(os.PathSeparator) +
|
||||
im.Exec ,
|
||||
im.Args )
|
||||
im.Args... )
|
||||
|
||||
expvul.VICId = config.Id
|
||||
expvul.VICBelong = config.Belong
|
||||
|
|
|
|||
|
|
@ -192,7 +192,7 @@ func
|
|||
rc = es.exploreWithPath(es.ExplorerCommon.EcConfigFilePrefix +
|
||||
string(os.PathSeparator) +
|
||||
im.Exec ,
|
||||
im.Args )
|
||||
im.Args... )
|
||||
/* */
|
||||
expvul.VICId = config.Id
|
||||
expvul.VICBelong = config.Belong
|
||||
|
|
|
|||
|
|
@ -67,8 +67,6 @@ func main(){
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
var vul Vul //定义vul
|
||||
var RAV RAVUL
|
||||
var WKV WKPWDVUL
|
||||
|
|
|
|||
Loading…
Reference in New Issue