openkylin
/
genmai
mirror of https://gitee.com/openkylin/genmai.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

完善baseline模块

This commit is contained in:
song 2023-01-03 17:14:23 +08:00
parent 44856cec87
commit 76c15e327f
10 changed files with 166 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
data/BaseLine/BaseLine.yaml
View File

@ -1,4 +1,9 @@
ConfigFilePrefix: /home/test/桌面/genmai/data/BaseLine/
Type: baseline
RootPasswd:
ExplorerItems:
- ConfigFile: CheckRootUser/CheckRootUser.yaml
- ConfigFile: UserAnalysis/checkUser.yaml
- ConfigFile: UserAnalysis/checkGid.yaml
- ConfigFile: UserAnalysis/checkEmpty.yaml
- ConfigFile: UserAnalysis/checkUserAuthorizedKeys.yaml
- ConfigFile: UserAnalysis/checkRootAuthorizedKeys.yaml

14
data/BaseLine/UserAnalysis/checkEmpty.yaml Normal file
View File

@ -0,0 +1,14 @@
FormatVer: 20220411
Id: checkEmpty
Belong: baseline
SiteInfo:
Name: 检测空口令账户
Power : "root"
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "awk -F: 'length($2)==0 {print $1}' /etc/shadow"
Inter:
- "" #判断输出为空为不存在
Condition: None

14
data/BaseLine/UserAnalysis/checkGid.yaml Normal file
View File

@ -0,0 +1,14 @@
FormatVer: 20220411
Id: checkGid
Belong: baseline
SiteInfo:
Name: 检测特权组用户
Power :
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "cat /etc/passwd | grep '/bin/bash' | awk -F: '$4==0 {print $1}' 2>/dev/null"
Inter:
- "root" #判断输出为'uid=0(root)'为不存在
Condition: None

14
data/BaseLine/UserAnalysis/checkRootAuthorizedKeys.yaml Normal file
View File

@ -0,0 +1,14 @@
FormatVer: 20220411
Id: checkRootAuthorizedKeys
Belong: baseline
SiteInfo:
Name: 检测root是否是免密登录的公钥
Power : "root"
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "find /root/.ssh/ -name authorized_keys"
Inter:
- "" #判断输出为空为不存在
Condition: None

6
data/BaseLine/CheckRootUser/CheckRootUser.yaml → data/BaseLine/UserAnalysis/checkUser.yaml
View File

@ -1,13 +1,15 @@
FormatVer: 20220411
Id: checkRootUser
Id: checkUser
Belong: baseline
SiteInfo:
Name: 检测root权限用户
Power :
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "awk -F: '$3==0 {print $1}' /etc/passwd 2>/dev/null"
Power :
Inter:
- "root" #判断输出为'uid=0(root)'为成功
- "root" #判断输出为'uid=0(root)'为不存在
Condition: None

14
data/BaseLine/UserAnalysis/checkUserAuthorizedKeys.yaml Normal file
View File

@ -0,0 +1,14 @@
FormatVer: 20220411
Id: checkUserAuthorizedKeys
Belong: baseline
SiteInfo:
Name: 检测root是否是免密登录的公钥
Power : "root"
SiteRequests:
Implement:
ImArray:
- Exec :
Args : "find /home -path '/home/*/.box' -prune -o -name 'authorized_keys' -print"
Inter:
- "" #判断输出为空为不存在
Condition: None

10
src/genmai/Doctor.go
View File

@ -64,6 +64,7 @@ ExplorerItem struct {
type
ExplorersListConfig struct {
ConfigFilePrefix string
RootPasswd string
Type string
ExplorerItems []ExplorerItem
}
@ -148,7 +149,6 @@ func
(dtr *doctor)GenmaiBaseline() (rp *ReportKernel) {
for _, v := range dtr.ExplorersBaseLine {
expvul, rc := v.Explore()
// TODO: is append expvul to expvuls according to rc
if nil != rc {
}
@ -157,8 +157,6 @@ func
// expvuls = append(expvuls, expvul)
if len(expvul.VICId)>0{
fmt.Println(expvul.VICId,"存在")
}else{
fmt.Println(expvul.VICId,"不存在")
}
} // for _, v ...
return rp
@ -360,7 +358,7 @@ func
// dtr.PushExplorerWeb(exp.ConfigFile)
case EXP_TYPE_BASELINE:
for _, exp := range elc.ExplorerItems {
dtr.PushExplorerBaseLine(elc.ConfigFilePrefix + exp.ConfigFile)
dtr.PushExplorerBaseLine(elc.ConfigFilePrefix + exp.ConfigFile, elc.RootPasswd)
} // for exp ...
default:
A_DEBUG_ERROR("Unknow exp type!!")
@ -450,7 +448,7 @@ func
}
func
(dtr *doctor)PushExplorerBaseLine(configfile string) error {
(dtr *doctor)PushExplorerBaseLine(configfile string, passwd string) error {
// TODO: need to test
eb := ExplorerBaseLine{}
eb.Setup(&ConfigParserYAML{}, &ExplorerConfigBaseLine{})
@ -460,6 +458,8 @@ func
if (nil != rc) {
return rc
} // if (nil != ...
eb.Passwd = passwd
dtr.ExplorersBaseLine[config.Id] = eb
return nil
}

109
src/genmai/ExplorerBaseLine.go
View File

@ -2,21 +2,13 @@
package genmai
import (
// TODO:
// 应该写成相对路径因为genmai应该是编译成库所以包路径不
// 是以main开头。
//
// go 有点拉
"golang.org/x/crypto/ssh"
"time"
"bytes"
"log"
"os/exec"
"strings"
sandbox "main/genmai/Sandbox"
// TODO:
// 应该写成相对路径因为genmai应该是编译成库所以包路径不
// 是以main开头。
//
// go 有点拉
// inter "main/genmai/Interpreter"
"fmt"
)
@ -28,6 +20,7 @@ ExplorerConfigBaseLine struct {
Belong string
PocHazardLevel string
Source string
Power string
SiteInfo SiteInfo
SiteRequests SiteRequests
}
@ -42,6 +35,7 @@ ExplorerBaseLine struct {
EkSandbox sandbox.SandboxBase
/* */
isSetup bool
Passwd string
}
@ -90,6 +84,84 @@ func
}
func
(ek *ExplorerBaseLine)HPowerEexcBaseline(command string,passwd string)(result string){
sshHost := "127.0.0.1"
sshUser := "root"
sshPassword := passwd
sshType := "password"
sshPort := 22
//创建sshp登陆配置
config := &ssh.ClientConfig{
Timeout: 5*time.Second,//ssh 连接time out 时间一秒钟, 如果ssh验证错误 会在一秒内返回
User: sshUser,
HostKeyCallback: ssh.InsecureIgnoreHostKey(), //这个可以, 但是不够安全
//HostKeyCallback: hostKeyCallBackFunc(h.Host),
}
if sshType == "password" {
config.Auth = []ssh.AuthMethod{ssh.Password(sshPassword)}
}
//dial 获取ssh client
addr := fmt.Sprintf("%s:%d", sshHost, sshPort)
sshClient, err := ssh.Dial("tcp", addr, config)
if err != nil {
fmt.Println("基线高权限链接失败,",err)
log.Fatal("基线高权限链接失败,",err)
}
defer sshClient.Close()
//创建ssh-session
session, err := sshClient.NewSession()
if err != nil {
fmt.Println("基线session失败,",err)
log.Fatal("创建ssh session 失败,",err)
}
defer session.Close()
//执行远程命令
combo,err := session.CombinedOutput(command)
if err != nil {
fmt.Println("baseline高权限cmd 失败",err," ",command)
log.Fatal("baseline高权限cmd 失败",err," ",command)
}
log.Println("baseline 执行成功")
defer session.Close()
result=string(combo)
return result
}
//func
//(ek *ExplorerBaseLine)Explore() (rc error) {
//}
@ -98,7 +170,6 @@ func
// override ExplorerBase functions
func
(ek *ExplorerBaseLine)Explore() (expvul VulnInfoCommon, rc error) {
config, rc_t := ek.GetExplorerConfigBaseLine()
rc = rc_t
if (nil != rc) {
@ -110,10 +181,20 @@ func
///////////////
// starting explore
var vul string
for _, im := range config.SiteRequests.ImArray {
vul:=ek.EexcBaseline(im.Exec, im.Args)
fmt.Printf(vul)
if vul==config.SiteRequests.Inter[0]{
if config.Power=="root"{
if len(ek.Passwd)!=0{
vul=ek.HPowerEexcBaseline(im.Args,ek.Passwd)
}else{
fmt.Println("密码为空",config.Id,"不能使用进行高权限基线扫描")
log.Println("密码为空",config.Id,"不能使用进行高权限基线扫描")
return
}
}else{
vul=ek.EexcBaseline(im.Exec, im.Args)
}
if vul!=config.SiteRequests.Inter[0]{
expvul.VICId = config.Id
expvul.VICBelong = config.Belong
expvul.VICPocHazardLevel = config.PocHazardLevel

17
src/genmai/genmai.go
View File

@ -29,22 +29,6 @@
package genmai
import (
// //"reflect"
// "github.com/mitchellh/mapstructure"
//
// // TODO:
// // 应该写成相对路径因为genmai应该是编译成库所以包路径不
// // 是以main开头。
// //
// // go 有点拉
// inter "main/src/genmai/Interpreter"
//
// // TODO:
// // 应该写成相对路径因为genmai应该是编译成库所以包路径不
// // 是以main开头。
// //
// // go 有点拉
// sandbox "main/src/genmai/Sandbox"
"fmt"
)
@ -193,7 +177,6 @@ func Web() {
fmt.Println("web")
}
func BaseLine(){
fmt.Println("baseline")
DoctorIns().Reset()
DoctorIns().LoadExplorersListConfig("/home/test/桌面/genmai/data/BaseLine/BaseLine.yaml")
// DoctorIns().LoadExplorersListConfig("/home/alpha/Developments/kylinprojects/genmai/data/pocs/pocs.yaml")

BIN
src/main
View File

Binary file not shown.