Vulners
Lucene search
Linux Gather Protection Enumeration
🗓️ 15 Mar 2012 19:22:23Reported by ohdae <[email protected]>Type 
metasploit🔗 www.rapid7.com👁 33 Views
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Post
include Msf::Post::File
include Msf::Post::Linux::Kernel
include Msf::Post::Linux::System
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Linux Gather Protection Enumeration',
'Description' => %q{
This module checks whether popular system hardening mechanisms are
in place, such as SMEP, SMAP, SELinux, PaX and grsecurity. It also
tries to find installed applications that can be used to hinder,
prevent, or detect attacks, such as tripwire, snort, and apparmor.
This module is meant to identify Linux Secure Modules (LSM) in addition
to various antivirus, IDS/IPS, firewalls, sandboxes and other security
related software.
},
'License' => MSF_LICENSE,
'Author' => 'ohdae <bindshell[at]live.com>',
'Platform' => ['linux'],
'SessionTypes' => ['shell', 'meterpreter']
)
)
end
def run
distro = get_sysinfo
print_status "Running module against #{session.session_host} [#{get_hostname}]"
print_status 'Info:'
print_status "\t#{distro[:version]}"
print_status "\t#{distro[:kernel]}"
print_status 'Finding system protections...'
check_hardening
print_status 'Finding installed applications...'
find_apps
if framework.db.active
print_status 'System protections saved to notes.'
end
end
def report(data)
report_note(
host: session,
type: 'linux.protection',
data: data,
update: :unique_data
)
end
def check_hardening
if aslr_enabled?
r = 'ASLR is enabled'
print_good r
report r
end
if exec_shield_enabled?
r = 'Exec-Shield is enabled'
print_good r
report r
end
if kaiser_enabled?
r = 'KAISER is enabled'
print_good r
report r
end
if smep_enabled?
r = 'SMEP is enabled'
print_good r
report r
end
if smap_enabled?
r = 'SMAP is enabled'
print_good r
report r
end
if lkrg_installed?
r = 'LKRG is installed'
print_good r
report r
end
if grsec_installed?
r = 'grsecurity is installed'
print_good r
report r
end
if pax_installed?
r = 'PaX is installed'
print_good r
report r
end
if selinux_installed?
if selinux_enforcing?
r = 'SELinux is installed and enforcing'
else
r = 'SELinux is installed, but in permissive mode'
end
print_good r
report r
end
if yama_installed?
if yama_enabled?
r = 'Yama is installed and enabled'
else
r = 'Yama is installed, but not enabled'
end
print_good r
report r
end
end
def find_apps
apps = %w[
truecrypt bulldog ufw iptables fw-settings logrotate logwatch
chkrootkit clamav snort tiger firestarter avast lynis
rkhunter tcpdump webmin jailkit pwgen proxychains bastille
psad wireshark nagios apparmor oz-seccomp honeyd thpot
aa-status gradm gradm2 getenforce aide tripwire paxctl
paxctld paxtest firejail auditd
]
apps.each do |app|
next unless command_exists? app
path = cmd_exec "command -v #{app}"
next unless path.start_with? '/'
print_good "#{app} found: #{path}"
report path
end
end
end
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Feb 2023 13:47Current
6.9Medium risk
Vulners AI Score6.9