DISA Security Readiness Review Scripts Detection

#TRUSTED 03357f9a75f205655d5d62a4805566f1b431f6b455e02764a04310e25bc0db9a7b5d7dcc17b1fe86b189f426a60ce11c31ae0879a20b03ee015c3377d20ff23c9dc5022fe9d63990db77a6507e957cdb243235e9f483300f53770d19ec1f1a49a8708172e20f91d20f7953bac6fb5c72b28b6fc9e2b16bd8d4dd6873cac86d404f81c7ba2696e698ce7edc65a5ac3422f5c5618f98eec213dcd3f865bdbe6fc78145f55c7dc6ba8666ecf13957333bb8107ba5f4c0aa454af28267a10b4153db5e23e38821bbca502563ad663a50c1c8d628858dca8718fe48241275d9961c6724573f13c5d3d23645e894bfaba842a73c779d9103bfc1bf8a8caccb3403142cc3f40d844e1ba75cc2423cdb6277889d685688be01858f4661144f27784e63cf07b55ca4ad31621f52d5b5d69efc72fee829a5f76e3cc0d6b7ef3de6d79a537adf24712ae8c45d470f51e5744daad6db78429b91fc63aaf4d1afb1754661879e8c62cf2d56a152e2eac10b377812e108ef0192da0c5a701aee7e597591d10fbdbb612edc799716d27656a16703a9b58f22882314137d5ab9932bd11d95b706e40e94ff427ba23b4504e1bcf01bf2fe30713b30df57550937b3d1adc055b32cb9c4c844da004f6747afd10d7283cc2316ae2a07f051004b4a63159f0efda20b59678e3e04351b5d10f5cb8225b85bcafec0e1eb7c0a28dbd7e7fae41bff956e19
#TRUST-RSA-SHA256 147e9c3d35d4ae5daca839f56418a69dba153cb697e179499d40746743e46037d2715721bc851df0cfc80433865b84ec98f39f68bef9d4901cdca438eb13c73b1004a63e572ab529dbe82437e3c37f16cb5533ab5a5d28478d3f27807253340105b9d151768a30935a6b024f1de44dbbccd44004815096eb2b19befb2d0173d6b463e47b0affddfa1de48a5125644f09b20d231fb21814efd7f7c7ccdc0399d73fce59028edb06f67f133d0ed85dffb04e10f25d2402c12aae5f91f2f609cb8d3300942f76b87c1763754531d9a6d612419c67d1ce53f5ae0b6ded55acf96952f3276f27858a25b37dcc155b0960ce1d38fedc35ecc4d8e8a1fb458091ab02f1773be7f33ea9900260685796e8901ea156b5f124a19057918429de4e5861d8ee247e2dc7d6ef08b400806201911eee958828e12681099dc3a7924cfaf9c8eeeb7c4b154472874b5f12facf59d0951fd02f000f37a8c26f47899b7d32dd86225b4450fb98bd4f0e7270d368bb9202ac99de011cf2b91fa7053500a4dc6e47d150ef7d26fd0deb43c34d7cf1521a1c56f5bd925ee627c2dd8b80e6487cc064468c0ccc1a17c35e36433bc4982f058f7c1d41b08303fea53305091a115fe4b12052af55f55b597e2cdf8159d4474341390181deb2cca0dbf78ba1ccf12ab514ae7f645b2c64ce9c5e87cbb13307741e24c63665589c55bb98d6406fedf7ba1a25ad
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(69933);
  script_version("1.27");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/21");

  script_name(english:"DISA Security Readiness Review Scripts Detection");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a security auditing script present.");
  script_set_attribute(attribute:"description", value:
"The remote host has a copy of the DISA Security Readiness Review (SRR)
Scripts present.");
  script_set_attribute(attribute:"solution", value:
"n/a");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"asset_inventory", value:"True");
  script_set_attribute(attribute:"asset_inventory_category", value:"software_enumeration");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:disa:security_readiness_review");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2013-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "command_builder_init.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/uname");

  exit(0);
}

include("local_detection_nix.inc");

ldnix::init_plugin();

var app = "DISA Security Readiness Review Scripts";
var cpe = "x-cpe:/a:disa:security_readiness_review";

var ret, script_installs, paths, path_patterns, res, line, found_install, dir, test_file, item, install_num, version;

# We may support other protocols here
if (islocalhost())
{
  if (!defined_func("pread")) audit(AUDIT_FN_UNDEF, 'pread');
  info_t = INFO_LOCAL;
}
else
{
  info_t = INFO_SSH;
  ret = ssh_open_connection();
  if (!ret) exit(1, "Failed to open an SSH connection.");
}

script_installs = make_array();

paths = '/home /export/home ';

# by default only search certain home directory names
# unless the "Perform thorough tests" setting is enabled
if (thorough_tests)
{
  # Also search /root if the "Perform thorough tests" setting is enabled
  paths += '/root ';
  # All home directories
  path_patterns = make_list('/home/*/Start-SRR',
                            '/export/home/*/Start-SRR',
                            '/root/Start-SRR',
                            '/root/*/Start-SRR');
}
else
{
  # Specific home directories only
  path_patterns = make_list('/home/[sS][rR][rR]/Start-SRR',
                            '/home/[sS][rR][rR]/*/Start-SRR',
                            '/export/home/[sS][rR][rR]/Start-SRR',
                            '/export/home/[sS][rR][rR]/*/Start-SRR');
}

res = find_cmd(path_patterns:path_patterns,
               start:paths,
               maxdepth: 3,
               exit_on_fail:TRUE);
res = res[1];

if (strlen(res) == 0)
{
  if (info_t == INFO_SSH) ssh_close_connection();
  exit(0, 'No results returned from "find" command on remote host.');
}

foreach line (split(res, keep:FALSE))
{
  if (strlen(line) == 0) continue;

  if (
    line[0] != '/' ||
    "No such file or directory" >< line ||
    'stat() error' >< line || ('/home/' >!< line && '/root' >!< line)
  ) continue;

  if(line =~ INJECTION_PATTERN)
  {
    lcx::store_dangerous_nix_filepath(item:line);
    dbg::detailed_log(
      lvl:1,
      src:SCRIPT_NAME,
      msg:'Find entry matches Start-SSR but contains command injection characters, skipping',
      msg_details:{
         "line":{"lvl":3, "value":line}
      });
    continue;
  }
  # ignore lost and found directories
  if ("lost+found" >< line) continue;

  dbg::detailed_log(
    lvl:1,
    src:SCRIPT_NAME,
    msg:'Find entry matches Start-SSR and is not defeated',
    msg_details:{
       "line":{"lvl":3, "value":line}
    });
  script_installs[line - 'Start-SRR'] = NULL;
}

if (max_index(keys(script_installs)) == 0)
{
  if (info_t == INFO_SSH) ssh_close_connection();
  exit(0, "Did not find any DISA SRR scripts.");
}

found_install = FALSE;

# try to verify scripts and grab version
foreach dir (keys(script_installs))
{
  foreach test_file (make_list('sourcedVars', 'Start-SRR'))
  {
    res = ldnix::run_cmd_template_wrapper(template:'grep SRR_ProgramVersion= \'$1$$2$\'', args:[dir, test_file]);
    if (strlen(res) == 0) continue;

    # SRR_ProgramVersion="ProgramVersion=UNIX_51-29July2011"
    item = NULL;
    foreach line (split(res, keep:FALSE))
    {
      item = pregmatch(pattern:'SRR_ProgramVersion="[^=]+=([^"]+)"', string:line);
      if (!isnull(item)) break;
    }

    if (isnull(item)) continue;

    found_install = TRUE;
    script_installs[dir] = item[1];
    dbg::detailed_log(
      lvl:1,
      src:SCRIPT_NAME,
      msg:'Found valid version',
      msg_details:{
         "dir":{"lvl":3, "value":dir},
         "version":{"lvl":3, "value":item[1]}
      });
    break;
  }
}

if (info_t == INFO_SSH) ssh_close_connection();

if (!found_install) exit(0, 'Unable to verify that DISA SRR scripts are present.');

install_num = 0;

set_kb_item(name:'DISA_SRR/Installed', value:TRUE);

foreach dir (keys(script_installs))
{
  version = script_installs[dir];
  if (isnull(version)) continue;

  set_kb_item(name:'DISA_SRR/' + install_num + '/Path', value:dir);
  set_kb_item(name:'DISA_SRR/' + install_num + '/Version', value:version);
  register_install(
    vendor:"DISA",
    product:"Security Readiness Review",
    app_name:app,
    path:dir,
    version:version,
    cpe:cpe);

  install_num ++;
}

set_kb_item(name:'DISA_SRR/num_instances', value:install_num);
report_installs(app_name:app, port:0);