Created
July 23, 2023 17:05
-
-
Save ManUtopiK/c990e6469fc23b5e332c4ec60bc07467 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| OPTION=$1 | |
| HOSTNAME=$(hostname) | |
| DATE=$(date +%Y-%m-%d-%H-%M-%S) | |
| REPORT_FILE="report-${HOSTNAME}-${DATE}.txt" | |
| INTERESTING_FILES='.bash_history .bash_logout .bashrc .ssh known_hosts authorized_keys id_rsa id_rsa.pub authorized_keys2' | |
| INTERESTING_PLACES='/var /tmp /dev/shm' | |
| COMPRESSED_FILE_EXTENSIONS='.zip .tar .gz .rar' | |
| function title () | |
| { | |
| TITLE=$1 | |
| echo -e "-----------------------------------------------------" | |
| echo -e "CHECKING FOR ${TITLE}..." | |
| echo -e "-----------------------------------------------------" | |
| } | |
| function end () | |
| { | |
| echo -e "-----------------------------------------------------" | |
| echo -e "" | |
| } | |
| function check_permission () | |
| { | |
| PERMISSION=$1 | |
| PERMISSION_TEXT=$2 | |
| title ${PERMISSION_TEXT} | |
| echo "${PERMISSION_TEXT} is ${PERMISSION}" | |
| find / -type f -perm ${PERMISSION} -exec ls -ld {} \; 2>/dev/null | |
| end | |
| } | |
| function check_writable_directories () | |
| { | |
| title "world-writable directories" | |
| find / -type d -perm -2 -exec ls -ld {} \; 2>/dev/null | |
| end | |
| } | |
| function check_file () | |
| { | |
| FILE_NAME=$1 | |
| FILE_DESCRIPTION=$2 | |
| title "${FILE_NAME} file" | |
| echo ${FILE_DESCRIPTION} | |
| find / -name ${FILE_NAME} -exec ls -ld {} \; 2>/dev/null | |
| end | |
| } | |
| function interesting_files () | |
| { | |
| INTERESTING_FILES=$1 | |
| for FILE in ${INTERESTING_FILES} | |
| do | |
| check_file ${FILE} | |
| done | |
| } | |
| function check_writable_files () | |
| { | |
| INTERESTING_PLACES=$1 | |
| title "writable files in interesting places : ${INTERESTING_PLACES}" | |
| for PLACE in ${INTERESTING_PLACES} | |
| do | |
| find ${PLACE} -writable -printf '%p\n' 2>/dev/null | |
| done | |
| end | |
| } | |
| function check_compressed_files () | |
| { | |
| COMPRESSED_FILE_EXTENSIONS=$1 | |
| for EXT in ${COMPRESSED_FILE_EXTENSIONS} | |
| do | |
| title "readable ${EXT} files" | |
| find / -type f -name "*${EXT}" -readable 2>/dev/null | |
| end | |
| done | |
| } | |
| function check_sudo () | |
| { | |
| title "sudo avalaible commands" | |
| sudo -l | |
| end | |
| } | |
| function check_process () | |
| { | |
| title "process list" | |
| ps auxwwf | |
| end | |
| } | |
| function check_crontab () | |
| { | |
| title "crontab content" | |
| crontab -l | |
| end | |
| } | |
| function check_connections () | |
| { | |
| title "connections" | |
| ss -tunapo | |
| end | |
| } | |
| if [[ ${OPTION} == "--save" ]] | |
| then | |
| exec > >(tee ${REPORT_FILE}) | |
| fi | |
| check_permission "-u+s" "SUID executables" | |
| check_permission "-g+s" "SGID executables" | |
| check_writable_directories | |
| interesting_files "${INTERESTING_FILES}" | |
| check_writable_files "${INTERESTING_PLACES}" | |
| check_compressed_files "${COMPRESSED_FILE_EXTENSIONS}" | |
| check_sudo | |
| check_crontab | |
| check_connections | |
| check_process |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment