PublicMirrors/vps-audit
1
0
Fork 0
mirror of https://github.com/vernu/vps-audit.git synced 2025-01-23 13:35:06 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #16 from vernu/suid-detection-improvement

Browse Source 
improve suspicious suid files detection logic
This commit is contained in:
Israel Abebe 2024-12-17 10:19:41 +03:00 committed by GitHub
commit 78c3262a4f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
vps-audit.sh
View File

@ -332,11 +332,18 @@ else
fi fi
# Check for suspicious SUID files # Check for suspicious SUID files
SUID_FILES=$(find / -type f -perm -4000 2>/dev/null | grep -v -e '^/usr/bin' -e '^/bin' -e '^/sbin' | wc -l) COMMON_SUID_PATHS='^/usr/bin/|^/bin/|^/sbin/|^/usr/sbin/|^/usr/lib|^/usr/libexec'
KNOWN_SUID_BINS='ping$|sudo$|mount$|umount$|su$|passwd$|chsh$|newgrp$|gpasswd$|chfn$'
SUID_FILES=$(find / -type f -perm -4000 2>/dev/null | \
grep -v -E "$COMMON_SUID_PATHS" | \
grep -v -E "$KNOWN_SUID_BINS" | \
wc -l)
if [ "$SUID_FILES" -eq 0 ]; then if [ "$SUID_FILES" -eq 0 ]; then
check_security "SUID Files" "PASS" "No suspicious SUID files found - good security practice" check_security "SUID Files" "PASS" "No suspicious SUID files found - good security practice"
else else
check_security "SUID Files" "FAIL" "Found $SUID_FILES suspicious SUID files - potential privilege escalation risk" check_security "SUID Files" "WARN" "Found $SUID_FILES SUID files outside standard locations - verify if legitimate"
fi fi
# Add system information summary to report # Add system information summary to report