From ab29001b692a397de33b6aa12b712b35c1c1e19b Mon Sep 17 00:00:00 2001
From: Enrique Martin <enrique.martin@pandorafms.com>
Date: Thu, 5 Oct 2023 16:30:00 +0200
Subject: [PATCH] Fixed some minor issues

---
 .../unix/plugins/pandora_security_check       | 88 +++++++++++++------
 1 file changed, 59 insertions(+), 29 deletions(-)

diff --git a/pandora_agents/unix/plugins/pandora_security_check b/pandora_agents/unix/plugins/pandora_security_check
index 650b37ee87..db89e422d4 100644
--- a/pandora_agents/unix/plugins/pandora_security_check
+++ b/pandora_agents/unix/plugins/pandora_security_check
@@ -385,6 +385,28 @@ if ($check_ssh_root_access) {
     print_xml_module('SSH root access status', 'generic_proc', $desc, $value);
 }
 
+# Specific function for recursive directory check
+sub find_files {
+    my ($dir) = @_;
+
+    my @files = ();
+
+    opendir my $dh, $dir or return;
+    while (my $file = readdir $dh) {
+        next if $file eq '.' or $file eq '..';
+
+        my $file_path = File::Spec->catfile($dir, $file);
+        if (-f $file_path) {
+            push @files, $file_path;
+        } elsif (-d $file_path) {
+            push @files, find_files($file_path);
+        }
+    }
+    closedir $dh;
+
+    return @files;
+}
+
 # Check if /root has SSH keys
 if ($check_ssh_root_keys) {
     my $value = 1;
@@ -393,21 +415,27 @@ if ($check_ssh_root_keys) {
     my $ssh_keys = {'private' => [], 'public' => []};
 
     my $ssh_dir = '/root/.ssh';
-    if (-d $ssh_dir) {
-        my @files = read_dir($ssh_dir);
-        foreach my $file (@files) {
-            my $file_path = File::Spec->catfile($ssh_dir, $file);
-            my $content = read_file($file_path);
-            if ($content =~ /-----BEGIN RSA PRIVATE KEY-----.*?-----END RSA PRIVATE KEY-----/s) {
-                push @{$ssh_keys->{'private'}}, $file_path;
-            } elsif ($content =~ /ssh-rsa/ && $file ne 'known_hosts' && $file ne 'authorized_keys') {
-                push @{$ssh_keys->{'public'}}, $file_path;
+    my @all_files = find_files($ssh_dir);
+    foreach my $file (@all_files) {
+        if (open my $fh, '<:raw', $file) {
+            my $content = '';
+            while(my $l = <$fh>) {
+                $content .= $l;
+            }
+            if ($content) {
+                my ($filename, $directories) = fileparse($file);
+                if ($content =~ /-----BEGIN RSA PRIVATE KEY-----.*?-----END RSA PRIVATE KEY-----/s) {
+                    push @{$ssh_keys->{'private'}}, $file;
+                } elsif ($content =~ /ssh-rsa/ && $filename ne 'known_hosts' && $filename ne 'authorized_keys') {
+                    push @{$ssh_keys->{'public'}}, $file;
+                }
             }
         }
-        if (@{$ssh_keys->{'private'}} > 0 || @{$ssh_keys->{'public'}} > 0) {
-            $value = 0;
-            $desc = "SSH root keys found:\n" . join("\n", @{$ssh_keys->{'private'}}, @{$ssh_keys->{'public'}});
-        }
+    }
+
+    if (@{$ssh_keys->{'private'}} > 0 || @{$ssh_keys->{'public'}} > 0) {
+        $value = 0;
+        $desc = "SSH root keys found:\n" . join("\n", @{$ssh_keys->{'private'}}, @{$ssh_keys->{'public'}});
     }
 
     print_xml_module('SSH root keys status', 'generic_proc', $desc, $value);
@@ -428,16 +456,13 @@ if ($check_ports) {
                 chomp $line;
                 my @parts = split /\s+/, $line;
                 if (scalar @parts >= 12) {
-                    my $local_address = $parts[1];
-                    my @la_split = (split /:/, $local_address);
-                    if (@la_split > 1){
-                        my $local_port = hex($la_split[1]);
-                        my $state = $parts[3];
-
-                        # Check if the connection is in state 0A (listening)
-                        if ($state eq "0A") {
-                            push @open_ports, $local_port;
-                        }
+                    my $local_port_hex = (split /:/, $parts[2])[1];
+                    my $state = $parts[4];
+                        
+                    # Check if the connection is in state 0A (listening)
+                    if ($state eq "0A") {
+                        my $local_port = hex($local_port_hex);
+                        push @open_ports, $local_port;
                     }
                 }
             }
@@ -565,13 +590,18 @@ if ($check_passwords) {
 
             # Skip users with no password hash
             if ($password_hash ne "*" && $password_hash ne "!!" && $password_hash ne "!locked") {
-                foreach my $weak_password (@l_passwords) {
-                    my $salt = substr($password_hash, 0, rindex($password_hash, '$') + 1);
-                    my $weak_password_hash = crypt($weak_password, $salt);
+                my $salt = substr($password_hash, 0, rindex($password_hash, '$') + 1);
+                my $user_hash = crypt($username, $salt);
+                if ($user_hash eq $password_hash) {
+                    push @insecure_users, $username;
+                } else {
+                    foreach my $weak_password (@l_passwords) {
+                        my $weak_password_hash = crypt($weak_password, $salt);
 
-                    if ($weak_password_hash eq $password_hash) {
-                        push @insecure_users, $username;
-                        last;
+                        if ($weak_password_hash eq $password_hash) {
+                            push @insecure_users, $username;
+                            last;
+                        }
                     }
                 }
             }