mirror of
https://github.com/pandorafms/pandorafms.git
synced 2025-07-28 08:14:38 +02:00
Fixed some minor issues
This commit is contained in:
Enrique Martin
parent
40f097957f
commit
ab29001b69
@ -385,6 +385,28 @@ if ($check_ssh_root_access) {
|
|||||||
print_xml_module('SSH root access status', 'generic_proc', $desc, $value);
|
print_xml_module('SSH root access status', 'generic_proc', $desc, $value);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Specific function for recursive directory check
|
||||||
|
sub find_files {
|
||||||
|
my ($dir) = @_;
|
||||||
|
|
||||||
|
my @files = ();
|
||||||
|
|
||||||
|
opendir my $dh, $dir or return;
|
||||||
|
while (my $file = readdir $dh) {
|
||||||
|
next if $file eq '.' or $file eq '..';
|
||||||
|
|
||||||
|
my $file_path = File::Spec->catfile($dir, $file);
|
||||||
|
if (-f $file_path) {
|
||||||
|
push @files, $file_path;
|
||||||
|
} elsif (-d $file_path) {
|
||||||
|
push @files, find_files($file_path);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
closedir $dh;
|
||||||
|
|
||||||
|
return @files;
|
||||||
|
}
|
||||||
|
|
||||||
# Check if /root has SSH keys
|
# Check if /root has SSH keys
|
||||||
if ($check_ssh_root_keys) {
|
if ($check_ssh_root_keys) {
|
||||||
my $value = 1;
|
my $value = 1;
|
||||||
@ -393,22 +415,28 @@ if ($check_ssh_root_keys) {
|
|||||||
my $ssh_keys = {'private' => [], 'public' => []};
|
my $ssh_keys = {'private' => [], 'public' => []};
|
||||||
|
|
||||||
my $ssh_dir = '/root/.ssh';
|
my $ssh_dir = '/root/.ssh';
|
||||||
if (-d $ssh_dir) {
|
my @all_files = find_files($ssh_dir);
|
||||||
my @files = read_dir($ssh_dir);
|
foreach my $file (@all_files) {
|
||||||
foreach my $file (@files) {
|
if (open my $fh, '<:raw', $file) {
|
||||||
my $file_path = File::Spec->catfile($ssh_dir, $file);
|
my $content = '';
|
||||||
my $content = read_file($file_path);
|
while(my $l = <$fh>) {
|
||||||
|
$content .= $l;
|
||||||
|
}
|
||||||
|
if ($content) {
|
||||||
|
my ($filename, $directories) = fileparse($file);
|
||||||
if ($content =~ /-----BEGIN RSA PRIVATE KEY-----.*?-----END RSA PRIVATE KEY-----/s) {
|
if ($content =~ /-----BEGIN RSA PRIVATE KEY-----.*?-----END RSA PRIVATE KEY-----/s) {
|
||||||
push @{$ssh_keys->{'private'}}, $file_path;
|
push @{$ssh_keys->{'private'}}, $file;
|
||||||
} elsif ($content =~ /ssh-rsa/ && $file ne 'known_hosts' && $file ne 'authorized_keys') {
|
} elsif ($content =~ /ssh-rsa/ && $filename ne 'known_hosts' && $filename ne 'authorized_keys') {
|
||||||
push @{$ssh_keys->{'public'}}, $file_path;
|
push @{$ssh_keys->{'public'}}, $file;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (@{$ssh_keys->{'private'}} > 0 || @{$ssh_keys->{'public'}} > 0) {
|
if (@{$ssh_keys->{'private'}} > 0 || @{$ssh_keys->{'public'}} > 0) {
|
||||||
$value = 0;
|
$value = 0;
|
||||||
$desc = "SSH root keys found:\n" . join("\n", @{$ssh_keys->{'private'}}, @{$ssh_keys->{'public'}});
|
$desc = "SSH root keys found:\n" . join("\n", @{$ssh_keys->{'private'}}, @{$ssh_keys->{'public'}});
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
print_xml_module('SSH root keys status', 'generic_proc', $desc, $value);
|
print_xml_module('SSH root keys status', 'generic_proc', $desc, $value);
|
||||||
}
|
}
|
||||||
@ -428,19 +456,16 @@ if ($check_ports) {
|
|||||||
chomp $line;
|
chomp $line;
|
||||||
my @parts = split /\s+/, $line;
|
my @parts = split /\s+/, $line;
|
||||||
if (scalar @parts >= 12) {
|
if (scalar @parts >= 12) {
|
||||||
my $local_address = $parts[1];
|
my $local_port_hex = (split /:/, $parts[2])[1];
|
||||||
my @la_split = (split /:/, $local_address);
|
my $state = $parts[4];
|
||||||
if (@la_split > 1){
|
|
||||||
my $local_port = hex($la_split[1]);
|
|
||||||
my $state = $parts[3];
|
|
||||||
|
|
||||||
# Check if the connection is in state 0A (listening)
|
# Check if the connection is in state 0A (listening)
|
||||||
if ($state eq "0A") {
|
if ($state eq "0A") {
|
||||||
|
my $local_port = hex($local_port_hex);
|
||||||
push @open_ports, $local_port;
|
push @open_ports, $local_port;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
close $tcp_fh;
|
close $tcp_fh;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -565,8 +590,12 @@ if ($check_passwords) {
|
|||||||
|
|
||||||
# Skip users with no password hash
|
# Skip users with no password hash
|
||||||
if ($password_hash ne "*" && $password_hash ne "!!" && $password_hash ne "!locked") {
|
if ($password_hash ne "*" && $password_hash ne "!!" && $password_hash ne "!locked") {
|
||||||
foreach my $weak_password (@l_passwords) {
|
|
||||||
my $salt = substr($password_hash, 0, rindex($password_hash, '$') + 1);
|
my $salt = substr($password_hash, 0, rindex($password_hash, '$') + 1);
|
||||||
|
my $user_hash = crypt($username, $salt);
|
||||||
|
if ($user_hash eq $password_hash) {
|
||||||
|
push @insecure_users, $username;
|
||||||
|
} else {
|
||||||
|
foreach my $weak_password (@l_passwords) {
|
||||||
my $weak_password_hash = crypt($weak_password, $salt);
|
my $weak_password_hash = crypt($weak_password, $salt);
|
||||||
|
|
||||||
if ($weak_password_hash eq $password_hash) {
|
if ($weak_password_hash eq $password_hash) {
|
||||||
@ -576,6 +605,7 @@ if ($check_passwords) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
close $shadow_fh;
|
close $shadow_fh;
|
||||||
} else {
|
} else {
|
||||||
$value = 0;
|
$value = 0;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user