-
Notifications
You must be signed in to change notification settings - Fork 28
Changes in version 2
Bernardo Damele A. G. edited this page Apr 23, 2015
·
3 revisions
The version 2.0 onwards contain a completely new codebase for unix-privesc-check.
It is modular and coded much more cleanly. It contains a significant number of checks that were not present in v1 of the codebase.
Until version 2 has been debugged and stabilised, you should probably use both versions.
Version 2 will perform some extra checks. It is also more regularly maintained.
Version 1 contains some checks that have not been ported across. It is more mature and stable.
| UPCv1 ID | UPCv2 Check Name | UPCv1 Description of Check | Comment |
|---|---|---|---|
| UPC001 | privileged_writable, group_writable, world_writable (partially) | $O_MESSAGE_STACK The user $O_FILE_USER can write to $O_FILE | we need to add to lib/misc/privileges xinetd |
| UPC002 | privileged_writable, group_writable, world_writable (partially) | $O_MESSAGE_STACK The group $O_FILE_GROUP can write to $O_FILE | we need to add to lib/misc/privileges xinetd |
| UPC003 | privileged_writable, world_writable and others (partially) | $O_MESSAGE_STACK World write is set for $O_FILE (but sticky bit set) | we need to add to lib/misc/privileges xinetd |
| UPC004 | privileged_writable, group_writable, world_writable (partially) | $O_MESSAGE_STACK World write is set for $O_FILE | we need to add to lib/misc/privileges xinetd |
| UPC005 | credentials, homedirs_executable, homedirs_writable, jar, key_material, system_configuration | $O_MESSAGE_STACK The user $O_FILE_USER can read $O_FILE | |
| UPC006 | credentials, homedirs_executable, homedirs_writable, jar, key_material, system_configuration | $O_MESSAGE_STACK The group $O_FILE_GROUP can read $O_FILE | |
| UPC007 | credentials, homedirs_executable, homedirs_writable, jar, key_material, system_configuration | $O_MESSAGE_STACK World read is set for $O_FILE | |
| UPC008 | passwd_hashes | /etc/passwd allows external authentcation | |
| UPC009 | nis_authentication | NIS is used for authentication on this system | |
| UPC010 | ldap_authentication | LDAP is used for authentication on this system | |
| UPC011 | nis_authentication | NIS is used for authentication on this system | |
| UPC012 | ldap_authentication | LDAP is used for authentication on this system | |
| UPC013 | passwd_hashes | There seem to be some password hashes in /etc/passwd | |
| UPC014 | passwd_hashes | The following accounts have no password | |
| UPC015 | shadow_hashes | User $USER doesn't have a password | |
| UPC016 | shadow_hashes | User $USER doesn't have a password | |
| UPC017 | sudo | Sudo is configured. Manually check nothing unsafe is allowed | |
| UPC018 | sudo | Some users can use sudo without a password | |
| UPC019 | postgresql_trust | Postgres trust configured in $DIR/pg_hba.conf $LINE | |
| UPC020 | postgresql_connection | Can connect to local postgres database as "postgres" without a password | |
| UPC021 | postgresql_connection | Can connect to local postgres database as "pgsql" without a password | |
| UPC022 | devices_options | This system is an NFS client. Check for nosuid and nodev options. | |
| UPC023 | setuid, setgid, privileged** | SetUID/SetGID shell script, may be vulnerable to race attacks** | |
| UPC024 | credentials | Cleartext subversion passsword file $FILE | |
| UPC025 | ssh_agent, ssh_key | Encrypted private SSH key found in $KEY | |
| UPC026 | ssh_agent, ssh_key | Unencrypted private SSH key found in $KEY | |
| UPC027 | credentials | Public SSH Key Found in $HOMEDIR/.ssh/authorized_keys | We only list identified authorized_keys file, do not parse its content |
| UPC028 | ssh_agent | There are SSH agents running on this system | |
| UPC029 | ssh_agent | SSH Agent has keys loaded [SSH_AUTH_SOCK=$SSH_AUTH_SOCK] | |
| UPC030 | gpg_agent | There are GPG agents running on this system | |
| UPC031 | system_nx | No NX | |
| UPC032 | system_nx | No NX logging | |
| UPC033 | system_nx | Auditing not enabled | |
| UPC034 | system_nx | No NX | |
| UPC035 | system_nx | NX set to logging only | |
| UPC036 | system_aslr | No ASLR | |
| UPC037 | system_aslr | Conservative ASLR | |
| UPC038 | system_mmap | mmap allows map to 0 | |
| UPC039 | system_selinux | SELinux does not enforce | |
| UPC040 | privileged_nx, system_nx | NX not enabled | |
| UPC041 | privileged_ssp | SSP not enabled | |
| UPC042 | privileged_ssp | SSP not enabled | |
| UPC043 | TODO | fscaps shell script, may be vulnerable to race attacks |