Update linuxprivchecker.sh #8
Conversation
I made quiet a few changes to this script by merging it with my own version. I'm all hears for suggestions and my feelings wont get hurt if it gets rejected. I've learned a lot from the original script written folks here.
|
Hey @alibkaba, I like what you've done. You definitely put in a bit of work. I've downloaded the patch and have run it on a VM just to make sure that everything works fine. I've also stepped through the code to review the changes. There is one change that I am a little concerned about and another that is mostly preference. Concern On a note, if I noticed that logs were missing out of my own systems. I would immediately triage my system and start looking at the network to see if I could find out what happened. Preference When we originally ported this script over, we did it in such a way that we would keep the formatting of the old privilege escalation checking script that is so well known in the pentesting community, but I like what you've done with the appearance. Let me know what you think. |
linuxprivchecker.sh
Outdated
|
|
||
| echo -e "\n[+] Installed Tools" | ||
| formatCommand "which awk perl python ruby gcc cc vi vim nmap find netcat nc wget tftp ftp 2>/dev/null" | ||
| systemNAME="Clearing /var/log/auth.log"; |
There was a problem hiding this comment.
I think I have to agree with @5aru. Simply wiping those files away is probably not the best way of cleaning up. If you can think up a good way to do a regex to filter out only the logs this script creates, that would be ideal. Otherwise we should leave log cleaning up to the person running the script.
There was a problem hiding this comment.
Good point, I totally agree with this. I added this function in the early stages of my pen testing experience (and off a book).
linuxprivchecker.sh
Outdated
| echo -ne "awk-->\tawk 'BEGIN {system(\"/bin/bash\")}'\n" | sed 's|^| |' | ||
| fi | ||
| systemNAME="Setting history max lines to 0"; | ||
| cmdRESPONSE "export HISTFILESIZE=0"; |
There was a problem hiding this comment.
It is probably not the best Idea to clear the history. I know that personally if I logged into one of my boxes and there was no history, I would start to be suspicious of what could have happened. In my opinion you should remove everything in the cleanup except for lines 260 and 261 which should move to the beginning somewhere. Also the exports that you are doing here are probably useless unless people are sourcing this file. feel free to argue your point.
|
@5aru @linted Thanks for the feedback. |
I still need to work on line 212 and 222...228
|
I got a question @5aru @linted. I'm worry that these might not work on older bash version and I tried to look for the manual but I only see the latest one. Comments, suggestions would be appreciated. |
|
@alibkaba, I really haven't looked into that, but how about we put that into another pull request instead of this one. They are definitely different issues. I'm going to approve this pull request... Thanks for all the work. |
|
Okay @5aru . I just discovered what Travis does and learning it at work, so my code might get a little better. |
|
@alibkaba, I've reverted the old pull request per your request. |
|
Thanks @5aru , I just want to make sure I thoroughly test the my crappy code. |
|
@5aru @linted I gotta say, I wish I knew Travis CI years ago...I've been doing everything manually and it has been time consuming. |
I made quite a few changes to this script by merging it with my own version. I'm all hears for suggestions and my feelings won't get hurt if it gets rejected. I've learned a lot from the original script written by folks here. @5aru @linted
I don't need this to be merged in yesterday. Please, take your time to review it and test. I'll be doing the same while I prepare for my OSCP exam I have in 2 weeks.
Edit: I definitely want some feedback on how it's coded.