yasat/plugins/0000750000175000017500000000000012466647721014124 5ustar montjoiemontjoieyasat/plugins/nfs.advice0000640000175000017500000000147112457227301016057 0ustar montjoiemontjoieEN,NFS_EXPORT_SUBTREE_CHECK=TODO See http://nfs.sourceforge.net/ Section C7 ADVICEEND EN,NFS_EXPORT_NO_ROOT_SQUASH=If you can, unset no_root_squash Map requests from uid/gid 0 to the anonymous uid/gid. This is the default. See http://nfs.sourceforge.net/ Section C7 ADVICEEND EN,NFS_EXPORT_NO_INTR=Set intr option See http://nfs.sourceforge.net/ Section D12 ADVICEEND EN,NFS_EXPORT_UDP=Prefer TCP over UDP See http://nfs.sourceforge.net/nfs-howto/ar01s05.html Section 5.4 ADVICEEND EN,NFS_CLIENT_NOAC=For performance, unset noac See http://nfs.sourceforge.net/ Section B9 ADVICEND yasat/plugins/partition.advice0000640000175000017500000000040612457227301017277 0ustar montjoiemontjoieEN,PARTITION_NODEV=Add a nodev options in /etc/fstab EN,PARTITION_NOEXEC=Add a noexec options in /etc/fstab EN,PARTITION_NOSUID=Add a nosuid options in /etc/fstab EN,PARTITION_SEPARATE_PART=With a separate partition, you can put options like nodev,noexec,nosuid yasat/plugins/kernel.advice0000640000175000017500000001207212457227301016550 0ustar montjoiemontjoieEN,KERNEL_CONFIG_COMPAT_BRK=TODO If possible disable it See http://cateee.net/lkddb/web-lkddb/COMPAT_BRK.html ADVICEEND EN,KERNEL_CONFIG_IA32_EMULATION=If not needed, disable IA32 emulation If possible disable it TODO ADVICEEND #http://kerneltrap.org/mailarchive/linux-kernel/2008/2/6/744164 EN,KERNEL_CONFIG_COMPAT_VDSO=TODO If possible disable it See http://cateee.net/lkddb/web-lkddb/COMPAT_VDSO.html ADVICEEND EN,KERNEL_MMAP_MIN_ADDR=Set this to 4096 Many security flaw have been found in Linux kernel that can be exploited if this value is 0 See http://lwn.net/Articles/360371/ TODO had more links to explain ADVICEEND EN,KERNEL_CONFIG_MCE=Enable MCE support in kernel Enable it, it allows Linux to check/detect some hardware problem. See http://en.wikipedia.org/wiki/Machine_Check_Exception ADVICEEND EN,KERNEL_NO_NX_BIT=Check NX bit support for your processor NX bit is available on all x86 processors that have 64bit support, both AMD and Intel. If your processor is recent, check your BIOS for enable it. (sometime called noexec, memory protection etc...) See http://en.wikipedia.org/wiki/NX_bit for more informations on NX bit. ADVICEEND EN,KERNEL_NO_CONFIG=Can't find you kernel config Either you recompile your kernel with CONFIG_IKCONFIG_PROC or either you provide the .config to yasat with YASAT_PATH_TO_KERNEL_CONFIG <- TODO ADVICEEND EN,KERNEL_CONFIG_STRICT_DEVMEM=Disable access to /dev/mem http://bugs.archlinux.org/task/14317 If this option is disabled, you allow userspace (root) access to all of memory, including both kernel and userspace memory. Accidental access to this is obviously disastrous, but specific access can be used by people debugging the kernel. Note that with PAT support enabled, even in this case there are restrictions on /dev/mem use due to the cache aliasing requirements. If this option is switched on, the /dev/mem file only allows userspace access to PCI space and the BIOS code and data regions. This is sufficient for dosemu and X and all common users of /dev/mem. (Doc from kernel config) ADVICEEND EN,KERNEL_CONFIG_DEVKMEM=Disable the creation of /dev/kmem The /dev/kmem device is rarely used, but can be used for certain kind of kernel debugging operations. (Doc from kernel config) ADVICEEND EN,KERNEL_EXEC_SHIELD=Enable Exec-Shield Exec-Shield is kernel patches for using NX. It is included by default on Redhat Linux and clones. Activate it by "echo 1 > /proc/sys/kernel/exec-shield" Add "kernel.exec-shield = 1" in /etc/sysctl.conf to make the change persistent. See http://people.redhat.com/mingo/exec-shield/ See also http://lwn.net/Articles/144107/ ADVICEEND EN,OPENBSD_SECURE_LEVEL_BELOW_ZERO=Set secure level at level 0 or more See http://www.openbsd.org/cgi-bin/man.cgi?query=securelevel&sektion=7&arch=&apropos=0&manpath=OpenBSD+Current ADVICEEND EN,KERNEL_CONFIG_PAX=Use PAX to harden your kernel See http://grsecurity.net/ TODO do more explanation ADVICEEND EN,KERNEL_CONFIG_GRSEC=Use GRsec to harden your kernel See http://grsecurity.net/ TODO do more explanation ADVICEEND EN,KERNEL_CONFIG_SECURITY_SELINUX=Use SELinux to harden your kernel See http://fedoraproject.org/wiki/SELinux/ TODO do more explanation ADVICEEND EN,KERNEL_USB_MODULES=On a server, disable USB On a server disable all possible ways to connect removable devices. TODO Link to DMA attacks with USB/Firewire like http://www.breaknenter.org/projects/inception/ ADVICEEND EN,KERNEL_FIREWIRE_MODULES=On a server, disable FireWire On a server disable all possible ways to connect removable devices. TODO Link to DMA attacks with USB/Firewire like http://www.breaknenter.org/projects/inception/ ADVICEEND EN,KERNEL_RANDOM_VA_SPACE=Activate the randomize_va_space See /usr/src/linux/Documentation/sysctl/kernel.txt You can activate it with sysctl kernel.randomize_va_space=2. Add "kernel.randomize_va_space = 2" in /etc/sysctl.conf to make the change persistent. You can also access it with /proc/sys/kernel/randomize_va_space ADVICEEND EN,KERNEL_CONFIG_DEBUG_SET_MODULE_RONX=Set KERNEL_CONFIG_DEBUG_SET_MODULE_RONX See http://lwn.net/Articles/422487/ ADVICEEND EN,KERNEL_CONFIG_DEBUG_RODATA=Set KERNEL_CONFIG_DEBUG_RODATA TODO ADVICEEND EN,KERNEL_CONFIG_DEBUG_STRICT_USER_COPY_CHECKS=Set KERNEL_CONFIG_DEBUG_STRICT_USER_COPY_CHECKS TODO ADVICEEND EN,KERNEL_HW_VIRT=If not needed, disable it If you do not use theses virtualization helper, disable it. ADVICEEND yasat/plugins/dhcp.test0000640000175000017500000000473112457227301015735 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check dhcp" TESTNAME='YASAT_TEST_SERVICE_DHCPD NSAG=3.9.3 CCEID=4336-4 Check if the dhcpd service is disabled' Check_auto_start dhcpd packages no 3.9.3 4336-4 DHCPD_PKGNAME='dhcp' case $LINUX_VERSION in Debian) DHCPD_PKGNAME='isc-dhcp-server' ;; Centos) DHCPD_PKGNAME='dhcp' ;; 'Red Hat') DHCPD_PKGNAME='dhcp' ;; Gentoo) DHCPD_PKGNAME='net-misc/dhcp' #TODO Package have USE server and client ;; esac #client net-misc/dhcpcd isc-dhcp-client TESTNAME='YASAT_TEST_PACKAGES_DHCPD NSAG=3.9.3 CCEID=4464-4 Check if the dhcp packages is installed' Is_installed_via_package_manager $DHCPD_PKGNAME packages no 3.9.3 4464-4 TESTNAME='YASAT_TODO NSAG=3.9.4.1 CCEID=4257-2 Do Not Use Dynamic DNS' Compliance --result NOTIMPL --plugin dhcp --nsag 3.9.4.1 --cce 4257-2 TESTNAME='YASAT_TODO NSAG=3.9.4.2 CCEID=4403-2 Deny Decline Messages' Compliance --result NOTIMPL --plugin dhcp --nsag 3.9.4.2 --cce 4403-2 TESTNAME='YASAT_TODO NSAG=3.9.4.3 CCEID=4345-5 Deny BOOTP Queries' Compliance --result NOTIMPL --plugin dhcp --nsag 3.9.4.3 --cce 4345-5 TESTNAME='YASAT_TODO NSAG=3.9.4.4 CCEID=3724-2,4243-2,4389-3,3913-1,4169-9,4318-2,4319-0 Minimize Served Information' Compliance --result NOTIMPL --plugin dhcp --nsag 3.9.4.4 --cce 3724-2 --cce 4243-2 --cce 4389-3 --cce 3913-1 --cce 4169-9 --cce 4318-2 --cce 4319-0 TESTNAME='YASAT_TODO NSAG=3.9.4.5 CCEID=3733-3 Configure Logging' Compliance --result NOTIMPL --plugin dhcp --nsag 3.9.4.5 --cce 3733-3 return 0; yasat/plugins/ldap.advice0000640000175000017500000000152112457227301016205 0ustar montjoiemontjoieEN,LDAP_NO_TLS=Enable TLS for slapd Its preferable to do LDAP request via a TLS secured connection. Obsolete http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html ADVICEEND EN,LDAP_PASSWD_CLEAR=Use a secure storage for passwd Don't store passwords in cleartext, use a hash algorithm instead ADVICEEND EN,LDAP_BINDV2=Disable bindv2 If possible disable the use of the LDAPv2 protocol. ADVICEEND EN,LDAP_BIND_ANON=Disable anonymous bind According to man slapd.conf, disable bind_anon disables acceptance of anonymous bind requests. Note that this setting does not prohibit anonymous directory access (See "require authc") ADVICEEND EN,LDAP_REQUIRE_AUTHC=Set require authc According to man slapd.conf, authc requires authentication prior to directory operations ADVICEEND yasat/plugins/binaries.suid0000640000175000017500000000005412457227301016572 0ustar montjoiemontjoie/bin/mount /bin/umount /bin/ping /bin/ping6 yasat/plugins/binaries.test0000640000175000017500000001775312457227301016623 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ # * The setuid bit adds 4 to the total, # * The setgid bit adds 2 to the total # * The sticky bit adds 1 to the total. PLUGINDESC="Check system binaries and integrity tools" Title "Check system binaries and integrity tools" #TODO check for AIDE and tripwire they better do this job than me #TODO check for rkhunter TESTNAME='YASAT_TEST_AIDE CCEID=4209-3 NSAG=2.1.3.1.1 Check if AIDE file integrity tester is present' Check_tool_presence aide if [ $? -eq 1 ];then Display --indent 2 --text "AIDE file integrity tester" --result NOTFOUND --color ORANGE --advice BINARIES_NO_AIDE Compliance --result 'NOK' --plugin 'binaries' --type 'CCE' --cid '4209-3' --type 'NSAG' --cid '2.1.3.1.1' --color 'orange' --yasatresult 'NOTFOUND' else Display --indent 2 --text "AIDE file integrity tester" --result FOUND --color GREEN Compliance --result 'OK' --plugin 'binaries' --type 'CCE' --cid '4209-3' --type 'NSAG' --cid '2.1.3.1.1' --color 'green' --yasatresult 'FOUND' #TODO check good usage of AIDE like if aideinit was used or not #AIDE installed is not sufficient fi TESTNAME='YASAT_TEST_TRIPWIRE Check if Tripwire file integrity tester is present' Check_tool_presence tripwire if [ $? -eq 1 ] ;then Display --indent 2 --text "TRIPWIRE file integrity tester" --result NOTFOUND --color ORANGE --advice BINARIES_NO_TRIPWIRE --comp 'OK' 'binaries' else Display --indent 2 --text "TRIPWIRE file integrity tester" --result FOUND --color GREEN --comp 'NOK' 'binaries' #TODO check good usage of TRIPWIRE #TRIPWIRE installed is not sufficient fi TESTNAME='YASAT_TEST_TRIPWIRE Check if chkrootkit is present' Check_tool_presence chkrootkit if [ $? -eq 1 ] ;then Display --indent 2 --text "chkrootkit" --result NOTFOUND --color ORANGE --advice BINARIES_NO_CHKROOTKIT --comp 'OK' 'binaries' else Display --indent 2 --text "chkrootkit" --result FOUND --color GREEN --comp 'NOK' 'binaries' fi TESTNAME='YASAT_TEST_SAMHAIN Check if samhain is present' Check_tool_presence samhain if [ "$RESULTAT" = 'notfound' ];then Display --indent 2 --text "samhain" --result NOTFOUND --color ORANGE --advice BINARIES_NO_SAMHAIN --comp 'OK' 'binaries' else Display --indent 2 --text "samhain" --result FOUND --color GREEN --comp 'NOK' 'binaries' fi BINARY_POSSIBLE_PATH='/sbin /bin /usr/sbin /usr/bin /usr/local/bin /usr/local/sbin /usr/local/usr/bin /usr/local/usr/sbin /lib /usr/lib /usr/libexec /usr/local/lib /lib64 /lib32 /usr/lib64' #echo "DEBUG This check is in development" if [ "$SCANTYPE" = "FULL" ] ; then Display --indent 2 --text "Full setuid-scan of filesystem" --result INFO --color BLUE BINARY_POSSIBLE_PATH='/' fi HAVE_POSIX_CAPS_TOOLS=0 #POSIX CAPS only exists under Linux if [ "$OS_TYPE" = 'Linux' ] ;then which getcap 2>> $ERROR_OUTPUT_FILE >/dev/null if [ $? -eq 0 ] ;then Display --indent 2 --text "POSIX CAPS tools" --result FOUND --color GREEN HAVE_POSIX_CAPS_TOOLS=1 fi if [ $HAVE_POSIX_CAPS_TOOLS -eq 0 ] ; then which filecap 2>> $ERROR_OUTPUT_FILE >/dev/null if [ $? -eq 0 ] ;then Display --indent 2 --text "libcap-ng tools" --result FOUND --color GREEN HAVE_POSIX_CAPS_TOOLS=2 fi fi if [ $HAVE_POSIX_CAPS_TOOLS -eq 0 ] ; then Display --indent 2 --text "POSIX CAPS tools" --result NOTFOUND --color ORANGE --advice BINARIES_NO_POSIXCAPSTOOLS fi fi #TODO check whole filesystem for setuid ? #TODO propose better rights for BIN_PATH in $BINARY_POSSIBLE_PATH do if [ -e "$BIN_PATH" ] ;then Display --indent 2 --text "Checking file with set UID in $BIN_PATH" --result INFO --color BLUE find $BIN_PATH -perm $FIND_SETUID -type f | while read BIN_TO_TEST do RIGHT_ACTUAL="`stat $STAT_FULL_RIGHT $BIN_TO_TEST`" OSTOTEST="${OS}" if [ ! -z "$LINUX_VERSION" ] ;then OSTOTEST="$LINUX_VERSION" fi if [ "$LINUX_VERSION" = 'Debian' ] ;then OSTOTEST="$OS_NICKNAME" fi BIN_TO_TEST2="`echo $BIN_TO_TEST | sed 's/lib64\//lib\//'`" RESULTAT=`grep -v '^#' $PLUGINS_REP/binaries.data | grep "$OSTOTEST" | grep "${BIN_TO_TEST2}|"` if [ -z "$RESULTAT" -a "$LINUX_VERSION" = 'CentOS' ] ;then RESULTAT=`grep -v '^#' $PLUGINS_REP/binaries.data | grep "Red Hat" | grep "${BIN_TO_TEST2}|"` fi if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "$BIN_TO_TEST with $RIGHT_ACTUAL" --result UNKNOWN --color RED --advice BINARIES_UNKNOWN else GOOD_RIGHT=`echo $RESULTAT | cut -d\| -f2` if [ "$RIGHT_ACTUAL" = "$GOOD_RIGHT" ] ;then Display --indent 2 --text "$BIN_TO_TEST with right=$RIGHT_ACTUAL" --result FOUND --color GREEN else Display --indent 2 --text "$BIN_TO_TEST with bad rights $RIGHT_ACTUAL != $GOOD_RIGHT" --result FOUND --color RED --advice BINARIES_BAD_RIGHT fi #a Set-UID binary must be owned by root #TODO On Debian Lenny at is daemon:daemon BINARY_FS_OWNER="`stat $STAT_USER $BIN_TO_TEST`" WANT_USER=`echo $RESULTAT | cut -d\| -f4` if [ -z "$WANT_USER" ];then WANT_USER=root fi if [ "$BINARY_FS_OWNER" != 'root' -a "$BINARY_FS_OWNER" != "$WANT_USER" ] ;then Display --indent 2 --text "$BIN_TO_TEST is not owned by $WANT_USER on the FS" --result WARNING --color RED fi #MD5 for common archs (obsolete, aide/tripwire do that better than me) # GOOD_MD5=`echo $RESULTAT | cut -d\| -f4` # if [ ! -z "$GOOD_MD5" ] # then # MD5_ACTUAL="`md5sum $BIN_TO_TEST | cut -d\ -f1`" # if [ "$MD5_ACTUAL" != "$GOOD_MD5" ] # then # echo $MD5_ACTUAL $GOOD_MD5 # Display --indent 2 --text "$BIN_TO_TEST has incorrect MD5" --result WARNING --color RED # fi # fi fi #TODO some set-uid are not necessary like mount, netstat, ifconfig, traceroute, route and ping (and equivalent for ipv6 ping6 etc..) if [ ! -z "`grep $BIN_TO_TEST ${PLUGINS_REP}/binaries.suid`" ] ; then Display --indent 4 --text "You can remove PERHAPS setuid from $BIN_TO_TEST" --result WARNING --color BLUE --advice BINARIES_REMOVE_SETUID fi #TODO POSIX CAPS (check for XATTR) #getcap /bin/ping6 #/bin/ping6 = cap_net_raw+ep #filecap /bin/ping6 #file capabilities #/bin/ping6 net_raw if [ $HAVE_POSIX_CAPS_TOOLS -ge 1 ] ;then BIN_TO_TEST_NAME="`basename $BIN_TO_TEST`" POSIX_CAPS="`grep ^${BIN_TO_TEST_NAME}= ${PLUGINS_REP}/binaries.caps`" if [ $HAVE_POSIX_CAPS_TOOLS -eq 1 ] ;then ACTUAL_CAPS="`getcap $BIN_TO_TEST | sed 's/.*= //'`" else ACTUAL_CAPS="`filecap $BIN_TO_TEST | grep ^$BIN_TO_TEST | sed 's/.*[[:space:]]//g'`" fi if [ ! -z "$POSIX_CAPS" ] ; then if [ -z "$ACTUAL_CAPS" ] ; then ACTUAL_CAPS="no POSIX CAPS" fi Display --indent 4 --text "${BIN_TO_TEST_NAME} can use POSIX CAPS" --result INFO --color BLUE --advice BINARIES_CAN_HAVE_POSIX_CAPS Display --indent 4 --text "${BIN_TO_TEST_NAME} actual POSIX CAPS" --result "$ACTUAL_CAPS" --color BLUE Display --indent 4 --text "${BIN_TO_TEST_NAME} need POSIX CAPS $POSIX_CAPS" --result INFO --color BLUE add_correction "#setcap $POSIX_CAPS+ep $BIN_TO_TEST" fi fi done # else # echo "DEBUG $BIN_PATH dont exists" fi done #TODO store scan result for comparing later results yasat/plugins/postfix.test0000640000175000017500000000653512457721317016525 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ POSSIBLE_POSTFIX_CONF="/etc/postfix/main.cf /usr/local/etc/postfix/main.cf" POSTFIX_CONF="/etc/postfix/main.cf" for LOCATION in ${POSSIBLE_POSTFIX_CONF} do if [ -e "${LOCATION}" ] then POSTFIX_CONF="${LOCATION}" fi done Title "Check postfix" if [ ! -e "$POSTFIX_CONF" ] then return 1; fi FindValueOfEqual $POSTFIX_CONF smtp_tls_cert_file JUSTTEST if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "TLS $RESULTAT" --result OK --color GREEN check_file $RESULTAT 4 CERT else Display --indent 2 --text "No TLS" --result ADVICE --color ORANGE --advice POSTFIX_NO_TLS fi FindValueOfEqual $POSTFIX_CONF smtp_tls_key_file JUSTTEST if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "TLS $RESULTAT" --result OK --color GREEN check_file $RESULTAT 4 PRIVKEY else Display --indent 2 --text "No TLS" --result ADVICE --color ORANGE --advice POSTFIX_NO_TLS fi FindValueOfEqual $POSTFIX_CONF smtpd_tls_cert_file JUSTTEST if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "TLS $RESULTAT" --result OK --color GREEN check_file $RESULTAT 4 CERT else Display --indent 2 --text "No TLS" --result ADVICE --color ORANGE --advice POSTFIX_NO_TLS fi FindValueOfEqual $POSTFIX_CONF smtpd_tls_key_file JUSTTEST if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "TLS $RESULTAT" --result OK --color GREEN check_file $RESULTAT 4 PRIVKEY else Display --indent 2 --text "No TLS" --result ADVICE --color ORANGE --advice POSTFIX_NO_TLS fi FindValueOfEqual $POSTFIX_CONF smtpd_use_tls JUSTTEST if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "smtpd_use_tls is obsolete, use smtpd_tls_security_level instead" --result OBSOLETE --color ORANGE --advice POSTFIX_OBSOLETE_TLS else Display --indent 2 --text "No smtpd_use_tls" --result NOTFOUND --color GREEN fi FindValueOfEqual $POSTFIX_CONF smtp_use_tls JUSTTEST if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "smtp_use_tls is obsolete, use smtp_tls_security_level instead" --result OBSOLETE --color ORANGE --advice POSTFIX_OBSOLETE_TLS else Display --indent 2 --text "No smtp_use_tls" --result NOTFOUND --color GREEN fi # http://www.postfix.org/TLS_README.html #TODO relay domains #TODO obsolete smtpd_use_tls #TODO check rights of file (like virtual_uid_maps) #TODO check ending of smtpd_sender_restriction (must be reject_unauth_destination) #TODO smtpd_tls_protocols sslv2/v3 return 0; yasat/plugins/process.advice0000640000175000017500000000044212457227301016744 0ustar montjoiemontjoieEN,PROCESS_NOT_BE_ROOT=This process must not be run as root EN,PROCESS_ONLY_ROOT=Logically, this process must be run as root (send a bug ?) EN,PROCESS_MAY_NOT_BE_ROOT=Does this process need to be run as root ? EN,PROCESS_CAN_BE_ROOT=This process may be run as a non-root user in some cases yasat/plugins/xinetd.advice0000640000175000017500000000116512457227301016564 0ustar montjoiemontjoieEN,XINETD_SERVICES_USELESS=Remove unused services from xinetd (even if disabled) EN,XINETD_SERVICES_OPTIONAL=Are these services in use ?(remove it otherwise) EN,XINETD_SERVICES_NODISABLE=Disable this services if you don't use it EN,XINETD_SERVICES_NO_LOG_TYPE=Add a log_type entry Set where xinetd logs goes (SYSLOG or FILE). See man xinetd.conf (search for log_type) ADVICEEND EN,XINETD_SERVICES_NO_LOG_FAILURE=Add a log_on_failure entry ADVICEEND EN,XINETD_SERVICES_NO_ONLY_FROM=Add a only_from entry If this service is non-public, restrain with a only_from its access. Like only_from = 127.0.0.1 192.168.1.2 ADVICEEND yasat/plugins/xinetd.test0000640000175000017500000001512012457227301016304 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ #TODO check user #TODO check group #TODO check disable #TODO check server (existence suid etc...) #TODO check for log type in activatd services #TODO check for umask #TODO per_source instances #TODO check cps max_load #TODO includedir POSSIBLE_XINETD_CONF="/etc/xinetd.conf /usr/local/etc/xinetd.conf" XINETD_CONF="/etc/xinetd.conf" POSSIBLE_XINETD_REP="/etc/xinetd.d /usr/local/etc/xinetd.d" XINETD_REP="/etc/xinetd.d" POSSIBLE_INETD_CONF="/etc/inetd.conf /usr/local/etc/inetd.conf" INETD_CONF="/etc/inetd.conf" for LOCATION in ${POSSIBLE_XINETD_CONF} do if [ -e "${LOCATION}/" ] then XINETD_CONF="${LOCATION}" fi done for LOCATION in ${POSSIBLE_INETD_CONF} do if [ -e "${LOCATION}/" ] then INETD_CONF="${LOCATION}" fi done for LOCATION in ${POSSIBLE_XINETD_REP} do if [ -e "${LOCATION}/" ] then XINETD_REP="${LOCATION}" fi done #does log_type is set by default on xinetd.conf ? XINETD_LOG_TYPE_DEFAULT=0 #TODO check if inetd and xinetd is launched by default Title "Check inetd" if [ -e "$INETD_CONF" ] then Display --indent 2 --text "$INETD_CONF" --result FOUND --color BLUE grep -v '^#' $INETD_CONF | sed 's/[[:space:]].*//g' | sed 's/^.*://g' | sort | uniq | while read INETD_SERVICE do RESULTAT=`grep "^${INETD_SERVICE}|" $PLUGINS_REP/xinetd.data` if [ -z "$RESULTAT" ] then Display --indent 4 --text "Service $INETD_SERVICE unknown" --result FOUND --color BLUE else INETD_OPT_SERVICES_TEST="`echo "$RESULTAT" | cut -f2 -d\|`" INETD_OPT_SERVICES_ADVICE="`echo "$RESULTAT" | cut -f3 -d\|`" case $INETD_OPT_SERVICES_TEST in O) Display --indent 4 --text "$INETD_SERVICE" --result FOUND --color ORANGE --advice $INETD_OPT_SERVICES_ADVICE ;; R) Display --indent 4 --text "$INETD_SERVICE" --result FOUND --color GREEN --advice $INETD_OPT_SERVICES_ADVICE #TODO check only_from etc... ;; *) Display --indent 4 --text "$INETD_SERVICE" --result FOUND --color RED --advice $INETD_OPT_SERVICES_ADVICE ;; esac fi done #else # Display --indent 2 --text "No $INETD_CONF" --result NOTFOUND --color BLUE fi Title "Check xinetd" if [ -e "$XINETD_CONF" ] then Display --indent 2 --text "$XINETD_CONF" --result FOUND --color BLUE FindValueOf $XINETD_CONF 'includedir' JUSTCHECK if [ -z "$RESULTAT" ] then Display --indent 4 --text "includedir" --result NOTFOUND --color ORANGE else Display --indent 4 --text "includedir" --result "$RESULTAT" --color GREEN fi FindValueOf $XINETD_CONF 'log_type' JUSTCHECK if [ -z "$RESULTAT" ] then Display --indent 4 --text "log_type" --result NOTFOUND --color ORANGE --advice XINETD_SERVICES_NO_LOG_TYPE else Display --indent 4 --text "log_type" --result "$RESULTAT" --color GREEN XINETD_LOG_TYPE_DEFAULT=1 fi fi if [ -d "$XINETD_REP" ] then Display --indent 2 --text "$XINETD_REP" --result FOUND --color GREEN ls $XINETD_REP | while read XINETD_SERVICE do RESULTAT=`grep "^${XINETD_SERVICE}|" $PLUGINS_REP/xinetd.data` if [ -z "$RESULTAT" ] then Display --indent 4 --text "Service $XINETD_SERVICE unknown" --result FOUND --color BLUE XINETD_LOG_ON_FAILURE=0 XINETD_ONLY_FROM=0 XINETD_LOG_TYPE=0 grep -v '^$' ${XINETD_REP}/${XINETD_SERVICE} | grep -v '^#' | sed 's/^[[:space:]]*//g' | while read XINETD_SERVICE_LINE do if [ ! -z "`echo $XINETD_SERVICE_LINE | grep -i '^[[:space:]]*service'`" ] then NAME_OF_SERVICE=`echo "$XINETD_SERVICE_LINE" | sed 's/^[[:space:]]*service[[:space:]]*//g'` Display --indent 6 --text "Service $NAME_OF_SERVICE" --result FOUND --color BLUE fi if [ ! -z "`echo "$XINETD_SERVICE_LINE" |grep 'log_on_failure'`" ] then Display --indent 6 --text "log_on_failure" --result FOUND --color GREEN XINETD_LOG_ON_FAILURE=1 fi if [ ! -z "`echo "$XINETD_SERVICE_LINE" |grep 'only_from'`" ] then Display --indent 6 --text "only_from" --result FOUND --color GREEN XINETD_ONLY_FROM=1 fi if [ ! -z "`echo "$XINETD_SERVICE_LINE" |grep 'log_type'`" ] then Display --indent 6 --text "log_type" --result FOUND --color GREEN XINETD_LOG_TYPE=1 fi if [ ! -z "`echo "$XINETD_SERVICE_LINE" |grep '}'`" ] then Display --indent 6 --text "End of service" --result FOUND --color BLUE if [ ${XINETD_LOG_ON_FAILURE} -eq 0 ] then Display --indent 8 --text "No log_on_failure for $NAME_OF_SERVICE" --result NOTFOUND --color ORANGE --advice XINETD_SERVICES_NO_LOG_FAILURE fi if [ ${XINETD_ONLY_FROM} -eq 0 ] then Display --indent 8 --text "No only_from for $NAME_OF_SERVICE" --result NOTFOUND --color ORANGE --advice XINETD_SERVICES_NO_ONLY_FROM fi if [ ${XINETD_LOG_TYPE} -eq 0 -a ${XINETD_LOG_TYPE_DEFAULT} -eq 0 ] then Display --indent 8 --text "No log_type for $NAME_OF_SERVICE" --result NOTFOUND --color ORANGE --advice XINETD_SERVICES_NO_LOG_TYPE fi XINETD_ONLY_FROM=0 XINETD_LOG_ON_FAILURE=0 XINETD_LOG_TYPE=0 fi done else XINETD_OPT_SERVICES_TEST="`echo "$RESULTAT" | cut -f2 -d\|`" XINETD_OPT_SERVICES_ADVICE="`echo "$RESULTAT" | cut -f3 -d\|`" case $XINETD_OPT_SERVICES_TEST in O) Display --indent 4 --text "$XINETD_SERVICE" --result FOUND --color ORANGE --advice $XINETD_OPT_SERVICES_ADVICE ;; R) Display --indent 4 --text "$XINETD_SERVICE" --result FOUND --color GREEN --advice $XINETD_OPT_SERVICES_ADVICE #TODO check only_from etc... ;; *) Display --indent 4 --text "$XINETD_SERVICE" --result FOUND --color RED --advice $XINETD_OPT_SERVICES_ADVICE ;; esac fi done else Display --indent 2 --text "$XINETD_REP" --result NOTFOUND --color BLUE fi return 0 yasat/plugins/tomcat.test0000750000175000017500000001245412457227301016311 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ POSSIBLE_TOMCAT_CONFIG_LOCATION="/etc/tomcat /etc/tomcat-5.5 /etc/tomcat-6" #find /etc/ -type d -iname 'tomcat*' #find / -type d -iname 'jakarta-tomcat-*' # tomcat*/conf/server.xml #/var/lib/tomcat on gentoo #apache-tomcat-5.5.28/ jakarta-tomcat-5.5.23 #grepping CATALINA_BASE= in etc can inform if a tomcat is present #In web.xml check for value of Xpoweredby (must be false) #TODO check the xxx must not be a simple password Title "Check Tomcat" if [ "$SCANTYPE" != "FULL" ] ;then Display --indent 2 --text "Check tomcat" --result SKIP --color BLUE --advice GLOBAL_SKIPPED_LONG_TESTS return 1; fi TMP_RESULT="${TEMPYASATDIR}/tomcat_locations" TMP_RESULT2="${TEMPYASATDIR}/tomcat_rights" echo " Searching for a tomcat installation, please wait..." #find /sources ! -fstype nfs -iregex '.*tomcat[0-9.-]*/conf' > $TMP_RESULT find / -fstype nfs -prune -o -fstype proc -prune -o -iregex '.*tomcat[0-9.-]*/conf' -print > $TMP_RESULT if [ "`cat $TMP_RESULT | wc -l`" -eq 0 ] ;then Display --indent 2 --text "No tomcat found" --result NOTFOUND --color GREEN return 1; fi cat $TMP_RESULT | while read line do REP_WEBAPPS="`echo $line | sed 's/conf.*/webapps/g'`" BASE_TOMCAT="`echo $line | sed 's/conf.*//g' | sed 's/\/$//g'`" SERVERXML="$line/server.xml" PASSFILE="$line/tomcat-users.xml" TOMCAT_VERSION="`echo $BASE_TOMCAT | sed 's/^.*tomcat-//g'`" TOMCAT_MAJOR_VERSION="`echo $TOMCAT_VERSION | sed 's/\.[0-9]*$//g' | grep '^[0-9][0-9.]*'`" TOMCAT_MINOR_VERSION="`echo $TOMCAT_VERSION | sed 's/^.*\.//g' | grep '^[0-9][0-9]*'`" if [ -z "`echo $TOMCAT_MAJOR_VERSION |grep '[0-9.]*'`" -o -z "`echo $TOMCAT_MINOR_VERSION |grep '[0-9.]*'`" ] then TOMCAT_MINOR_VERSION="0" TOMCAT_MAJOR_VERSION="0" fi echo "DEBUG MAJOR=$TOMCAT_MAJOR_VERSION MINOR=$TOMCAT_MINOR_VERSION" if [ -e "$REP_WEBAPPS" ] then Display --indent 2 --text "Webapps $REP_WEBAPPS" --result FOUND --color GREEN #check default webapps jsp-examples balancer servlets-examples tomcat-docs webdav manager ls $REP_WEBAPPS | while read webapp_line do if [ ! -z "`echo $webapp_line | grep -iE 'balancer|manager|webdav|jsp-examples|servlets-examples|tomcat-docs'`" ] then Display --indent 4 --text "Default webapp $webapp_line" --result FOUND --color ORANGE --advice TOMCAT_DEFAULT_WEBAPP fi done fi if [ -e "$SERVERXML" ] then Display --indent 2 --text "server.xml $SERVERXML" --result FOUND --color GREEN fi if [ -e "$PASSFILE" ] then Display --indent 2 --text "PASSFILE $PASSFILE" --result FOUND --color GREEN grep 'password=' "$PASSFILE" | while read passline do # echo " Check $passline" PASSNAME="`echo $passline | sed 's/^.*name="//g' | sed 's/\".*//g'`" PASSWORD="`echo $passline | sed 's/^.*password="//g' | sed 's/\".*//g'`" # echo " NAME=$PASSNAME $PASSWORD" #known password jonas tomcat admin if [ ! -z "`echo $PASSWORD | grep -iE 'tomcat|admin|jonas'`" ] then Display --indent 4 --text "Default password for $PASSNAME" --result "$PASSWORD" --color RED --advice TOMCAT_DEFAULT_PASSWORD fi done fi if [ -e "$BASE_TOMCAT" ] then Display --indent 2 --text "Tomcat $TOMCAT_VERSION found at $BASE_TOMCAT" --result FOUND --color GREEN check_directory_others $BASE_TOMCAT $TMP_RESULT2 4 fi if [ "$TOMCAT_MAJOR_VERSION" != "0" -a "$TOMCAT_MINOR_VERSION" != "0" ] ;then if [ "$TOMCAT_MAJOR_VERSION" = "5.5" -a "$TOMCAT_MINOR_VERSION" -le 34 ] ;then Display --indent 2 --text "Tomcat $TOMCAT_VERSION" --result OLD --color ORANGE else if [ "$TOMCAT_MAJOR_VERSION" = "5.0" ] ; then #obsolete version Display --indent 2 --text "Tomcat $TOMCAT_VERSION" --result OLD --color RED fi fi fi #TODO check for Connector TMP_RESULT="${TEMPYASATDIR}/tomcat_server.tmp" echo "" > $TMP_RESULT echo "" > ${TMP_RESULT}.final cat $SERVERXML | while read line do echo -n "$line" | sed 's,-->,\n-->\n,g' | sed 's,' ] ; then COMMENT=0 fi fi done < $TMP_RESULT rm $TMP_RESULT rm ${TMP_RESULT}.final done yasat/plugins/ssh.test0000640000175000017500000002230112466352215015610 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ SSH_CONF_REP="${SCAN_ROOT}/etc/ssh/" Title "Check ssh and sshd configurations" if [ ! -e "$SSH_CONF_REP" ]; then echo "strange no ssh directory" return 1; fi TESTNAME='YASAT_TEST_SSH Disable and Remove OpenSSH Software' Compliance --result 'NOTTESTED' --plugin ssh --nsag 3.5.1.1 --cce 4268-9 --cce 4272-1 TESTNAME='YASAT_TEST_SSH Remove SSH Server iptables Firewall Exception' Compliance --result 'NOTTESTED' --plugin ssh --nsag 3.5.1.2 --cce 4295-2 TESTNAME='YASAT_TEST_SSH Limit Users SSH Access' Compliance --result 'NOTTESTED' --plugin ssh --nsag 3.5.2.2 TESTNAME='YASAT_TEST_SSH Set Idle Timeout Interval for User Logins' Compliance --result 'NOTTESTED' --plugin ssh --nsag 3.5.2.3 --cce 14061-6 TESTNAME='YASAT_TEST_SSH Enable a Warning Banner' Compliance --result 'NOTIMPL' --plugin ssh --nsag 3.5.2.8 --cce 4431-3 TESTNAME='YASAT_TEST_SSH Do Not Allow Users to Set Environment Options' Compliance --result 'NOTIMPL' --plugin ssh --nsag 3.5.2.9 --cce 14716-5 TESTNAME='YASAT_TEST_SSH Use Only Approved Ciphers in Counter Mode' Compliance --result 'NOTIMPL' --plugin ssh --nsag 3.5.2.10 --cce 14491-5 TESTNAME='YASAT_TEST_SSH Strengthen Firewall Configuration if Possible' Compliance --result 'NOTIMPL' --plugin ssh --nsag 3.5.2.11 #TODO not always /usr/sbin/sshd check_file "${SCAN_ROOT}/usr/sbin/sshd" 2 BINARY TESTNAME='YASAT_TEST_SSH_PERMITROOTLOGIN NSAG=3.5.2.6 CCEID=4387-7 PermitRootLogin must be set to no' FindValueOf ${SSH_CONF_REP}/sshd_config PermitRootLogin JUSTTEST check_value "$RESULTAT" 'no' 'false' 'PermitRootLogin' 'RED' 'SSH_ROOT_LOGIN' 3.5.2.6 4387-7 #if [ ! -z "$RESULTAT" ] ; then # if [ "$RESULTAT" = "yes" ] ;then # Display --indent 2 --text "PermitRootLogin" --result "$RESULTAT" --color RED --advice SSH_ROOT_LOGIN # else # Display --indent 2 --text "PermitRootLogin" --result "$RESULTAT" --color GREEN # fi #else # Display --indent 2 --text "PermitRootLogin" --result NOTFOUND --color RED --advice SSH_ROOT_LOGIN #fi TESTNAME='YASAT_TEST_SSH_2 NSAG=3.5.2.7 CCEID=3660-8 PermitEmptyPassword must be set to no' FindValueOf ${SSH_CONF_REP}/sshd_config PermitEmptyPassword JUSTTEST check_value "$RESULTAT" 'no' 'false' 'PermitEmptyPassword' 'RED' 'TODO' 3.5.2.7 3660-8 #if [ ! -z "$RESULTAT" ] ; then # if [ "$RESULTAT" = "no" ] ;then # Display --indent 2 --text "PermitEmptyPassword" --result "$RESULTAT" --color RED # else # Display --indent 2 --text "PermitEmptyPassword" --result "$RESULTAT" --color GREEN # fi #else # Display --indent 2 --text "PermitEmptyPassword" --result NOTFOUND --color GREEN #fi TESTNAME='YASAT_TEST_SSH_3 NSAG=3.5.2.5 CCEID=4370-3 HostbasedAuthentication must be set to no' FindValueOf ${SSH_CONF_REP}/sshd_config HostbasedAuthentication JUSTTEST check_value "$RESULTAT" 'no' 'false' 'HostbasedAuthentication' 'RED' 'TODO' 3.5.2.5 4370-3 #if [ ! -z "$RESULTAT" ] ;then # if [ "$RESULTAT" = "yes" ] ;then # Display --indent 2 --text "HostbasedAuthentication" --result "$RESULTAT" --color RED # else # Display --indent 2 --text "HostbasedAuthentication" --result "$RESULTAT" --color GREEN # fi #else # Display --indent 2 --text "HostbasedAuthentication" --result NOTFOUND --color GREEN #fi TESTNAME='YASAT_TEST_SSH_4 RhostsAuthentication must be set to no' FindValueOf ${SSH_CONF_REP}/sshd_config RhostsAuthentication JUSTTEST if [ ! -z "$RESULTAT" ] ;then if [ "$RESULTAT" = "yes" ] ;then Display --indent 2 --text "RhostsAuthentication" --result "$RESULTAT" --color RED else Display --indent 2 --text "RhostsAuthentication" --result "$RESULTAT" --color GREEN fi else Display --indent 2 --text "RhostsAuthentication" --result NOTFOUND --color GREEN fi TESTNAME='YASAT_TEST_SSH_5 NSAG=3.5.2.1 CCEID=4325-7 Protocol must be set to 2' FindValueOf ${SSH_CONF_REP}/sshd_config Protocol JUSTTEST if [ ! -z "$RESULTAT" ] ;then if [ "$RESULTAT" = "2" ] ;then Display --indent 2 --text "Protocol" --result "$RESULTAT" --color GREEN Compliance --result OK --plugin ssh --nsag 3.5.2.1 --cce 4325-7 else Display --indent 2 --text "Protocol" --result "$RESULTAT" --color RED Compliance --result NOK --plugin ssh --nsag 3.5.2.1 --cce 4325-7 fi else Display --indent 2 --text "Protocol" --result NOTFOUND --color GREEN Compliance --result OK --plugin ssh --nsag 3.5.2.1 --cce 4325-7 fi TESTNAME="YASAT_TEST_SSH_STRICT_MODES StrictModes must be set to yes" FindValueOf ${SSH_CONF_REP}/sshd_config StrictModes JUSTTEST if [ ! -z "$RESULTAT" ] ; then if [ "$RESULTAT" = "no" ] ; then Display --indent 2 --text "StrictModes" --result "$RESULTAT" --color RED else Display --indent 2 --text "StrictModes" --result "$RESULTAT" --color GREEN fi else Display --indent 2 --text "StrictModes" --result NOTFOUND --color GREEN fi TESTNAME="YASAT_TEST_SSH_7 UsePrivilegeSeparation must be set to yes" FindValueOf ${SSH_CONF_REP}/sshd_config UsePrivilegeSeparation JUSTTEST if [ ! -z "$RESULTAT" ] ; then if [ "$RESULTAT" = "no" ] ; then Display --indent 2 --text "UsePrivilegeSeparation" --result "$RESULTAT" --color RED else Display --indent 2 --text "UsePrivilegeSeparation" --result "$RESULTAT" --color GREEN fi else Display --indent 2 --text "UsePrivilegeSeparation" --result NOTFOUND --color GREEN fi TESTNAME="YASAT_TEST_SSH_8 X11Forwarding must be set to no" FindValueOf ${SSH_CONF_REP}/sshd_config X11Forwarding JUSTTEST check_value "$RESULTAT" 'no' 'false' 'X11Forwarding' 'ORANGE' 'SSH_X11FORWARDING' TESTNAME='YASAT_TEST_SSH_9 NSAG=3.5.2.4 CCEID=4475-0 IgnoreRhosts must be set to yes' FindValueOf ${SSH_CONF_REP}/sshd_config IgnoreRhosts JUSTTEST check_value "$RESULTAT" 'yes' 'false' 'IgnoreRhosts' 'RED' 'SSH_IGNORERHOSTS' 3.5.2.4 4475-0 #check HostKey #grep ^HostKey "${SSH_CONF_REP}/sshd_config" TESTNAME="YASAT_TEST_SSH_HOST_DSA_KEY Check ssh_host_dsa_key permissions" if [ -e "${SSH_CONF_REP}"/ssh_host_dsa_key ] ; then check_private_key "${SSH_CONF_REP}"/ssh_host_dsa_key 2 sshd if [ $? -eq 0 ];then Compliance --result OK --plugin ssh else Compliance --result NOK --plugin ssh fi fi TESTNAME="YASAT_TEST_SSH_HOST_DSA_KEY_PUB Check ssh_host_dsa_key.pub permissions" if [ -e "${SSH_CONF_REP}"/ssh_host_dsa_key ] ; then check_a_file "${SSH_CONF_REP}"/ssh_host_dsa_key.pub 2 root "$ROOTGROUP" 644 if [ $? -eq 0 ];then Compliance --result OK --plugin ssh else Compliance --result NOK --plugin ssh fi fi TESTNAME="YASAT_TEST_SSH_HOST_RSA_KEY Check ssh_host_rsa_key permissions and keysize" if [ -e "${SSH_CONF_REP}"/ssh_host_rsa_key ] ; then check_private_key "${SSH_CONF_REP}"/ssh_host_rsa_key 2 sshd if [ $? -eq 0 ];then Compliance --result OK --plugin ssh else Compliance --result NOK --plugin ssh fi fi TESTNAME="YASAT_TEST_SSH_HOST_RSA_KEY_PUB Check ssh_host_rsa_key.pub permissions" if [ -e "${SSH_CONF_REP}"/ssh_host_rsa_key ] ; then check_a_file "${SSH_CONF_REP}"/ssh_host_rsa_key.pub 2 root "$ROOTGROUP" 644 if [ $? -eq 0 ];then Compliance --result OK --plugin ssh else Compliance --result NOK --plugin ssh fi fi TESTNAME="YASAT_TEST_SSH_HOST_KEY Check ssh_host_key permissions" if [ -e "${SSH_CONF_REP}"/ssh_host_key ] ; then # check_a_file "${SSH_CONF_REP}"/ssh_host_key 2 root "$ROOTGROUP" 600 check_private_key "${SSH_CONF_REP}"/ssh_host_key 2 sshd if [ $? -eq 0 ];then Compliance --result OK --plugin ssh else Compliance --result NOK --plugin ssh fi fi TESTNAME="YASAT_TEST_SSH_HOST_KEY_PUB Check ssh_host_key.pub permissions" if [ -e "${SSH_CONF_REP}"/ssh_host_key ] ; then check_a_file "${SSH_CONF_REP}"/ssh_host_key.pub 2 root "$ROOTGROUP" 644 if [ $? -eq 0 ];then Compliance --result OK --plugin ssh else Compliance --result NOK --plugin ssh fi fi TESTNAME="YASAT_TEST_SSH_SSHD_CONFIG_PERM Check sshd_config_key permissions" if [ -e "${SSH_CONF_REP}"/sshd_config ] ; then check_a_file "${SSH_CONF_REP}"/sshd_config 2 root "$ROOTGROUP" 600 if [ $? -eq 0 ];then Compliance --result OK --plugin ssh else Compliance --result NOK --plugin ssh fi fi TESTNAME="YASAT_TEST_SSH_SSH_CONFIG_PERM Check sshd_config_key permissions" if [ -e "${SSH_CONF_REP}"/ssh_config ] ; then check_a_file "${SSH_CONF_REP}"/ssh_config 2 root "$ROOTGROUP" 644 if [ $? -eq 0 ];then Compliance --result OK --plugin ssh else Compliance --result NOK --plugin ssh fi fi #TODO if Ciphers is set, check for old cipher (arcfour) (usefull https://bbs.archlinux.org/viewtopic.php?id=188613 ?) return 0; yasat/plugins/classique.test0000640000175000017500000003465312457227301017016 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check common problems" #TODO check TMOUT in /etc/profile and ~/.kde/share/config/kdesktoprc #YASAT_TEST_CLASSIQUE_UMASK1 NSAG=2.2.4.1 CCEID=4220-0 Check if the umask is present in /etc/sysconfig/init #YASAT_TEST_CLASSIQUE_UMASK2 NSAG=xxxx CCEID=xxx Check if the umask is present in /etc/profile #YASAT_TEST_CLASSIQUE_UMASK3 NSAG=xxxx CCEID=xxx Check if the umask is present in /etc/bashrc #YASAT_TEST_CLASSIQUE_UMASK4 NSAG=xxxx CCEID=xxx Check if the umask is present in /etc/login.defs #YASAT_TEST_CLASSIQUE_UMASK5 NSAG=xxxx CCEID=xxx Check if the umask is present in /etc/csh.cshrc UMASK_POSSIBLE_LOCATION='/etc/profile /etc/bashrc /etc/login.defs /etc/csh.cshrc /etc/sysconfig/init' UMASK_IS_GOOD=1 for tmpfile in $UMASK_POSSIBLE_LOCATION do if [ $SCAN_ROOT = '/' ] ; then TMP_FILE="$tmpfile" else TMP_FILE="$SCAN_ROOT/$tmpfile" fi if [ -e "$TMP_FILE" ] ;then FindValueOf $TMP_FILE umask JUSTTEST INSENSITIVE if [ ! -z "$RESULTAT" ] ;then T_CCID='3844-8' um_want='077' if [ "$TMP_FILE" = '/etc/login.defs' ] ;then T_CCID='14107-7' ;fi if [ "$TMP_FILE" = '/etc/csh.cshrc' ] ; then T_CCID='4227-5' ;fi if [ "$TMP_FILE" = '/etc/profile' ] ; then T_CCID='14847-8' ;fi if [ "$TMP_FILE" = '/etc/sysconfig/init' ] ; then T_CCID='4220-0';i um_want=027;fi TESTNAME="YASAT_TEST_CLASSIQUE_UMASK_IN_$TMP_FILE Check if $TMP_FILE have umask $um_want" if [ "$RESULTAT" = $um_want ];then Display --indent 2 --text "umask in $TMP_FILE" --result GOOD --color GREEN Compliance --result 'OK' --plugin 'classique' --type 'CCE' --cid $T_CCID else Display --indent 2 --text "bad umask ($RESULTAT) in $TMP_FILE (not $um_want)" --result WARNING --color RED --advice UMASK_NOT077 Compliance --result 'NOK' --plugin 'classique' --type 'CCE' --cid $T_CCID UMASK_IS_GOOD=0 fi else Display --indent 2 --text "umask in $TMP_FILE" --result NOTFOUND --color ORANGE fi fi done TESTNAME='YASAT_TEST_CLASSIQUE_UMASK All umask in /etc must be ok' if [ $UMASK_IS_GOOD -eq 1 ] ;then Compliance --result 'OK' --plugin 'classique' --type 'NSAG' --cid '2.3.4.4' --type 'CCE' --cid '3870-3' else Compliance --result 'NOK' --plugin 'classique' --type 'NSAG' --cid '2.3.4.4' --type 'CCE' --cid '3870-3' fi if [ -e "/etc/security/limits.conf" -o -e "/etc/security/limits.d" ] ;then Display --indent 2 --text "/etc/security/limits.conf" --result FOUND --color GREEN #check for fork bomb prevention (hard nproc) #TODO for the moment just check if a rule is present (or not), need more analysis TESTNAME='YASAT_TEST_CLASSIQUE_NPROC Check if there a limit of number of process in limits.conf' Get_limits_conf hard nproc if [ -z "$RESULTAT" ] ;then Display --indent 4 --text "Limit for nproc" --result NOTFOUND --color ORANGE --advice NO_FORK_BOMB_PREVENTION else Display --indent 4 --text "Limit for nproc $RESULTAT" --result FOUND --color GREEN fi TESTNAME='YASAT_TEST_CLASSIQUE_COREDUMP NSAG=2.2.4.2 CCEID=4225-9 Disable Core Dumps in limits.conf' Get_limits_conf hard core if [ -z "$RESULTAT" ] ; then NBLINE=0 else NBLINE="`echo $RESULTAT |wc -l`" fi if [ $NBLINE = '0' ] ;then Display --indent 4 --text "Limit for core" --result NOTFOUND --color ORANGE --advice LIMITS_NO_CORE_RESTRICTION Compliance --result 'NOK' --plugin 'classique' --nsag '2.2.4.2' --cce '4225-9' else if [ $NBLINE -ge 2 ] ;then Display --indent 4 --text "Limit for core" --result MULTIPLE --color RED --advice GLOBAL_MULTIPLE_DECLARATIONS Compliance --result 'NOK' --plugin 'classique' --nsag '2.2.4.2' --cce '4225-9' else COREVALUE="`cat ${TMP_RESULT} | cut -d\ -f4`" if [ $COREVALUE = '0' ] ;then Display --indent 4 --text "Limit for core = $COREVALUE" --result FOUND --color GREEN Compliance --result 'OK' --plugin 'classique' --nsag '2.2.4.2' --cce '4225-9' else Display --indent 4 --text "Limit for core = $COREVALUE" --result NOTFOUND --color ORANGE --advice LIMITS_NO_CORE_RESTRICTION Compliance --result 'NOK' --plugin 'classique' --nsag '2.2.4.2' --cce '4225-9' fi fi fi else Display --indent 2 --text "/etc/security/limits.conf" --result NOTFOUND --color BLUE Compliance --result 'NOTTESTED' --plugin 'classique' --nsag '2.2.4.2' --cce '4225-9' fi #if [ -e /etc/hosts.equiv ] #then # Display --indent 2 --text "/etc/hosts.equiv" --result WARNING --color RED --advice TODO #fi if [ "$OS_TYPE" = 'Linux' ] ;then TESTNAME='YASAT_TEST_CLASSIQUE_COREDUMP_SUID1 NSAG=2.2.4.2 CCEID=4247-3 Check if coredump for suid is disabled in sysctl.conf' Get_sysctl fs.suid_dumpable if [ "$RESULTAT" = '0' ] ; then Display --indent 2 --text "SUID Coredumpable in sysctl.conf" --result FOUND --color GREEN Compliance --result 'OK' --plugin 'classique' --type 'NSAG' --cid '2.2.4.2' --cce '4247-3' else Display --indent 2 --text "SUID Coredumpable in sysctl.conf" --result NOTFOUND --color ORANGE --advice SUID_COREDUMPABLE Compliance --result 'NOK' --plugin 'classique' --type 'NSAG' --cid '2.2.4.2' --cce '4247-3' fi TESTNAME='YASAT_TEST_CLASSIQUE_COREDUMP_SUID2 NSAG=2.2.4.2.1 Check f coredump for suid is disabled via sysctl' SUID_DUMP="`sysctl fs.suid_dumpable 2>> $ERROR_OUTPUT_FILE | sed 's/^.*=[[:space:]]*//'`" if [ -z "$SUID_DUMP" ] ; then Display --indent 2 --text "SUID Coredumpable" --result UNKNOW --color BLUE Compliance --result 'NOTTESTED' --plugin 'classique' --type 'NSAG' --cid '2.2.4.2.1' else if [ $SUID_DUMP -eq 0 ] ; then Display --indent 2 --text "SUID Coredumpable" --result NO --color GREEN Compliance --result 'OK' --plugin 'classique' --type 'NSAG' --cid '2.2.4.2.1' else Display --indent 2 --text "SUID Coredumpable" --result YES --color ORANGE --advice SUID_COREDUMPABLE Compliance --result 'NOK' --plugin 'classique' --type 'NSAG' --cid '2.2.4.2.1' fi fi fi TESTNAME='YASAT_TEST_CLASSIQUE_PASSWORD_MINLEN NSAG=2.3.1.7 check minimal password length' if [ -e "${ROOT_SCAN}/etc/login.defs" ] ;then FindValueOf "${ROOT_SCAN}/etc/login.defs" PASS_MIN_LEN JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "Minimum password length" --result NOTSET --color RED --advice PASSWORD_MIN_LENGTH Compliance --result 'NOK' --plugin 'classique' --type 'NASG' --cid '2.3.1.7' else if [ $RESULTAT -le 7 ] ;then Display --indent 2 --text "Minimum password length" --result "$RESULTAT" --color RED --advice PASSWORD_MIN_LENGTH else Display --indent 2 --text "Minimum password length" --result "$RESULTAT" --color GREEN fi fi fi #TODO check content of /etc/issue TESTNAME='YASAT_TEST_CLASSIQUE_LOGIN_BANNER Modify the System Login Banner' if [ -e "${ROOT_SCAN}/etc/issue" ] ; then Compliance --result OK --plugin classique --nsag 2.3.7.1 --cce 4060-0 else Compliance --result NOK --plugin classique --nsag 2.3.7.1 --cce 4060-0 fi TESTNAME='YASAT_TEST_CLASSIQUE_PASSWORD_EXPIRATION Set Password Expiration Parameters' Compliance --result 'NOTIMPL' --plugin 'classique' --type 'NSAG' --cid '2.3.1.7' --type 'CCE' --cid '4180-6' TESTNAME='YASAT_TEST_CLASSIQUE_PATH NSAG=2.3.4.1 CCEID=3301-9 Check the PATH variable' #TODO check for :: PATH_GOOD=1 PATHVALUE="`export |grep [[:space:]]PATH= | sed 's/^.*PATH=//g' | sed 's/\"//g' | sed "s/\'//g" | sed 's/:/ /g'`" for directory in $PATHVALUE do if [ ! -z "`echo $directory | grep -viE '^/usr/local/sbin$|^/usr/local/bin$|^/bin$|^/sbin/*$|^/usr/bin/*$|^/usr/sbin/*|/usr/x86_64-pc-linux-gnu/gcc-bin/.*'`" ] ;then Display --indent 2 --text "PATH $directory" --result UNKNOWN --color ORANGE --advice PATH_UNKNOWN PATH_GOOD=0 fi done if [ $PATH_GOOD -eq 1 ] ;then Display --indent 2 --text "PATH variable" --result GOOD --color GREEN Compliance --result OK --plugin classique --nsag 2.3.4.1 --cce 3301-9 else Compliance --result NOK --plugin classique --nsag 2.3.4.1 --cce 3301-9 fi TESTNAME='YASAT_TEST_CLASSIQUE_TODO Ensure that Roots Path Does Not Include Relative Paths or Null Directories' Compliance --result NOTIMPL --plugin classique --nsag 2.3.4.1.1 TESTNAME='YASAT_TEST_CLASSIQUE_TODO Ensure that Roots Path Does Not Include World-Writable or Group-Writable Directories' Compliance --result NOTIMPL --plugin classique --nsag 2.3.4.1.2 --cce 14957-5 #TODO LD_PRELOAD and other library stuffs if [ -e /etc/ld.so.conf ] then Display --indent 2 --text "/etc/ld.so.conf" --result FOUND --color GREEN TMP_RESULT="${TEMPYASATDIR}/ldsoconf" prepare_generic_conf /etc/ld.so.conf $TMP_RESULT 2> /dev/null cat "$TMP_RESULT" | grep -v '^include' | while read line do # TODO must use more better regex if [ ! -z "`echo $line | grep -v '^/lib$' |grep -v '^/usr/lib$' |grep -v '^/usr/local/lib$' \ | grep -v '^/usr/kde/3.5/lib' | grep -v '^/usr/qt/[0-9]/lib' | grep -v '^/usr/[a-zA-Z0-9_]*-pc-linux-gnu/lib' \ | grep -v '^/usr/lib[64]*/[a-zA-Z0-9]*/*$' |grep -v '^/usr/lib64/openais$' \ | grep -v '^/*/usr/lib/opengl/xorg-x11/lib' | grep -v '^/lib/[a-zA-Z0-9_]-linux-gnu' \ | grep -v '^/*/lib/x86_64-linux-gnu' | grep -v '^/lib/[a-zA-Z0-9_]-linux-gnu' \ | grep -v '^/usr/lib32' | grep -v '^/usr/lib64' \ | grep -v '^/usr/local/lib32' | grep -v '^/usr/local/lib64' \ | grep -v '^/lib32' | grep -v '^/lib64' \ | grep -v '^/usr/lib/[a-zA-Z0-9_]*-linux-gnu' `" ] then Display --indent 4 --text "Unknown lib location $line" --result FOUND --color ORANGE --advice LD_SO_CONF_UNK_LIB fi done fi TESTNAME='YASAT_TEST_CLASSIQUE_CONSOLE CCEID=3685-5 NSAG=2.2.2.1 Check some device ownership' if [ -e "$SCAN_ROOT/etc/security/console.perms.d/50-default.perms" ] ; then #TODO It seems this rules is not needed for recent centos, so no real testing Compliance --result 'NOK' --plugin 'classique' --nsag '2.2.2.1' --cce '3685-5' else Compliance --result 'OK' --plugin 'classique' --nsag '2.2.2.1' --cce '3685-5' fi #TODO find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print TESTNAME='YASAT_TEST_CLASSIQUE_WORLD_WRITABLE_STICKY Verify that All World-Writable Directories Have Sticky Bits Set' Compliance --result 'NOTIMPL' --plugin 'classique' --nsag '2.2.3.2' --cce '3399-3' #TODO find PART -xdev -type f -perm -0002 -print TESTNAME='YASAT_TEST_CLASSIQUE_WORLD_WRITABLE Find Unauthorized World-Writable Files' Compliance --result 'NOTIMPL' --plugin 'classique' --nsag '2.2.3.3' --cce '3795-2' #TODO find PART -xdev \( -perm -4000 -o -perm -2000 \) -type f -print TESTNAME='YASAT_TEST_CLASSIQUE_UNAUTHORIZED_SUID Find Unauthorized SUID/SGID System Executables' Compliance --result 'NOTIMPL' --plugin 'classique' --nsag '2.2.3.4' --cce '14340-4' --cce '14970-8' #find PART -xdev -type d -perm -0002 -uid +500 -print TESTNAME='YASAT_TEST_CLASSIQUE_WORLD_WRITABLE_OWNERSHIP Verify that All World-Writable Directories Have Proper Ownership' Compliance --result 'NOTIMPL' --plugin 'classique' --nsag '2.2.3.6' --cce '14794-2' if [ "$SCANTYPE" != "FULL" ] ;then Display --indent 2 --text "Sanity files checks" --result SKIP --color BLUE --advice GLOBAL_SKIPPED_LONG_TESTS TESTNAME='YASAT_TEST_CLASSIQUE_NO_OWNER NSAG=2.2.3.5 CCEID=3573-3,4223-4 Find and Repair Unowned Files' Compliance --result 'NOTTESTED' --plugin classique --nsag '2.2.3.5' --cce '3573-3' --cce '4223-4' return 1; fi TESTNAME='YASAT_TEST_CLASSIQUE_NO_OWNER NSAG=2.2.3.5 CCEID=3573-3,4223-4 Find and Repair Unowned Files' TMP_RESULT="${TEMPYASATDIR}/files_without_owner" echo ' Checking file without owner (long test)' find / -nouser 2> /dev/null > $TMP_RESULT RESULTAT=`cat $TMP_RESULT | wc -l` if [ $RESULTAT -eq 0 ] ;then Display --indent 4 --text "No file without owner" --result OK --color GREEN Compliance --result 'OK' --plugin classique --nsag '2.2.3.5' --cce '4223-4' else Compliance --result 'NOK' --plugin classique --nsag '2.2.3.5' --cce '4223-4' if [ $RESULTAT -le 10 ] ;then Display --indent 4 --text "$RESULTAT files have no owner" --result WARNING --color RED --advice FILES_WITHOUT_OWNER while read line do Display --indent 4 --text "$line" --result "`stat $STAT_USER $line`" --color RED done < $TMP_RESULT else Display --indent 4 --text "$RESULTAT files have no owner" --result WARNING --color RED --advice FILES_WITHOUT_OWNER fi fi TMP_RESULT="${TEMPYASATDIR}/files_without_group" echo ' Checking file without group (long test)' find / -nogroup 2> /dev/null > $TMP_RESULT RESULTAT=`cat $TMP_RESULT | wc -l` if [ $RESULTAT -eq 0 ] ;then Display --indent 4 --text "No file without group" --result OK --color GREEN Compliance --result 'OK' --plugin classique --nsag '2.2.3.5' --cce '3573-3' else Compliance --result 'NOK' --plugin classique --nsag '2.2.3.5' --cce '3573-3' if [ $RESULTAT -le 10 ] ;then Display --indent 4 --text "$RESULTAT files have no group" --result WARNING --color RED --advice FILES_WITHOUT_GROUP while read line do Display --indent 4 --text "$line" --result "`stat $STAT_GROUP $line`" --color RED done < $TMP_RESULT else Display --indent 4 --text "$RESULTAT files have no group" --result WARNING --color RED --advice FILES_WITHOUT_GROUP fi fi TMP_RESULT="${TEMPYASATDIR}/world.others" echo ' Checking file with write to others (long test)' find / -perm $PERM_OW ! -type l 2> /dev/null |grep -v '^/proc' | grep -v '^/selinux' |grep -v '^/dev' > $TMP_RESULT RESULTAT=`cat $TMP_RESULT | wc -l` if [ $RESULTAT -eq 0 ] then Display --indent 4 --text "No file with others write access" --result OK --color GREEN else if [ $RESULTAT -le 20 ] then Display --indent 4 --text "$RESULTAT files have others write access" --result WARNING --color RED cat $TMP_RESULT | while read line do Display --indent 4 --text "$line" --result "`stat $STAT_RIGHT $line`" --color RED done else Display --indent 4 --text "$RESULTAT files have others write access" --result WARNING --color RED fi fi yasat/plugins/apache_modules.test0000640000175000017500000001610512457227301017766 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ if [ -z "$POSSIBLE_APACHE_BIN" ] ; then POSSIBLE_APACHE_BIN="/usr/sbin/apache2 /usr/local/sbin/httpd /usr/local/sbin/apache2 /usr/sbin/httpd" fi APACHE_BIN="" for LOCATION in ${POSSIBLE_APACHE_BIN} do if [ -x "$SCAN_ROOT/${LOCATION}" ] ;then APACHE_BIN="`echo $SCAN_ROOT/${LOCATION} | sed 's,//*,/,g'`" fi done #for LOCATION in ${POSSIBLE_APACHE_CONFIG_LOCATION} #do # if [ -d "${LOCATION}/" ] # then # APACHE_CONF_REP="${LOCATION}" # fi #done Find_apache_conf_location Title "Check apache modules" if [ -z "${APACHE_BIN}" ] ; then Display --indent 2 --text "No apache binary found" --result NOTFOUND --color BLUE return 1; fi if [ -x "$APACHE_BIN" ] ; then Display --indent 2 --text "$APACHE_BIN" --result FOUND --color GREEN else Display --indent 2 --text "$APACHE_BIN is not executable" --result ERROR --color RED return 1; fi #if [ -l $APACHE_BIN ] ; then # TMP="`readlink $APACHE_BIN`" # if [ -z "`echo $TMP | grep '\.\.'`" ] ; then # APACHE_BIN="$TMP" # else # APACHE_BIN="`basename ${APACHE_BIN}/$TMP`" # fi #fi check_file "$APACHE_BIN" 2 BINARY if [ "$LINUX_VERSION" = "Gentoo" ] ;then . /etc/conf.d/apache2 APACHE_BIN="$APACHE_BIN $APACHE2_OPTS" fi if [ "$LINUX_VERSION" = "Debian" ] ;then if [ -e "$SCAN_ROOT/etc/apache2/envvars" ];then . "$SCAN_ROOT/etc/apache2/envvars" else Display --indent 2 --text "Missing /etc/apache2/envvars" --result WARN --color ORANGE fi fi Check_auto_start $APACHE_PACKAGE_NAME apache_modules any if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] ;then Display --indent 2 --text "$APACHE_PACKAGE_NAME is started at boot" --result UNKNOWN --color BLUE else if [ "$RESULTAT" = "yes" ] then Display --indent 2 --text "$APACHE_PACKAGE_NAME is started at boot" --result YES --color BLUE else Display --indent 2 --text "$APACHE_PACKAGE_NAME is started at boot" --result NO --color GREEN fi fi TESTNAME='YASAT_TEST_APACHE_PACKAGE NSAG=3.16.2.1 CCEID=4346-3 Check if apache is installed via a package' Is_installed_via_package_manager $APACHE_PACKAGE_NAME if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] ;then Display --indent 2 --text "$APACHE_PACKAGE_NAME installation" --result UNKNOWN --color BLUE Compliance --result 'NOTTESTED' --plugin apache --nsag 3.16.2.1 --cce 4346-3 else if [ "$RESULTAT" = "yes" ] ;then Display --indent 2 --text "$APACHE_PACKAGE_NAME is installed by package" --result GOOD --color GREEN Compliance --result 'OK' --plugin apache --nsag 3.16.2.1 --cce 4346-3 else Display --indent 2 --text "$APACHE_PACKAGE_NAME is installed at hand" --result BAD --color ORANGE --advice GLOBAL_PACKAGE_INSTALLED_AT_HAND Compliance --result 'NOK' --plugin apache --nsag 3.16.2.1 --cce 4346-3 fi fi if [ ! -d $APACHE_CONF_REP ] ;then Display --indent 2 --text "No apache found" --result NOTFOUND --color BLUE return 1; else Display --indent 2 --text "$APACHE_CONF_REP " --result FOUND --color GREEN fi prepare_apache_conf $APACHE_CONF_REP APACHE_CONF_LOCATION_TO_TEST="${TEMPYASATDIR}/apache.conf" if [ ! -e "$APACHE_CONF_LOCATION_TO_TEST" ] ;then echo "Error no $APACHE_CONF_LOCATION_TO_TEST" return 1; fi if [ $SCAN_ROOT = '/' ] ; then $APACHE_BIN -t 2>> $ERROR_OUTPUT_FILE if [ $? -eq 1 ] ;then Display --indent 2 --text "$APACHE_BIN return with ERROR CODE" --result WARNING --color RED --advice APACHE_MODULE_ERROR_CODE return 1; fi TESTNAME='YASAT_TEST_APACHE_CORE_MODULES NSAG=3.16.2.2 Check builtin modules of apache' TMP_RESULT="${TEMPYASATDIR}/apache_core.out" $APACHE_BIN -l 2>> $ERROR_OUTPUT_FILE > $TMP_RESULT if [ -z "`grep -vE '^Compiled|[[:space:]]core.c|worker.c|http_core.c|mod_so.c' $TMP_RESULT`" ] ; then Display --indent 2 --text "builtin modules" --result OK --color GREEN Compliance --result OK --plugin apache --nsag 3.16.2.2 else Display --indent 2 --text "builtin modules" --result BAD --color ORANGE Compliance --result NOK --plugin apache --nsag 3.16.2.2 fi else Display --indent 2 --text 'Dynamic check' --result SKIP --color BLUE fi if [ -e "${PLUGINS_REP}/apache_modules.data" ] ; then for MODULE in `$APACHE_BIN -M 2>&1 |grep _module | cut -d\ -f2` do if [ ! -z "`grep -v '^#' ${PLUGINS_REP}/apache_modules.data | grep ^$MODULE`" ] ; then Display --indent 2 --text "Module $MODULE necessary ?" --result WARNING --color ORANGE --advice APACHE_MODULE_DISABLE_UNNECESSARY_MODULES fi done else Display --indent 2 --text "No ${PLUGINS_REP}/apache_modules.data" --result WARNING --color RED --advice GLOBAL_INTERNAL_ERROR fi #check default MPM #MaxClients|200|NM #StartServers|100|NM #MinSpareServers|50|NM #MaxSpareServers|250|NM APACHEMPM=`$APACHE_BIN -M 2>&1 |grep _module |grep mpm_ | cut -d\ -f2 | cut -d\_ -f2` Display --indent 2 --text "MPM " --result "${APACHEMPM}" --color BLUE #for basefile in `find $APACHE_CONF_REP ! -type d | grep .conf` #do MPMFOUND=0 egrep -v "^[[:space:]]*#" $APACHE_CONF_LOCATION_TO_TEST | while read line do if [ ! -z "`echo $line | grep -i "'`" ] ;then MPMFOUND=0 fi if [ $MPMFOUND -eq 1 ] ;then if [ ! -z "`echo $line | grep -i '^[[:space:]]*MaxClients'`" ] ;then VALUE=`echo $line | sed 's/^[[:space:]]*//g' | cut -d\ -f2` Display --indent 4 --text "MaxClients " --result "$VALUE" --color BLUE fi if [ ! -z "`echo $line | grep -i '^[[:space:]]*StartServers'`" ] ;then VALUE=`echo $line | sed 's/^[[:space:]]*//g' | cut -d\ -f2` Display --indent 4 --text "StartServers " --result "$VALUE" --color BLUE fi if [ ! -z "`echo $line | grep -i '^[[:space:]]*MinSpareServers'`" ] ;then VALUE=`echo $line | sed 's/^[[:space:]]*//g' | cut -d\ -f2` Display --indent 4 --text "MinSpareServers " --result "$VALUE" --color BLUE fi if [ ! -z "`echo $line | grep -i '^[[:space:]]*MaxSpareServers'`" ] ;then VALUE=`echo $line | sed 's/^[[:space:]]*//g' | cut -d\ -f2` Display --indent 4 --text "MaxSpareServers " --result "$VALUE" --color BLUE fi fi done #done return 0; yasat/plugins/cups.test0000640000175000017500000001327012457227301015767 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ POSSIBLE_CUPS_CONF="/etc/cups/cupsd.conf /usr/local/etc/cups/cupsd.conf" CUPS_CONF="/etc/cups/cupsd.conf" for LOCATION in ${POSSIBLE_CUPS_CONF} do if [ -e "${LOCATION}" ] then CUPS_CONF="${LOCATION}" fi done CUPS_CONF="`dirname $CUPS_CONF`/cupsd.conf" Title "Check CUPS" if [ ! -e "$CUPS_CONF" ] ;then return 1; fi TESTNAME='YASAT_TEST_CUPS_SERVICE Disable the CUPS Service if Possible' Compliance --result 'NOTTESTED' --plugin cups --nsag 3.8.1 --cce 4112-9 --cce 3755-6 TESTNAME='YASAT_TEST_CUPS_FIREWALL Disable Firewall Access to Printing Service if Possible' Compliance --result 'NOTTESTED' --plugin cups --nsag 3.8.2 --cce 3649-1 Display --indent 2 --text "$CUPS_CONF" --result FOUND --color GREEN get_simple_right "$CUPS_CONF" if [ "$RESULTAT" = '640' ] ;then Display --indent 4 --text "Right of $CUPS_CONF" --result OK --color GREEN else Display --indent 4 --text "Right of $CUPS_CONF" --result "$RESULTAT" --color RED --advice GLOBAL_FILE_CHMOD640 fi TESTNAME='YASAT_TEST_CUPS_LISTEN_LOCALHOST Listen only on localhost if possible' #Listen grep -i ^Listen "${CUPS_CONF}" | grep -v 'cups.sock' | sed 's/^Listen[[:space:]]*//g' | while read listen do LISTENHOST="`echo $listen | cut -d\: -f1`" if [ "${LISTENHOST}" = '127.0.0.1' -o "${LISTENHOST}" = 'localhost' -o "${LISTENHOST}" = '::1' ] ;then Display --indent 4 --text "Listen on $listen" --result OK --color GREEN else Display --indent 4 --text "Listen on $listen" --result WARNING --color ORANGE --advice CUPS_LISTEN fi done TESTNAME='YASAT_TEST_CUPS_BROWSING NSAG=3.8.3.1.1 CCEID=4420-6' FindValueOf $CUPS_CONF Browsing JUSTTEST if [ ! -z "$RESULTAT" ] ;then if [ "$RESULTAT" = "On" -o "$RESULTAT" = "on" ] ;then Display --indent 4 --text "Browsing" --result on --color ORANGE Compliance --result NOK --plugin cups --nsag 3.8.3.1.1 --cce 4420-6 else Display --indent 4 --text "Browsing" --result off --color GREEN Compliance --result OK --plugin cups --nsag 3.8.3.1.1 --cce 4420-6 fi else #TODO check the default value Display --indent 4 --text "Browsing" --result NOTFOUND --color BLUE Compliance --result NOK --plugin cups --nsag 3.8.3.1.1 --cce 4420-6 fi TESTNAME='YASAT_TEST_CUPS_BROWSINGALLOW NSAG=3.8.3.1.1 CCEID=4407-3' FindValueOf $CUPS_CONF BrowseAllow JUSTTEST if [ ! -z "$RESULTAT" ] ;then if [ "$RESULTAT" = "All" -o "$RESULTAT" = "all" ] ;then Display --indent 4 --text "BrowseAllow" --result on --color ORANGE Compliance --result NOK --plugin cups --nsag 3.8.3.1.1 --cce 4420-6 else Display --indent 4 --text "BrowseAllow" --result none --color GREEN Compliance --result OK --plugin cups --nsag 3.8.3.1.1 --cce 4420-6 fi else #TODO check the default value Display --indent 4 --text "BrowseAllow" --result NOTFOUND --color BLUE Compliance --result NOK --plugin cups --nsag 3.8.3.1.1 --cce 4420-6 fi TESTNAME='YASAT_TEST_CUPS_TODO Limit Printer Browsing to a Particular Subnet if Necessary' Compliance --result 'NOTIMPL' --plugin cups --nsag 3.8.3.1.2 TESTNAME='YASAT_TEST_CUPS_TODO Disable Print Server Capabilities if Possible' Compliance --result 'NOTIMPL' --plugin cups --nsag 3.8.3.2 TESTNAME='YASAT_TEST_CUPS_TODO Limit Access to the Web Administration Interface' Compliance --result 'NOTIMPL' --plugin cups --nsag 3.8.3.3 #BrowseOrder allow,deny #BrowseAllow all #AuthType #try to find under which user cups is running #CUPSUSER='' #CUPSUSER="`ps aux | grep cupsd |grep -v grep | cut -d\ -f1`" #if [ -z "$CUPSUSER" ] #then # CUPSUSER='root' #fi #for cupsdata in /usr/libexec/cups/ /usr/lib/cups/ #do # if [ -e "${cupsdata}" ] # then # Display --indent 2 --text "Cups DATA $cupsdata" --result FOUND --color GREEN # TMP_RESULT="${TEMPYASATDIR}/cups.cdo" # check_directory_owner "$cupsdata" "$CUPSUSER" $TMP_RESULT 4 # TMP_RESULT="${TEMPYASATDIR}/cups.cdg" # check_directory_group "$cupsdata" "$CUPSUSER" $TMP_RESULT 4 # fi #done #TODO cceid 3755-6 Check_auto_start cups cups no 3.8.1 4112-9 if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] ;then Display --indent 2 --text "Cups is started at boot" --result UNKNOWN --color BLUE else if [ "$RESULTAT" = "yes" ] ;then Display --indent 2 --text "Cups is started at boot" --result YES --color BLUE else Display --indent 2 --text "Cups is started at boot" --result NO --color GREEN fi fi Is_installed_via_package_manager cups if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] ;then Display --indent 2 --text "Cups installation" --result UNKNOWN --color BLUE else if [ "$RESULTAT" = "yes" ] ;then Display --indent 2 --text "Cups is installed by package" --result GOOD --color GREEN else Display --indent 2 --text "Cups is installed at hand" --result BAD --color ORANGE --advice GLOBAL_PACKAGE_INSTALLED_AT_HAND fi fi return 0; yasat/plugins/nfs.test0000640000175000017500000001003112457227301015573 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ POSSIBLE_NFS_CONFIG_LOCATION='/etc/exports' NFS_CONFIG='/etc/exports' NFS_TAB='/etc/fstab' for LOCATION in ${POSSIBLE_NFS_CONFIG_LOCATION} do if [ -d "${LOCATION}/" ] then NFS_CONFIG="${LOCATION}" fi done Title "Check NFS (exports)" if [ ! -e "${PLUGINS_REP}/nfs.data" ] ; then Display --indent 2 --text "nfs.data" --result NOTFOUND --color RED exit 1 fi if [ ! -e "$NFS_CONFIG" ] then Display --indent 2 --text "No $NFS_CONFIG" --result NOTFOUND --color BLUE return 1; fi Display --indent 2 --text "$NFS_CONFIG" --result FOUND --color BLUE grep -v ^# "$NFS_CONFIG" |grep -v '^[[:space:]]*$' | while read line do EXPORTED_DIR="`echo $line | cut -d\ -f1`" OPTIONS="`echo $line | cut -d\( -f2 | cut -d\) -f1 | sed 's/,/ /g'`" Display --indent 4 --text "$EXPORTED_DIR" --result FOUND --color BLUE for option in $OPTIONS do option_test="`grep ^${option} ${PLUGINS_REP}/nfs.data`" if [ -z "$option_test" ] ; then Display --indent 6 --text "$option" --result FOUND --color BLUE else advice="`echo $option_test | cut -d\, -f2`" if [ -z "$advice" ] ; then Display --indent 6 --text "$option" --result FOUND --color GREEN else Display --indent 6 --text "$option" --result FOUND --color ORANGE --advice "$advice" fi fi done done ##http://mirror.linux.org.au/pub/linux.conf.au/2008/slides/130-lca2008-nfs-tuning-secrets-d7.odp #http://www.troubleshooters.com/linux/nfs.htm #http://nfs.sourceforge.net/nfs-howto/ar01s05.html #TODO prefer async than sync #TODO hard not soft #TODO check /etc/conf.d/nfs or /etc/sysconfig/nfs for #static statd port (STATD_PORT=662 for redhat) #static lockd port LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 #static mountd port MOUNTD_PORT=892 #TODO check if exported directory is a separate partition for more fun (noatime, nodiratime) #noatime or relatime #nosubtreecheck subtreecheck #rsize=8192,wsize=8192 ? #TODO nosuid noexec nodev on nfs mount #TODO /proc/net/rpc/nfsd in http://nfs.sourceforge.net/nfs-howto/ar01s05.html 5.6 Title "Check NFS (client side)" if [ -e "$NFS_TAB" ] ; then grep '[[:space:]]nfs[4]*[[:space:]]' "$NFS_TAB" | while read line do IMPORTED_DIR="`echo $line | cut -d\ -f1 | cut -d\: -f2`" OPTIONS="`echo $line | sed 's/[[:space:]][[:space:]]*/ /g' | cut -d\ -f4 | sed 's/,/ /g'`" FOUND_INTR='no' Display --indent 2 --text "NFS $IMPORTED_DIR" --result FOUND --color BLUE for option in $OPTIONS do option_test="`grep ^${option} ${PLUGINS_REP}/nfs.data`" if [ -z "$option_test" ] ; then Display --indent 4 --text "$option" --result FOUND --color BLUE else advice="`echo $option_test | cut -d\, -f2`" if [ -z "$advice" ] ; then Display --indent 4 --text "$option" --result FOUND --color GREEN else Display --indent 4 --text "$option" --result FOUND --color ORANGE --advice "$advice" fi fi if [ "$option" = "intr" ] ; then FOUND_INTR='yes' fi done if [ "$FOUND_INTR" = "no" ] ; then Display --indent 4 --text "intr option" --result NOTFOUND --color RED --advice NFS_EXPORT_NO_INTR fi done fi yasat/plugins/packages.advice0000640000175000017500000000120312457227301017040 0ustar montjoiemontjoieEN,PACKAGES_USELESS=On a server, if this packages is not used, remove it On a server this packages may not be needed, double check that it is of use. Consider removing the package if it is not needed. ADVICEEND EN,PACKAGES_NO_PORTAUDIT=Install portaudit Install portaudit to check your installed ports for known security issues. ADVICEEND EN,PACKAGES_PORTAUDIT_TOOOLD=Refresh portaudit database Type "portaudit -F" to refresh portaudit database ADVICEEND EN,PACKAGE_REDHAT_RHNSD_DISABLED=Enable rhnsd Rhnsd is the RedHat network daemon. If you have a RedHat, you might also have an account on the RedHat Network, use it. ADVICEEND yasat/plugins/packages.test0000640000175000017500000003156612457227301016603 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Packages" if [ "${LIST_PKG}x" = "x" ] then echo "Unknown packaging , i'll try autodetect" #for the moment no autodetect :) return 0; fi TESTNAME='NSAG=3.2.2.1 Remove Telnet Clients' Compliance --result NOTIMPL --plugin packages --nsag 3.2.2.1 TESTNAME='NSAG=3.2.3.1 CCEID=3974-3,4141-8,3537-8,4308-3 Remove rlogin rsh rcp' Compliance --result NOTIMPL --plugin packages --nsag 3.2.2.1 --cce 3974-3 --cce 4141-8 --cce 3537-8 --cce 4308-3 TESTNAME='Remove the Rsh Client Commands from the System' Compliance --result NOTIMPL --plugin packages --nsag 3.2.3.3 TESTNAME='YASAT_TEST_PROCESS_TFTPD NSAG=3.2.5 CCEID=4273-9,3916-4 Check if tftp-server is installed' Is_installed_via_package_manager tftp-server if [ "$RESULTAT" = 'yes' ] ;then Display --indent 2 --text "tftp-server package" --result PRESENT --color RED Compliance --result NOK --plugin process --nsag 3.2.2 --cce 3705-1 --cce 4348-9 else Display --indent 2 --text "tftp-server package" --result ABSENT --color GREEN Compliance --result OK --plugin process --nsag 3.2.2 --cce 3705-1 --cce 4348-9 fi TESTNAME='YASAT_TEST_PROCESS_TALKD NSAG=3.2.6.1 Check if talk-server is installed' Is_installed_via_package_manager talk-server if [ "$RESULTAT" = 'yes' ] ;then Display --indent 2 --text "talk-server package" --result PRESENT --color RED Compliance --result NOK --plugin process --nsag 3.2.6.1 else Display --indent 2 --text "talk-server package" --result ABSENT --color GREEN Compliance --result OK --plugin process --nsag 3.2.6.1 fi TESTNAME='YASAT_TEST_PACKAGES_TALK NSAG=3.2.6.2 Check if the talk package is installed' Is_installed_via_package_manager talk if [ "$RESULTAT" = 'yes' ] ;then Display --indent 2 --text "talk package" --result PRESENT --color RED Compliance --result NOK --plugin process --nsag 3.2.6.2 else Display --indent 2 --text "talk package" --result ABSENT --color GREEN Compliance --result OK --plugin process --nsag 3.2.6.2 fi TESTNAME='Disable the Automounter if Possible' Compliance --result 'NOTIMPL' --plugin 'process' --nsag '2.2.2.3' --cce '4072-5' TESTNAME='YASAT_TEST_PROCESS_INETD NSAG=3.2.1 CCEID=4234-1,4023-8 Check if inetd is installed and activated' Is_installed_via_package_manager inetd if [ "$RESULTAT" = 'yes' ] ;then Check_auto_start inetd Display --indent 2 --text "inetd package" --result PRESENT --color RED Compliance --result NOK --plugin process --nsag 3.2.1 --cce 4234-1 --cce 4023-8 else Display --indent 2 --text "inetd package" --result ABSENT --color GREEN Compliance --result OK --plugin process --nsag 3.2.1 --cce 4234-1 --cce 4023-8 fi TESTNAME='YASAT_TEST_PROCESS_XINETD NSAG=3.2.1 CCEID=4252-3,4164-0 Check if xinetd is installed and activated' Is_installed_via_package_manager xinetd packages no 3.2.1 4164-0 Check_auto_start xinetd packages no 3.2.1 4252-3 #Gentoo package net-misc/telnetd TESTNAME='YASAT_TEST_PROCESS_TELNETD NSAG=3.2.2 CCEID=3390-2,4330-7 Check if telnetd is installed and activated' Is_installed_via_package_manager telnet-server packages no 3.2.2 4330-7 Check_auto_start telnetd packages no 3.2.2 3390-2 TESTNAME='YASAT_TEST_PROCESS_YPSERV NSAG=3.2.4 CCEID=3705-1,4348-9 Check if ypserv is installed and activated' Is_installed_via_package_manager ypserv packages no 3.2.4 4348-9 Check_auto_start ypbind packages no 3.2.4 3705-1 TESTNAME='YASAT_TEST_SERVICE_FIRSTBOOT NSAG=3.3.1 CCEID=3412-4 Check if the firstboot service is disabled' Check_auto_start firstboot packages no 3.3.1 3412-4 TESTNAME='YASAT_TEST_SERVICE_GPM NSAG=3.3.2 CCEID=4229-1 Check if the gpm service is disabled' Check_auto_start gpm packages no 3.3.2 4229-1 TESTNAME='YASAT_TEST_SERVICE_IRQBALANCE NSAG=3.3.3 CCEID=4123-6 Check if the irqbalance service is disabled' if [ -e /proc/cpuinfo ];then NBPROCESSOR="`grep processor /proc/cpuinfo | wc -l`" else NBPROCESSOR=1 fi if [ $NBPROCESSOR -ge 2 ] ;then Check_auto_start irqbalance packages yes 3.3.3 4123-6 else Check_auto_start irqbalance packages no 3.3.3 4123-6 fi TESTNAME='YASAT_TEST_SERVICE_ISDN NSAG=3.3.4 CCEID=14825-4 Check if the ISDN service is disabled' Check_auto_start isdn packages no 3.3.4 14825-4 TESTNAME='YASAT_TEST_PACKAGES_ISDN4K-UTILS NSAG=3.3.4.1 Check if the isdn4k-utils packages is installed' Is_installed_via_package_manager isdn4k-utils packages no 3.3.4.1 TESTNAME='YASAT_TEST_SERVICE_KDUMP NSAG=3.3.5 CCEID=3425-6 Check if the kdump service is disabled' Check_auto_start kdump packages no 3.3.5 3425-6 TESTNAME='YASAT_TEST_SERVICE_KUDZU NSAG=3.3.6 CCEID=4211-9 Check if the kudzu service is disabled' Check_auto_start kudzu packages no 3.3.6 4211-9 TESTNAME='YASAT_TEST_SERVICE_MDMONITOR NSAG=3.3.7 CCEID=3854-7' if [ -e /proc/mdstat ] ;then if [ "`cat /proc/mdstat | wc -l`" -ge 3 ] ;then Check_auto_start mdmonitor packages any 3.3.7 3854-7 else Check_auto_start mdmonitor packages no 3.3.7 3854-7 fi else Check_auto_start mdmonitor packages no 3.3.7 3854-7 fi TESTNAME='Check if the microcode service is enabled' Compliance --result 'NOTIMPL' --plugin packages --nsag 3.3.8 --cce 4356-2 TESTNAME='Check if the network service is enabled' Compliance --result 'NOTIMPL' --plugin packages --nsag 3.3.9.1 TESTNAME='Check if the Zeroconf Networking is disabled' Compliance --result 'NOTIMPL' --plugin packages --nsag 3.3.9.3 --cce 14054-1 TESTNAME='YASAT_TEST_SERVICE_KUDZU NSAG=3.3.10 CCEID=4100-4 Check if the pcscd service is disabled' Check_auto_start pcscd packages no 3.3.10 4100-4 TESTNAME='Check if the smartd service is disabled' Compliance --result 'NOTIMPL' --plugin packages --nsag 3.3.11 --cce 3455-3 TESTNAME='YASAT_TEST_SERVICE_READAHEAD_EARLY NSAG=3.3.12 CCEID=4421-4 Check if the readahead early service is disabled' Check_auto_start readahead_early packages no 3.3.12 4421-4 TESTNAME='YASAT_TEST_SERVICE_READAHEAD_LATER NSAG=3.3.12 CCEID=4302-6 Check if the readahead later service is disabled' Check_auto_start readahead_later packages no 3.3.12 4302-6 TESTNAME='YASAT_TEST_SERVICE_DBUS NSAG=3.3.13.1 CCEID=3822-4 Check if the dbus service is disabled' if [ "$SCAN_PROFILE" = 'server' ];then SVCNAME='dbus' if [ "$LINUX_VERSION" = 'Red Hat' -o "$LINUX_VERSION" = 'CentOS' ];then SVCNAME='messagebus' fi Check_auto_start $SVCNAME packages no 3.3.13.1 3822-4 else Compliance --result 'NOTAPPLICABLE' --plugin packages --nsag 3.3.13.1 --cce 3822-4 fi TESTNAME='YASAT_TEST_SERVICE_HALDAEMON NSAG=3.3.13.2.1 CCEID=4364-6 Check if the haldaemon service is disabled' Check_auto_start haldaemon packages no 3.3.13.2.1 4364-6 TESTNAME='Configure haldaemon NSAG=3.3.13.2.2' Compliance --result 'NOTIMPL' --plugin packages --nsag 3.3.13.2.2 TESTNAME='YASAT_TEST_SERVICE_BLUETOOTH NSAG=3.3.14.1 CCEID=4355-4 Check if the bluetooth service is disabled' Check_auto_start bluetooth packages no 3.3.14.1 4355-4 TESTNAME='YASAT_TEST_SERVICE_HIDD NSAG=3.3.14.2 CCEID=4377-8 Check if the hidd service is disabled' Check_auto_start hidd packages no 3.3.14.2 4377-8 TESTNAME='YASAT_TEST_SERVICE_APMD NSAG=3.3.15.1 CCEID=4289-5 Check if the apmd service is disabled' Check_auto_start apmd packages no 3.3.15.1 4289-5 TESTNAME='YASAT_TEST_SERVICE_ACPID NSAG=3.3.15.2 CCEID=4298-6 Check if the acpid service is enabled' Check_auto_start acpid packages yes 3.3.15.2 4298-6 if [ -e "$SCAN_ROOT/etc/init.d/cpuspeed" ];then TESTNAME='YASAT_TEST_SERVICE_CPUSPEED NSAG=3.3.15.3 CCEID=4051-9 Check if the cpuspeed service is enabled' Check_auto_start cpuspeed packages yes 3.3.15.3 4051-9 fi TESTNAME='YASAT_TEST_SERVICE_IRDA NSAG=3.3.16.1 Check if the irda service is disabled' Check_auto_start irda packages no 3.3.16.1 TESTNAME='YASAT_TEST_PACKAGES_IRDA-UTILS NSAG=3.3.16.2 Check if the irda-utils packages is installed' Is_installed_via_package_manager irda-utils packages no 3.3.16.2 TESTNAME='YASAT_TEST_SERVICE_RAWDEVICES NSAG=3.3.17.1 Check if the rawdevices service is disabled' Check_auto_start rawdevices packages no 3.3.17.1 TESTNAME='YASAT_TEST_SERVICE_ANACRON NSAG=3.4.1 CCEID=4406-5 Check if the anacron service is disabled' Check_auto_start anacron packages no 3.4.1 4406-5 TESTNAME='YASAT_TEST_PACKAGE_ANACRON NSAG=3.4.1 Check if the anacron package is absent' Is_installed_via_package_manager anacron packages no 3.4.1 4428-9 TESTNAME='YASAT_TEST_SERVICE_ATD NSAG=3.4.3 CCEID=14466-7 Check if the atd service is disabled' Check_auto_start atd packages no 3.4.3 14466-7 TESTNAME='YASAT_TEST_SERVICE_XFS NSAG=3.6.1.3.1 CCEID=4448-7 Check if the xfs service is disabled' Check_auto_start xfs packages no 3.6.1.3.1 4448-7 TESTNAME='YASAT_TEST_SERVICE_HPLIP NSAG=3.8.4.1 CCEID=4425-5 Check if the hplip service is disabled' Check_auto_start hplip packages no 3.8.4.1 4425-5 #debian apt-get if [ "$LIST_PKG" = "apt-get" ] then echo "Check packages with apt-get" #TODO check if we are stable/release specified in source.list #TODO check if we use official debian/ubuntu or other external mirror (usefull)??? (check gpg signature) NB_MAJ_SECU=`apt-get -s upgrade | grep '^Inst' |grep -i security | wc -l` if [ $NB_MAJ_SECU -ge 1 ] then Display --indent 2 --text "Some security upgrade ar not done" --result WARNING --color RED else Display --indent 2 --text "No security upgrade" --result OK --color GREEN fi #Check for useless packages if [ -e "${PLUGINS_REP}/packages.data" ] then echo "Check useless packages" LISTE_PKG_INSTALLED="`dpkg -l | grep '^ii' | sed 's/^ii[[:space:]]*//g' | cut -d\ -f1`" grep '^DEBIAN' $PLUGINS_REP/packages.data | while read line do if [ ! -z "`echo $LISTE_PKG_INSTALLED | grep ^${line}`" ] then Display --indent 2 --text "Possible useless packages ${line}" --result WARNING --color ORANGE --advice PACKAGES_USELESS fi done fi return 0; fi #BSD pkg_info + portaudit #only freebsd have portaudit if [ "$OS_TYPE" = 'BSD' ] ;then Check_tool_presence portaudit PORTAUDIT="$RESULTAT" if [ $? -ne 0 ] ;then Display --indent 2 --text "portaudit not found" --result NOTFOUND --color RED --advice PACKAGES_NO_PORTAUDIT return 1 fi if [ -x $PORTAUDIT ];then Display --indent 2 --text "Check PKG with portaudit" --result FOUND --color GREEN portaudit if [ $? -eq 2 ];then Display --indent 2 --text "Portaudit" --result TOOOLD --color ORANGE --advice PACKAGES_PORTAUDIT_TOOOLD fi else Display --indent 2 --text "portaudit not found" --result NOTFOUND --color RED --advice PACKAGES_NO_PORTAUDIT return 1 fi fi if [ "$OS" = 'OpenBSD' ] ;then pkg_add -unx fi #Gentoo glsa-check + emerge if [ "$LIST_PKG" = "emerge" ] ;then #glsa-check app-portage/gentoolkit Check_tool_presence glsa-check if [ $? -eq 0 ];then Display --indent 2 --text 'glsa-check' --result FOUND --color GREEN Display --indent 2 --text "Check PKG with glsa" --result INFO --color BLUE glsa-check -v -t all if [ $? -eq 0 ];then Display --indent 2 --text "No security upgrade" --result GOOD --color GREEN else Display --indent 2 --text "Some security upgrade are not done" --result WARNING --color RED fi return 0; else Display --indent 2 --text 'glsa-check' --result NOTFOUND --color yellow fi fi #Red Hat if [ "$LINUX_VERSION" = 'Red Hat' ] ;then TESTNAME='YASAT_TEST_SERVICE_RHNSD NSAG=2.1.22 CCEID=3416-5 Check if the rhnsd service is disabled' Check_auto_start rhnsd packages no 2.1.22 3416-5 # chkconfig rhnsd # if [ $? = 0 ];then # Display --indent 2 --text "rhnsd" --result ENABLED --color GREEN # else # Display --indent 2 --text "rhnsd" --result DISABLED --color RED --advice PACKAGE_REDHAT_RHNSD_DISABLED # fi #TODO check yum-updatesd.conf fi #RedHat rpm -qa if [ "$LIST_PKG" = "rpm" ] then echo "Check PKG with rpm" LISTE_PKG_INSTALLED="`rpm -qa`" #TODO check packages with rpm grep '^REDHAT' $PLUGINS_REP/packages.data | cut -d\, -f2 | while read line do if [ ! -z "`echo $LISTE_PKG_INSTALLED | grep -i [[:space:]]${line}`" ] then Display --indent 2 --text "Possible useless packages ${line}" --result WARNING --color ORANGE --advice PACKAGES_USELESS fi done return 0; fi #solaris pkgadm? return 0; yasat/plugins/cups.advice0000640000175000017500000000025012457227301016235 0ustar montjoiemontjoieEN,CUPS_LISTEN=If possible, restrict CUPS to listen only on localhost If you don't share printers, restrict the possibility to other users to access cupsd. ADVICEEND yasat/plugins/logging.test0000750000175000017500000001146012457227301016444 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check logging" #TODO check sysstat http://pagesperso-orange.fr/sebastien.godard/ FOUND_SYSTEM_LOGGER=0 ACTUAL_SYSTEM_LOGGER='' #found in portage POSSIBLE_SYSLOG_BINARIES="syslog-ng syslogd newsyslog rsyslogd metalog" for LOGGER_TO_TEST in $POSSIBLE_SYSLOG_BINARIES do RESULTAT="`ps aux |grep -i [^[:alpha:]]$LOGGER_TO_TEST |grep -v grep |grep -v supervising`" if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "$LOGGER_TO_TEST" --result FOUND --color GREEN if [ $FOUND_SYSTEM_LOGGER -eq 1 ] then Display --indent 4 --text "Two system loggers" --result FOUND --color ORANGE --advice SYSTEM_LOG_TWO_LOGGERS fi FOUND_SYSTEM_LOGGER=1 ACTUAL_SYSTEM_LOGGER="$LOGGER_TO_TEST" fi done if [ $FOUND_SYSTEM_LOGGER -eq 0 ] then Display --indent 2 --text "System logger" --result NOTFOUND --color RED --advice SYSTEM_LOG_NO_LOGGERS else Display --indent 2 --text "System logger is $ACTUAL_SYSTEM_LOGGER" --result FOUND --color GREEN fi #syslog-ng /etc/syslog-ng/syslog-ng.conf destination name { tcp( "somehost" port(514)) ; } ; #syslog-ng /etc/syslog-ng/syslog-ng.conf destination name { udp( "somehost" port(514)) ; } ; if [ "$ACTUAL_SYSTEM_LOGGER" = 'syslog-ng' ] ; then SYSLOGNG_CONF="/etc/syslog-ng/syslog-ng.conf" if [ -e $SYSLOGNG_CONF ] ; then #TODO found real place for conf TMP_RESULT="${TEMPYASATDIR}/loghost.tmp" LOGHOST_FOUND=0 grep '^[[:space:]]*destination.*[tu][cd]p(' $SYSLOGNG_CONF | sed 's/[[:space:]][[:space:]]*/ /g'> $TMP_RESULT while read line do LOGHOST_FOUND=1 # echo $line # RULENAME="`echo $line | cut -d\ -f2`" # REMOTEHOST="`echo $line | cut -d\ -f4`" done < $TMP_RESULT if [ $LOGHOST_FOUND -eq 0 ] ; then Display --indent 2 --text "Logging to a remote host" --result NOTFOUND --color RED --advice SYSLOGNG_NOLOGHOST else Display --indent 2 --text "Logging to a remote host" --result FOUND --color GREEN fi rm $TMP_RESULT else Display --indent 2 --text "Config file" --result NOTFOUND --color RED fi fi #syslog /etc/syslog.conf *.* @somehost if [ "$ACTUAL_SYSTEM_LOGGER" = 'syslogd' ] ; then SYSLOG_CONF="/etc/syslog.conf" if [ -e $SYSLOG_CONF ] ; then #TODO found real place for conf TMP_RESULT="${TEMPYASATDIR}/loghost.tmp" LOGHOST_FOUND=0 #TODO regex could be better grep '^[[:space:]]*\.*@[a-zA-Z0-9]' $SYSLOG_CONF | sed 's/[[:space:]][[:space:]]*/ /g'> $TMP_RESULT while read line do LOGHOST_FOUND=1 # echo $line # RULENAME="`echo $line | cut -d\ -f2`" # REMOTEHOST="`echo $line | cut -d\ -f4`" done < $TMP_RESULT if [ $LOGHOST_FOUND -eq 0 ] ; then Display --indent 2 --text "Logging to a remote host" --result NOTFOUND --color RED --advice SYSLOG_NOLOGHOST else Display --indent 2 --text "Logging to a remote host" --result FOUND --color GREEN fi rm $TMP_RESULT else Display --indent 2 --text "Config file" --result NOTFOUND --color RED fi fi #rsyslog /etc/rsyslog.conf *.* @@somehost:514 if [ "$ACTUAL_SYSTEM_LOGGER" = 'rsyslogd' ] ; then RSYSLOG_CONF="/etc/rsyslog.conf" if [ -e $RSYSLOG_CONF ] ; then #TODO found real place for conf TMP_RESULT="${TEMPYASATDIR}/loghost.tmp" LOGHOST_FOUND=0 #TODO regex could be better grep '^[[:space:]]*\.*@[a-zA-Z0-9]' $RSYSLOG_CONF | sed 's/[[:space:]][[:space:]]*/ /g'> $TMP_RESULT while read line do LOGHOST_FOUND=1 # echo $line # RULENAME="`echo $line | cut -d\ -f2`" # REMOTEHOST="`echo $line | cut -d\ -f4`" done < $TMP_RESULT if [ $LOGHOST_FOUND -eq 0 ] ; then Display --indent 2 --text "Logging to a remote host" --result NOTFOUND --color RED --advice RSYSLOG_NOLOGHOST else Display --indent 2 --text "Logging to a remote host" --result FOUND --color GREEN fi rm $TMP_RESULT else Display --indent 2 --text "Config file" --result NOTFOUND --color RED fi fi #TODO remote logging for other syslog daemon return 0; yasat/plugins/apache_vhosts.test0000640000175000017500000005763712464123420017656 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check apache Vhosts" #TODO 404 personalized pages /usr/share/apache2/error/HTTP_NOT_FOUND.html.var #TODO check passwd files within vhosts docroot security notes at http://httpd.apache.org/docs/2.0/mod/mod_auth.html#authuserfile #TODO Dav on/svn #TODO SVNPath #TODO MOD JK jkmount #TODO checks docroot for Thumbs.db, 'copy of filename', etc... files that dont have to be present #.CVS #TODO replace/add *:80 by servername when printing infos #TODO mod_gzip mod_deflate http://httpd.apache.org/docs/2.0/mod/mod_deflate.html # SetOutputFilter DEFLATE or AddOutputFilterByType DEFLATE text/html text/plain text/xml SetInputFilter #TODO find for php.old #php_admin_value php_value php_admin_flag #open_basedir http://www.php.net/manual/en/ini.core.php#ini.open-basedir #TODO mod_expire #TODO check mod itk #TODO for known location phpmyadmin check config/install rights Find_apache_conf_location if [ ! -d $APACHE_CONF_REP ] ;then Display --indent 2 --text "No apache found" --result NOTFOUND --color BLUE return 1; fi prepare_apache_conf $APACHE_CONF_REP APACHE_CONF_LOCATION_TO_TEST="${TEMPYASATDIR}/apache.conf" if [ ! -e "$APACHE_CONF_LOCATION_TO_TEST" ] then echo "Error no $APACHE_CONF_LOCATION_TO_TEST" return 1; fi #starting here, we have a full apache configuration file FindValueOf $APACHE_CONF_LOCATION_TO_TEST "User" Check_apache_user $APACHE_CONF_REP $RESULTAT APACHE_USER="$RESULTAT" FindValueOf $APACHE_CONF_LOCATION_TO_TEST "Group" Check_apache_group $APACHE_CONF_REP $RESULTAT APACHE_GROUP="$RESULTAT" #sanity check, if it is empty then it is www-data #it happen when check_apache_user found multiple declaration of user #TODO correct the found of multiple declaration if [ -z "$APACHE_USER" ];then Display --indent 2 --text "Strange I dont found apache user, fall back to www-data" --result INFO --color BLUE APACHE_USER='www-data' fi if [ -z "$APACHE_GROUP" ];then Display --indent 2 --text "Strange I dont found apache group, fall back to www-data" --result INFO --color BLUE APACHE_GROUP='www-data' fi #check apache binary if [ -z "$POSSIBLE_APACHE_BIN" ] ; then POSSIBLE_APACHE_BIN="/usr/sbin/apache2 /usr/local/sbin/httpd /usr/local/sbin/apache2 /usr/sbin/httpd" fi APACHE_BIN="" for APABIN_LOCATION in ${POSSIBLE_APACHE_BIN} do if [ -x "$SCAN_ROOT/${APABIN_LOCATION}" ] ;then APACHE_BIN="`echo $SCAN_ROOT/${APABIN_LOCATION} | sed 's,//*,/,g'`" fi done if [ -z "${APACHE_BIN}" ] ; then Display --indent 2 --text "No apache binary found" --result NOTFOUND --color BLUE else if [ ! -x "$APACHE_BIN" ] ; then Display --indent 2 --text "$APACHE_BIN is not executable" --result ERROR --color RED else Display --indent 2 --text "$APACHE_BIN" --result FOUND --color GREEN check_file "$APACHE_BIN" 2 BINARY if [ "$LINUX_VERSION" = "Gentoo" ] ;then . /etc/conf.d/apache2 APACHE_BIN="$APACHE_BIN $APACHE2_OPTS" fi if [ "$LINUX_VERSION" = "Debian" ] ;then if [ -e "$SCAN_ROOT/etc/apache2/envvars" ];then . "$SCAN_ROOT/etc/apache2/envvars" else Display --indent 2 --text "Missing /etc/apache2/envvars" --result WARN --color ORANGE fi fi fi fi #end of check apache binary OUTPUT_RESULT="${TEMPYASATDIR}/apache.result" TMP_RESULT="${TEMPYASATDIR}/apache.tmpresult" echo '' > $OUTPUT_RESULT DIRECTORY='' LOCATION='' CONF_PROXY='' VIRTUALHOST='' ACCESSLOG='' ERRORLOG='' ORDER=0 DENY_IN_FIRST=0 DENY_FROM_ALL=0 REQUIRE_VALID_USER=0 OPTION_INDEX=0 OPTION_CGI=0 LIST_ALIAS='' VHOST_SERVER_NAME='' JKMOUNT_SRC='' DOCROOT='' SSLEngine=0 SSLProtocol=0 #0 not found, 1=good 2=bad while read line do KEYWORD="`echo $line | cut -d\ -f1`" # echo "Check $KEYWORD" # BASIC_CONF_MATCH=`grep ^${KEYWORD}\| ${PLUGINS_REP}/apache_conf.data` if [ ! -z "`echo $KEYWORD |grep -i 'LoadModule'`" ];then #check if this module is our list MODULE_NAME="`echo $line | sed 's,[[:space:]][[:space:]]*, ,g' | cut -d\ -f2`" # echo " check module $MODULE_NAME" if [ ! -z "`grep $MODULE_NAME ${PLUGINS_REP}/apache_modules.data`" ];then Display --indent 2 --text "Module $MODULE_NAME necessary ?" --result WARNING --color ORANGE --advice APACHE_MODULE_DISABLE_UNNECESSARY_MODULES fi #http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslsessioncache #TODO SSLSessionCache if is dbm, check right and owning ################################################################################ ######################################## SSLCertificateFile ################################################################################ elif [ ! -z "`echo $KEYWORD |grep -i 'SSLCertificateFile'`" ];then key="`echo $line | cut -d\ -f2-`" check_certificate $key 2 'apache' ################################################################################ ######################################## SSLCertificateKeyFile ################################################################################ elif [ ! -z "`echo $KEYWORD |grep -i 'SSLCertificateKeyFile'`" ];then key="`echo $line | cut -d\ -f2-`" check_private_key $key 2 'apache' ################################################################################ ######################################## SSLCipherSuite ################################################################################ #TODO SSLCipherSuite check for !LOW !NULL !SSLv2 !EXP http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite #http://httpd.apache.org/docs/2.3/en/ssl/ssl_howto.html #http://lwn.net/Articles/441551/ elif [ ! -z "`echo $KEYWORD |grep -i 'SSLCipherSuite'`" ];then RESULTAT="`echo $line | cut -d\ -f2-`" for ciphers in $RESULTAT do Display --indent 2 --text "SSLCipherSuite $ciphers" --result FOUND --color BLUE check_cipher_list 4 "$ciphers" done ################################################################################ ######################################## SSLProtocol ################################################################################ elif [ ! -z "`echo $KEYWORD |grep -i 'SSLProtocol'`" ];then SSL_PROTOCOL_LIST="`echo $line | cut -d\ -f2-`" check_ssl_protocol_openssl 2 "$SSL_PROTOCOL_LIST" SSLProtocol=$? ################################################################################ ######################################## SSLEngine ################################################################################ elif [ ! -z "`echo $KEYWORD |grep -i 'SSLEngine'`" ];then Display --indent 2 --text "SSLEngine enabled " --result FOUND --color GREEN #TODO check we are in virtualhost SSLEngine=1 echo 'SSL=1' >> $OUTPUT_RESULT # elif [ ! -z "$BASIC_CONF_MATCH" ];then # echo " We got something $BASIC_CONF_MATCH" elif [ ! -z "`echo $line | grep -i '^[[:space:]]*> $OUTPUT_RESULT elif [ ! -z "`echo $line | grep -i '^[[:space:]]*> $OUTPUT_RESULT if [ ! -z $AUTH_FILE ] ; then echo "AUTHFILE=$AUTH_FILE" >> $OUTPUT_RESULT fi identify_web_tech_in_dir "$DIRECTORY" recursive if [ "$WEBTECH" = 'PHP' ] ; then Display --indent 2 --text "PHP technology" --result FOUND --color BLUE fi DIRECTORY='' ORDER=0 DENY_IN_FIRST=0 DENY_FROM_ALL=0 REQUIRE_VALID_USER=0 AUTH_FILE='' OPTION_INDEX=0 OPTION_CGI=0 elif [ ! -z "`echo $line | grep -i '^[[:space:]]*> $OUTPUT_RESULT if [ ! -z "$AUTH_FILE" ] ; then echo "AUTHFILE=$AUTH_FILE" >> $OUTPUT_RESULT fi if [ -z "$DOCROOT" ] ; then Display --indent 4 --text "Strange no docroot yet" --result NOTFOUND --color ORANGE identify_web_tech_in_dir "${DEFAULT_APACHE_DOCROOT}/${LOCATION}" else identify_web_tech_in_dir "${DOCROOT}/${LOCATION}" fi if [ "$WEBTECH" = 'PHP' ] ; then Display --indent 2 --text "PHP technology" --result FOUND --color BLUE fi LOCATION='' ORDER=0 DENY_IN_FIRST=0 DENY_FROM_ALL=0 REQUIRE_VALID_USER=0 AUTH_FILE='' OPTION_INDEX=0 OPTION_CGI=0 elif [ ! -z "`echo $line | grep -i '^[[:space:]]*> $OUTPUT_RESULT fi if [ -z "$DOCROOT" ] ; then Display --indent 4 --text "No DocumentRoot in this vhost" --result NOTFOUND --color RED --advice APACHE_VHOSTS_NO_DOCROOT fi #TODO check if we have found SSLProtocol echo "ENDHOST=$VIRTUALHOST" >> $OUTPUT_RESULT VIRTUALHOST='' ACCESSLOG='' ERRORLOG='' LIST_ALIAS='' JKMOUNT_SRC='' DOCROOT='' SSLEngine=0 elif [ ! -z "`echo $line | grep -i '^[[:space:]]*ServerName'`" ];then ##### ServerName =========================================== VHOST_SERVER_NAME="`echo $line | sed 's/^[[:space:]]*[a-zA-Z0-9][a-zA-Z0-9]*[[:space:]]*//g' | cut -d\ -f1`" Display --indent 4 --text "$VIRTUALHOST has ServerName $VHOST_SERVER_NAME" --result FOUND --color GREEN echo "SERVERNAME=$VHOST_SERVER_NAME" >> $OUTPUT_RESULT elif [ ! -z "`echo $line | grep -i '^[[:space:]]*> $OUTPUT_RESULT CONF_PROXY='' ORDER=0 DENY_IN_FIRST=0 DENY_FROM_ALL=0 REQUIRE_VALID_USER=0 AUTH_FILE='' elif [ ! -z "`echo $line | grep -i '^[[:space:]]*configLog'`" ];then ##### Logs ======================= ACCESSLOG=`echo $line | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]]//g' | cut -d\ -f1` elif [ ! -z "`echo $line | grep -i '^[[:space:]]*CustomLog'`" ];then ACCESSLOG=`echo $line | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]]*//g' | cut -d\ -f1` elif [ ! -z "`echo $line | grep -i '^[[:space:]]*ErrorLog'`" ];then ERRORLOG=`echo $line | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]]*//g' | cut -d\ -f1` elif [ ! -z "`echo $line | grep -i '^[[:space:]]*order'`" ] ;then ##### /Order ====================================== # Allow,Deny = good:) # Deny,Allow = bad ORDER=1 if [ ! -z "`echo $line | grep -i '^[[:space:]]*order deny,allow'`" ] then DENY_IN_FIRST=1 fi elif [ ! -z "`echo $line | grep -i '^[[:space:]]*deny from all'`" ];then DENY_FROM_ALL=1 elif [ ! -z "`echo $line | grep -i '^[[:space:]]*require valid-user'`" ];then REQUIRE_VALID_USER=1 elif [ ! -z "`echo $line | grep -i '^[[:space:]]*require group'`" ];then REQUIRE_VALID_USER=1 elif [ ! -z "`echo $line | grep -i '^[[:space:]]*require user'`" ];then REQUIRE_VALID_USER=1 #TODO Dav on ##### docroot =========================================== elif [ ! -z "`echo $line | grep -i '^[[:space:]]*documentroot'`" ] ; then DOCROOT=`echo $line | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]]*//g' | sed 's/^\"//g' | sed 's/\"[[:space:]]*$//g'` Display --indent 4 --text "Docroot $DOCROOT" --result FOUND --color GREEN if [ "$DOCROOT" = '/var/www' -o "$DOCROOT" = '/var/www/' ] ; then Display --indent 4 --text "Docroot $DOCROOT" --result FOUND --color ORANGE --advice APACHE_VHOSTS_VAR_WWW fi check_directory_group "$DOCROOT" $APACHE_GROUP $TMP_RESULT 6 APACHE_VHOSTS_DOCROOT_BADGROUP check_directory_others "$DOCROOT" $TMP_RESULT 6 APACHE_VHOSTS_DOCROOT_OTHERRIGHTS check_directory_writable_by_group "$DOCROOT" $APACHE_GROUP $TMP_RESULT 6 APACHE_VHOSTS_DOCROOT_GROUPW if [ -e "${DOCROOT}/robots.txt" ] ; then Display --indent 6 --text "Found robots.txt" --result FOUND --color BLUE else Display --indent 6 --text "No robots.txt" --result NOTFOUND --color ORANGE --advice APACHE_VHOSTS_NO_ROBOTS_TXT fi #check for known location if [ -e "$PLUGINS_REP/apache_vhosts.data" ] ; then grep -v '^#' "$PLUGINS_REP/apache_vhosts.data" | while read LOC_LINE do # echo " $LOC_LINE" LOC_LOC=`echo $LOC_LINE | cut -f1 -d\|` LOC_ADVICE=`echo $LOC_LINE | cut -f3 -d\|` if [ -e "${DOCROOT}${LOC_LOC}" ] ; then Display --indent 2 --text "=> ${DOCROOT}${LOC_LOC}" --result FOUND --color RED --advice $LOC_ADVICE echo "HLOC=${LOC_LOC}" >> $OUTPUT_RESULT fi done else Display --indent 2 --text "No apache_vhosts.data" --result NOTFOUND --color RED fi identify_web_tech_in_dir "$DOCROOT" recursive if [ "$WEBTECH" = 'PHP' ] ; then Display --indent 2 --text "PHP technology" --result FOUND --color BLUE fi fi #TODO better alias printing in apache tree (list_alias) ##### alias =========================================== if [ ! -z "`echo $line | grep -i '^[[:space:]]*Alias[[:space:]]'`" ];then ALIAS="`echo $line | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]]*//g' | cut -d\ -f1`" DEST_ALIAS="`echo $line | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]]*//g' | cut -d\ -f2 | sed 's/^"//' | sed 's/"$//'`" Display --indent 4 --text "$ALIAS -> $DEST_ALIAS" --result FOUND --color BLUE if [ -z "$VIRTUALHOST" ];then echo "ALIAS=$ALIAS" >> $OUTPUT_RESULT else if [ -z "$LIST_ALIAS" ];then LIST_ALIAS="$ALIAS" else LIST_ALIAS="$LIST_ALIAS $ALIAS" fi fi fi ##### override =========================================== if [ ! -z "`echo $line | grep -i '^[[:space:]]*AllowOverride'`" ] ; then OVERRIDE=`echo $line | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]]*//g' | cut -d\ -f1` if [ "$OVERRIDE" != "None" ];then Display --indent 4 --text "$VIRTUALHOST has override $OVERRIDE" --result WARNING --color ORANGE fi fi ##### php_admin_value =========================================== if [ ! -z "`echo $line | grep -i '^[[:space:]]*php_admin_value'`" ] ; then PHP_ADMIN_VALUE=`echo $line | sed 's/^[[:space:]]*php_admin_value[[:space:]]*//g'` Display --indent 4 --text "$VIRTUALHOST has php_admin_value $PHP_ADMIN_VALUE" --result WARNING --color BLUE echo "PHP_ADMIN_VALUE=$PHP_ADMIN_VALUE" >> $OUTPUT_RESULT fi ##### php_admin_flag =========================================== if [ ! -z "`echo $line | grep -i '^[[:space:]]*php_admin_flag'`" ] ; then PHP_ADMIN_FLAG=`echo $line | sed 's/^[[:space:]]*php_admin_flag[[:space:]]*//g'` Display --indent 4 --text "$VIRTUALHOST has php_admin_flag $PHP_ADMIN_FLAG" --result WARNING --color BLUE #temp use same variable for flag and value echo "PHP_ADMIN_VALUE=$PHP_ADMIN_FLAG" >> $OUTPUT_RESULT fi ##### authfile =========================================== if [ ! -z "`echo $line | grep -i '^[[:space:]]*AuthUserFile'`" ];then AUTH_FILE="`echo $line | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]]*//g' | sed 's/^"//' | sed 's/"$//'`" if [ -e "$AUTH_FILE" ];then Display --indent 2 --text "Authfile $AUTH_FILE" --result FOUND --color GREEN if [ "`stat $STAT_GROUP $AUTH_FILE`" != $APACHE_GROUP ];then Display --indent 2 --text "debug Authfile $AUTH_FILE incorrect permission" --result "`stat $STAT_GROUP $AUTH_FILE`" --color RED fi if [ "`stat $STAT_USER $AUTH_FILE`" = $APACHE_USER ];then Display --indent 2 --text "debug Authfile $AUTH_FILE incorrect owner" --result "`stat $STAT_USER $AUTH_FILE`" --color RED fi else Display --indent 2 --text "Authfile $AUTH_FILE" --result NOTFOUND --color RED --advice APACHE_VHOSTS_AUTHFILE_NOTFOUND fi fi ##### options =========================================== if [ ! -z "`echo $line | grep -i '^[[:space:]]*options'`" ];then TOPRINT='' if [ ! -z "$VIRTUALHOST" ];then TOPRINT=$VIRTUALHOST fi if [ ! -z "$LOCATION" ];then TOPRINT=$LOCATION fi if [ ! -z "$DIRECTORY" ];then TOPRINT=$DIRECTORY fi #[[:space:]] is here for be sure that there not a - sign if [ ! -z "`echo $line | grep -i '[[:space:]]indexes'`" ];then Display --indent 4 --text "$TOPRINT has option indexes" --result FOUND --color ORANGE --advice APACHE_VHOSTS_OPTIONS_INDEXES OPTION_INDEX=1 fi if [ ! -z "`echo $line | grep -i '[[:space:]]ExecCGI'`" ];then Display --indent 4 --text "$TOPRINT has option ExecCGI" --result FOUND --color ORANGE --advice APACHE_VHOSTS_OPTIONS_EXECCGI OPTION_CGI=1 fi fi ##### jkmount =========================================== if [ ! -z "`echo $line | grep -i '^[[:space:]]*JKmount'`" ] ; then JKMOUNT_SRC="`echo \"$line\" | sed 's/^[[:space:]]*JKmount[[:space:]]*//gI' | cut -d\ -f1`" Display --indent 4 --text "$VIRTUALHOST has JKmount $JKMOUNT_SRC" --result FOUND --color BLUE echo "JKMOUNT=$JKMOUNT_SRC" >> $OUTPUT_RESULT fi ##### ProxyPASS =========================================== if [ ! -z "`echo $line | grep -i '^[[:space:]]*ProxyPASS'`" ] then # ProxyPASS_SRC="`echo \"$line\" | sed 's/^[[:space:]]*ProxyPASS[[:space:]]*//gI' | cut -d\ -f1`" get_value_in_string ProxyPASS "$line" ProxyPASS_SRC="$RESULTAT" Display --indent 4 --text "$VIRTUALHOST has ProxyPASS_SRC $ProxyPASS_SRC" --result FOUND --color BLUE fi ##### mod_deflate =========================================== #AddOutputFilterByType if [ ! -z "`echo $line | grep -i '^[[:space:]]*SetOutputFilter'`" ] then OUTPUT_FILTER_TYPE="`echo \"$line\" | sed 's/^[[:space:]]*SetOutputFilter[[:space:]]*//gI' | cut -d\ -f1`" Display --indent 4 --text "$VIRTUALHOST has SetOutputFilter" --result FOUND --color BLUE echo "DEFLATE=$OUTPUT_FILTER_TYPE" >> $OUTPUT_RESULT fi if [ ! -z "`echo $line | grep -i '^[[:space:]]*AddOutputFilterByType'`" ] then TMP_GZIP_RESULT="${TEMPYASATDIR}/apache_gzip.tmpresult" if [ -e "${TMP_GZIP_RESULT}" ] ; then rm "${TMP_GZIP_RESULT}" fi OUTPUT_FILTER_TYPE="`echo \"$line\" | sed 's/^[[:space:]]*AddOutputFilterByType[[:space:]]*//gI' | cut -d\ -f1`" OUTPUT_FILTER_AFFECTED="`echo \"$line\" | sed 's/^[[:space:]]*AddOutputFilterByType[[:space:]]*//gI' | cut -d\ -f2-`" Display --indent 4 --text "$VIRTUALHOST has AddOutputFilterByType $OUTPUT_FILTER_TYPE" --result FOUND --color BLUE for mimetype in $OUTPUT_FILTER_AFFECTED do echo $mimetype >> ${TMP_GZIP_RESULT} done grep -iv -f ${TMP_GZIP_RESULT} $PLUGINS_REP/apache_mod_deflate.data | while read missing do Display --indent 6 --text "You can add also $missing" --result NOTFOUND --color BLUE done echo "DEFLATE=$OUTPUT_FILTER_TYPE $OUTPUT_FILTER_AFFECTED" >> $OUTPUT_RESULT fi ##### SSL options =========================================== http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html if [ ! -z "`echo $line | grep -i '^[[:space:]]*SSLCertificateKeyFile'`" ] ; then # SSLCertKeyFile="`echo \"$line\" | sed 's/^[[:space:]]*SSLCertificateKeyFile[[:space:]]*//gI' | cut -d\ -f1`" get_value_in_string SSLCertificateKeyFile "$line" SSLCertKeyFile="$RESULTAT" Display --indent 4 --text "$VIRTUALHOST has SSL Key $SSLCertKeyFile" --result FOUND --color BLUE check_file $SSLCertKeyFile 6 PRIVKEY fi if [ ! -z "`echo $line | grep -i '^[[:space:]]*SSLCertificateFile'`" ] ; then # SSLCertFile="`echo \"$line\" | sed 's/^[[:space:]]*SSLCertificateFile[[:space:]]*//gI' | cut -d\ -f1`" get_value_in_string SSLCertificateFile "$line" SSLCertFile="$RESULTAT" Display --indent 4 --text "$VIRTUALHOST has SSL Cert $SSLCertFile" --result FOUND --color BLUE check_file $SSLCertFile 6 CERT fi #TODO SSLInsecureRenegotiation http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslinsecurerenegotiation done < $APACHE_CONF_LOCATION_TO_TEST draw_apache_tree $OUTPUT_RESULT return 1; yasat/plugins/process.test0000750000175000017500000000763112457227301016501 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ #TODO add list of possible user like snmpd run under root or snmp Title "Check running process" if [ ! -e "${PLUGINS_REP}/process.data" ] then Display --indent 2 --text "process.data" --result NOTFOUND --color RED return -1; fi #TODO FreeBSD said ps: Process environment requires procfs(5) #all gnome-* must not be root ps -eo user,tty,args | grep " gnome-" | grep -v 'grep' | while read lineuser do PROCESS="`echo $lineuser | cut -d\ -f3`" USERPROCESS="`echo $lineuser | cut -d\ -f1`" if [ $USERPROCESS = "root" ] then Display --indent 4 --text "$PROCESS Run as $USERPROCESS" --result BAD --color RED --advice PROCESS_NOT_BE_ROOT else Display --indent 4 --text "$PROCESS Run as $USERPROCESS" --result GOOD --color GREEN fi done PS_ARGS='axeo user,tty,args' if [ "$OS" = 'OpenBSD' ] then PS_ARGS='-axeo user,tty,comm' fi #under wheezy I have MAIL=xxxxx just after process name, clean it (TODO find why) ps $PS_ARGS | grep -v ^USER | grep -v \ tty/ | grep -v \ pts/ |grep -v \ tty[0-9] | grep -v " \[" | grep -v " gnome-" | sed 's,MAIL=/var/mail/root.*,,' |grep -v 'grep' | sort | uniq | while read line do PROCESS="`echo $line | cut -d\ -f3`" USERPROCESS="`echo $line | cut -d\ -f1`" PROCESSTYPE="`grep -v '^#' $PLUGINS_REP/process.data |grep -v '^$' |grep ^${PROCESS}= | cut -d\= -f2`" if [ -z "$PROCESSTYPE" ] then Display --indent 2 --text "$PROCESS" --result UNKNOWN --color ORANGE if [ $USERPROCESS = "root" ] then Display --indent 4 --text "Run as $USERPROCESS" --result UNKNOWN --color ORANGE --advice PROCESS_MAY_NOT_BE_ROOT fi else Display --indent 2 --text "$PROCESS" --result KNOWN --color GREEN case $PROCESSTYPE in CANBEROOT) if [ $USERPROCESS = "root" ] then Display --indent 4 --text "Run as $USERPROCESS" --result GOOD --color ORANGE --advice PROCESS_CAN_BE_ROOT else Display --indent 4 --text "Run as $USERPROCESS" --result GOOD --color GREEN fi ;; ONLYROOT) if [ $USERPROCESS = "root" ] then Display --indent 4 --text "Run as $USERPROCESS" --result GOOD --color GREEN else Display --indent 4 --text "Run as $USERPROCESS" --result BAD --color RED --advice PROCESS_ONLY_ROOT fi ;; NOTHINGTOSAY) Display --indent 4 --text "Run as $USERPROCESS" --result GOOD --color GREEN ;; NOTBEROOT) if [ $USERPROCESS = "root" ] then Display --indent 4 --text "Run as $USERPROCESS" --result BAD --color RED --advice PROCESS_NOT_BE_ROOT else Display --indent 4 --text "Run as $USERPROCESS" --result GOOD --color GREEN fi ;; *) Display --indent 4 --text "PROCESSTYPE $PROCESSTYPE" --result UNKNOWN --color RED ;; esac fi if [ -e "$PROCESS" ] then PROCESS_FS_OWNER="`stat $STAT_USER $PROCESS`" # echo "debug $PROCESS $PROCESS_FS_OWNER" if [ "$PROCESS_FS_OWNER" != "root" ] then Display --indent 4 --text "$PROCESS is not owned by root on the FS" --result WARNING --color RED fi fi done return 0; yasat/plugins/partition.test0000640000175000017500000001176412457227301017034 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check partition configurations" if [ ! -e "${SCAN_ROOT}/etc/fstab" ] ;then Display --indent 2 --text "Strange, no /etc/fstab" --result NOTFOUND --color ORANGE return 1; fi #TODO in /etc/fstab users is same as noexec, nosuid, nodev #TODO check swap for encryption TESTNAME='YASAT_TEST_PARTITION_BSD_SWAP Check if the swap is encrypted' if [ "${OS}" = 'OpenBSD' ] ;then SWAP_ENCRYPT="`$BSD_SYSCTL vm.swapencrypt.enable | cut -d\= -f2`" if [ $SWAP_ENCRYPT -eq 1 ] ;then Display --indent 2 --text "SWAP is encrypted" --result ENCRYPTED --color GREEN else Display --indent 2 --text "SWAP is not encrypted" --result CLEAR --color ORANGE fi fi #TODO under freebsd http://www.freebsd.org/doc/en/books/handbook/swap-encrypting.html #For detecting encrypted swap under linux, I see it in 2 steps #detect LV where swap is #check for /etc/crypttab #TODO nfs nfs4 smbs cifs and other network FS must have nodev noexec nosuid TESTNAME='YASAT_TEST_PARTITION_HOME1 CCEID=14559-9 NSAG=2.1.1.1.5 Check if /home is on a separate partition' TESTNAME='YASAT_TEST_PARTITION_HOME2 CCEID=4249-9 NASG=2.2.1.1 Check if /home have the nodev flag' TESTNAME='YASAT_TEST_PARTITION_HOME3 Check if /home have the nosuid flag' check_partition '/home' SEPARATE nodev nosuid #TODO noexec for /home with mode paranoiac TESTNAME='YASAT_TEST_PARTITION_VAR1 CCEID=14777-7 NSAG=2.1.1.1.2 Check if /var is on a separate partition' TESTNAME='YASAT_TEST_PARTITION_VAR2 CCEID=4249-9 NASG=2.2.1.1 Check if /var have the nodev flag' TESTNAME='YASAT_TEST_PARTITION_VAR3 Check if /var have the nosuid flag' check_partition '/var' SEPARATE nodev nosuid # noexec on /var breaks debian # /usr nodev, I disabled this test because of http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken #check_partition '/usr' # if [ -z "`echo $RESULTAT | grep -i nodev`" ] # then # Display --indent 4 --text "/usr dont have nodev" --result NOTFOUND --color ORANGE --advice PARTITION_NODEV # else # Display --indent 4 --text "/usr have nodev" --result FOUND --color GREEN # fi # /tmp nodev noexec TESTNAME='YASAT_TEST_PARTITION_TMP1 CCEID=14161-4 NSAG=2.1.1.1.1 Check if /tmp is on a separate partition' TESTNAME='YASAT_TEST_PARTITION_TMP2 CCEID=4249-9 NASG=2.2.1.1 Check if /tmp have the nodev flag' TESTNAME='YASAT_TEST_PARTITION_TMP3 CCEID=14412-1,14940-1,14927-8 NSAG=2.2.1.3.1 Check if /tmp have the nosuid flag' check_partition '/tmp' SEPARATE nodev nosuid TESTNAME='YASAT_TEST_PARTITION_VAR_LOG1 CCEID=14011-1 NSAG=2.1.1.1.3 Check if /var/log is on a separate partition' TESTNAME='YASAT_TEST_PARTITION_VAR_LOG2 CCEID=4249-9 NASG=2.2.1.1 Check if /var/log have the nodev flag' TESTNAME='YASAT_TEST_PARTITION_VAR_LOG3 Check if /var/log have the nosuid flag' TESTNAME='YASAT_TEST_PARTITION_VAR_LOG4 Check if /var/log have the noexec flag' check_partition '/var/log' SEPARATE nodev nosuid noexec TESTNAME='YASAT_TEST_PARTITION_DEV_CDROM1 Check if /dev/cdrom is on a separate partition' TESTNAME='YASAT_TEST_PARTITION_DEV_CDROM2 CCEID=3522-0,4275-4,4042-8 NASG=2.2.1.2 Check if /dev/cdrom have the nodev flag' TESTNAME='YASAT_TEST_PARTITION_DEV_CDROM3 CCEID=3522-0,4275-4,4042-8 NASG=2.2.1.2 Check if /dev/cdrom have the nosuid flag' TESTNAME='YASAT_TEST_PARTITION_DEV_CDROM4 CCEID=3522-0,4275-4,4042-8 NASG=2.2.1.2 Check if /dev/cdrom have the noexec flag' check_partition '/mnt/cdrom' SEPARATE nodev nosuid noexec TESTNAME='YASAT_TEST_PARTITION_DEV_SHM1 Check if /dev/shm is on a separate partition' TESTNAME='YASAT_TEST_PARTITION_DEV_SHM2 CCEID=15007-8,14306-5,14703-3 NASG=2.2.1.3.2 Check if /dev/shm have the nodev flag' TESTNAME='YASAT_TEST_PARTITION_DEV_SHM3 CCEID=15007-8,14306-5,14703-3 NASG=2.2.1.3.2 Check if /dev/shm have the nosuid flag' TESTNAME='YASAT_TEST_PARTITION_DEV_SHM4 CCEID=15007-8,14306-5,14703-3 NASG=2.2.1.3.2 Check if /dev/shm have the noexec flag' check_partition '/dev/shm' SEPARATE nodev nosuid noexec TESTNAME='YASAT_TEST_PARTITION Bind-mount /var/tmp to /tmp' Compliance --result 'NOTIMPL' --plugin 'partition' --nsag 2.2.1.4 --cce 14584-7 yasat/plugins/apache_mod_deflate.data0000640000175000017500000000014712457227301020512 0ustar montjoiemontjoietext/html text/plain text/xml text/css application/x-javascript application/javascript text/javascript yasat/plugins/kernel.test0000640000175000017500000004772512466421163016313 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check Kernel version and configuration" #check securelevel #TODO check also value in /etc/rc.securelevel if [ "$OS_TYPE" = 'OpenBSD' ];then TESTNAME='YASAT_TEST_KERNEL_OPENBSD_SECURELEVEL Check if Secure level is used' SECURELEVEL="`$BSD_SYSCTL kern.securelevel | cut -d\= -f2`" if [ $SECURELEVEL -ge 0 ];then Display --indent 2 --text "Secure level" --result "$SECURELEVEL" --color BLUE else Display --indent 2 --text "Secure level" --result "$SECURELEVEL" --color RED --advice OPENBSD_SECURE_LEVEL_BELOW_ZERO fi return 1; fi #TODO Made some checks Under BSD if [ "$OS_TYPE" != 'Linux' ] ;then Display --indent 2 --text "Other OS than linux" --result TODO --color BLUE return 1; fi #Generaly on a server usb modules should not be loaded by default #TODO check for monolithic addition of USB #if /proc/modules dont exists, lsmod fail if [ -e /proc/modules ] ; then USB_FOUND=0 FIRE_FOUND=0 USB_MODULES='uhci_hcd ohci_hcd ehci_hcd usb_storage usbnet' TMP_RESULT="${TEMPYASATDIR}/lsmod.out" TESTNAME='YASAT_TEST_KERNEL_USB_MODULE Check if USB module are loaded' lsmod > $TMP_RESULT 2> $ERROR_OUTPUT_FILE if [ $? -eq 0 ] ; then for usbmodule in $USB_MODULES do if [ ! -z "`grep ^$usbmodule[[:space:]] $TMP_RESULT`" ] ; then Display --indent 2 --text "USB module $usbmodule" --result FOUND --color ORANGE --advice KERNEL_USB_MODULES USB_FOUND=1 fi done if [ $USB_FOUND -eq 0 ] ; then Display --indent 2 --text "Checking for unnecessary modules.. USB" --result NOTFOUND --color GREEN Compliance --result 'OK' --plugin 'kernel' --color 'green' --yasatresult 'NOTFOUND' else Compliance --result 'KO' --plugin 'kernel' --color 'orange' --yasatresult 'FOUND' fi else if [ -e $TMP_RESULT ] ; then rm $TMP_RESULT fi Display --indent 2 --text "Checking modules with lsmod" --result FAILED --color ORANGE Compliance --result 'KO' --plugin 'kernel' --color 'orange' --yasatresult 'ERROR' fi FIREWIRE_MODULES='firewire-sbp2 firewire-ohci firewire-core' TMP_RESULT="${TEMPYASATDIR}/lsmod.out" TESTNAME='YASAT_TEST_KERNEL_FIREWIRE_MODULE Check if Firewire modules are loaded' lsmod > $TMP_RESULT 2> $ERROR_OUTPUT_FILE if [ $? -eq 0 ] ; then for firemodule in $FIREWIRE_MODULES do if [ ! -z "`grep ^$firemodule[[:space:]] $TMP_RESULT`" ] ; then Display --indent 2 --text "Firewire module $firemodule" --result FOUND --color ORANGE --advice KERNEL_FIREWIRE_MODULES fi done if [ $FIRE_FOUND -eq 0 ] ; then Display --indent 2 --text "Checking for unnecessary modules.. Firewire" --result NOTFOUND --color GREEN Compliance --result 'OK' --plugin 'kernel' --color 'green' --yasatresult 'NOTFOUND' else Compliance --result 'KO' --plugin 'kernel' --color 'orange' --yasatresult 'FOUND' fi else if [ -e $TMP_RESULT ] ; then rm $TMP_RESULT fi Display --indent 2 --text "Checking modules with lsmod" --result FAILED --color ORANGE Compliance --result 'KO' --plugin 'kernel' --color 'orange' --yasatresult 'ERROR' fi if [ -e "$TMP_RESULT" ];then rm $TMP_RESULT fi else Display --indent 2 --text "No /proc/modules, cannot check kernel modules" --result NOTFOUND --color BLUE TESTNAME='YASAT_TEST_KERNEL_USB_MODULE Check if USB module are loaded' Compliance --result 'NOTTESTED' --plugin 'kernel' TESTNAME='YASAT_TEST_KERNEL_FIREWIRE_MODULE Check if Firewire modules are loaded' Compliance --result 'NOTTESTED' --plugin 'kernel' fi #TODO check for modprobe.conf and co #search for "blacklist $module" or "install $module /bin/true" in /etc/modprobe.conf or /etc/modprobe.d/*.conf TESTNAME='YASAT_TEST_KERNEL_DISABLE_USB_STORAGE Disable Modprobe Loading of USB Storage Driver' Compliance --result 'NOTIMPL' --plugin 'kernel' --nsag '2.2.2.2.1' --cce '4187-1' TESTNAME='YASAT_TEST_KERNEL_DISABLE_UNCOMMON_FILESYSTEM Disable Mounting of Uncommon Filesystem Types' Compliance --result 'NOTIMPL' --plugin 'kernel' --nsag '2.2.2.5' --cce '14089-7' --cce 14457-6 --cce 15087-0 --cce 14093-9 --cce 14853-6 --cce 14118-4 --cce 14871-8 TESTNAME='YASAT_TEST_KERNEL_DISABLE_DCCP Disable Support for DCCP' Compliance --result 'NOTIMPL' --plugin 'kernel' --nsag 2.5.7.1 --cce 14268-7 TESTNAME='YASAT_TEST_KERNEL_DISABLE_SCTP Disable Support for SCTP' Compliance --result 'NOTIMPL' --plugin 'kernel' --nsag 2.5.7.2 --cce 14132-5 TESTNAME='YASAT_TEST_KERNEL_DISABLE_RDS Disable Support for RDS' Compliance --result 'NOTIMPL' --plugin 'kernel' --nsag 2.5.7.3 --cce 14027-7 TESTNAME='YASAT_TEST_KERNEL_DISABLE_TIPC Disable Support for TIPC' Compliance --result 'NOTIMPL' --plugin 'kernel' --nsag 2.5.7.3 --cce 14911-2 TESTNAME='YASAT_TEST_KERNEL_DISABLE_BLUETOOTH Disable Support for bluetooth' Compliance --result 'NOTIMPL' --plugin 'kernel' --nsag 3.3.14.3 --cce 14948-4 TESTNAME='YASAT_TEST_KERNEL_DISABLE_USB_STORAGE_DRIVER Remove USB Storage Driver' if [ -e "$SCAN_ROOT/lib/modules/`uname -r`/kernel/drivers/usb/storage/usb-storage.ko" ] ;then Compliance --result 'KO' --plugin 'kernel' --nsag '2.2.2.2.2' --cce '4006-3' else Compliance --result 'OK' --plugin 'kernel' --nsag '2.2.2.2.2' --cce '4006-3' fi TESTNAME='YASAT_TEST_KERNEL_DISABLE_USB Disable Kernel Support for USB via Bootloader Configuration' Compliance --result 'NOTIMPL' --plugin 'kernel' --nsag '2.2.2.2.3' --cce '4173-1' TESTNAME='YASAT_TEST_KERNEL_DISABLE_USB_BOOT Disable Booting from USB Devices' Compliance --result 'NOTIMPL' --plugin 'kernel' --nsag '2.2.2.2.4' --cce '3944-6' #TODO FreeBSD security.bsd.see_other_uids #TODO FreeBSD net.inet.ip.random_id #kernel.panic = 60 #kernel to test 2.6.24 (vmsplice) # 2.6.30 and 2.6.30.1 ( tun vulnerability) #TODO check if we are under virtual machine Check_tool_presence sysctl if [ $? -eq 0 ];then SYSCTL="$RESULTAT" fi TESTNAME='YASAT_TEST_KERNEL_RANDOMIZE_VASPACE NSAG=2.2.4.3.1 Check if randomize_va_space is enabled' #/proc/sys/kernel/randomize_va_space RANDOM_VA_SPACE="`$SYSCTL kernel.randomize_va_space 2>> $ERROR_OUTPUT_FILE`" if [ $? -eq 0 ] ; then RANDOM_VA_SPACE="`$SYSCTL kernel.randomize_va_space | sed 's/^.*=[[:space:]]*//'`" if [ "$RANDOM_VA_SPACE" -eq 2 ] ; then Display --indent 2 --text "Randomized va space" --result ENABLED --color GREEN # Get_sysctl kernel.randomize_va_space Compliance --result 'OK' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.3.1' --color 'green' --yasatresult 'ENABLED' else if [ $RANDOM_VA_SPACE -eq 1 ] ; then Display --indent 2 --text "Randomized va space at level 1 (want level 2)" --result PARTIAL --color ORANGE --advice KERNEL_RANDOM_VA_SPACE Compliance --result 'KO' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.3.1' --color 'orange' --yasatresult 'PARTIAL' else Display --indent 2 --text "Randomized va space" --result NO --color RED --advice KERNEL_RANDOM_VA_SPACE Compliance --result 'KO' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.3.1' --color 'red' --yasatresult 'DISABLED' fi fi else Display --indent 2 --text "sysctl" --result FAILED --color ORANGE Compliance --result 'KO' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.3.1' --color 'red' --yasatresult 'ERROR' fi TESTNAME='YASAT_TEST_KERNEL_RANDOMIZE_VASPACE NSAG=2.2.4.3 CCEID=4146-7 Check if randomize_va_space is enabled in sysctl.conf' Get_sysctl kernel.randomize_va_space if [ "$RESULTAT" = '1' ] ;then Display --indent 2 --text "Randomized va space in sysctl.conf" --result YES --color GREEN Compliance --result 'OK' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.3' --type 'CCE' --cid '4146-7' --color 'green' --yasatresult 'ENABLED' else Display --indent 2 --text "Randomized va space in sysctl.conf" --result NO --color ORANGE Compliance --result 'KO' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.3' --type 'CCE' --cid '4146-7' --color 'orange' --yasatresult 'NO' fi #TODO PAX PAGEEXEC SEGEXEC and check type of processor # No nx on ARM TESTNAME='YASAT_TEST_KERNEL_NX CCEID=4177-2 NSAG=2.2.4.4.1,2.2.4.4.3 Check if the NX bit is present' if [ "$HARDWARE_GEN" = 'x86' -o "$HARDWARE_GEN" = 'x86_64' ];then NXbit=0 if [ -e /proc/cpuinfo ] ;then if [ -z "`grep '^flags' /proc/cpuinfo | grep ' nx '`" ] ;then Display --indent 2 --text "No NX support" --result NOTFOUND --color ORANGE --advice KERNEL_NO_NX_BIT Compliance --result 'KO' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.4.1' --cid '2.2.4.4.3' --type 'CCE' --cid '4177-2' --color 'orange' --yasatresult 'NOTFOUND' else Display --indent 2 --text "NX support" --result FOUND --color GREEN NXbit=1 Compliance --result 'OK' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.4.1' --cid '2.2.4.4.3' --type 'CCE' --cid '4177-2' --color 'green' --yasatresult 'FOUND' fi #TODO Check the presence of qemu virtualbox vmware TESTNAME='YASAT_TEST_KERNEL_VIRT Check if virtualization flag are present' if [ ! -z "`grep '^flags' /proc/cpuinfo | grep -E ' svm | vmx '`" ] ;then Display --indent 2 --text "HW VIRT support" --result FOUND --color ORANGE --advice KERNEL_HW_VIRT Compliance --result 'KO' --plugin 'kernel' --color 'orange' --yasatresult 'FOUND' fi else Display --indent 2 --text "No /proc/cpuinfo" --result NOTFOUND --color BLUE Compliance --result 'NOTTESTED' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.4.1' --cid '2.2.4.4.3' --type 'CCE' --cid '4177-2' --color 'BLUE' --yasatresult 'NOTTESTED' fi else Compliance --result 'NOTTESTED' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.4.1' --cid '2.2.4.4.3' --type 'CCE' --cid '4177-2' --color 'blue' --yasatresult 'NOTFOUND' fi TESTNAME='YASAT_TEST_KERNEL_NEW_KERNEL Install New Kernel on Supported x86 Systems' Compliance --result 'NOTTESTED' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.4.2' # http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/release-notes/as-x86/RELEASE-NOTES-U3-x86-en.html #Exists only under Redhat and clone ES_SEVERITY='BLUE' if [ "$OS_NAME" = 'CentOS' -o "$OS_NAME" = 'Red Hat' ] ;then ES_SEVERITY='RED' fi TESTNAME='YASAT_TEST_KERNEL_EXEC_SHIELD1 NSAG=2.2.4.3.1 Check if exec-shield is present and enabled' if [ -e /proc/sys/kernel/exec-shield ] ;then Display --indent 2 --text "/proc/sys/kernel/exec-shield" --result FOUND --color GREEN EXECSHIELD="`cat /proc/sys/kernel/exec-shield`" if [ $EXECSHIELD -ge 1 ] ;then Display --indent 4 --text "exec-shield value $EXECSHIELD" --result GOOD --color GREEN Compliance --result 'OK' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.3.1' --color 'green' --yasatresult 'GOOD' else Display --indent 4 --text "exec-shield value $EXECSHIELD" --result DISABLED --color RED --advice KERNEL_EXEC_SHIELD Compliance --result 'KO' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.3.1' --color 'red' --yasatresult 'DISABLED' fi else Display --indent 2 --text "/proc/sys/kernel/exec-shield" --result NOTFOUND --color BLUE Compliance --result 'NOTTESTED' --plugin 'kernel' --type 'NSAG' --cid '2.2.4.3.1' --color 'blue' --yasatresult 'NOTFOUND' fi TESTNAME='YASAT_TEST_KERNEL_EXEC_SHIELD2 NSAG=2.2.4.3 CCEID=4168-1 Check if exec-shield is present and enabled in sysctl.conf' if [ "$OS_TYPE" = 'Linux' ] ;then Get_sysctl kernel.exec-shield if [ "$RESULTAT" = '1' ] ;then Display --indent 4 --text "exec-shield enabled in sysctl.conf" --result ENABLED --color GREEN Compliance --result 'OK' --plugin 'kernel' --nsag '2.2.4.3' --type 'CCE' --cid '4168-1' --color 'green' --yasatresult 'ENABLED' else Display --indent 4 --text "exec-shield not enabled in sysctl.conf" --result DISABLED --color "$ES_SEVERITY" Compliance --result 'KO' --plugin 'kernel' --nsag '2.2.4.3' --type 'CCE' --cid '4168-1' --color "$ES_SEVERITY" --yasatresult 'DISABLED' fi fi #TODO /proc/sys/kernel/exec-shield-randomize #config can be found at /boot/config-`uname -r` #if [ -e "/boot/config-`uname -r`" ] ;then # Display --indent 2 --text "/boot/config-`uname -r`" --result FOUND --color GREEN # cat "/boot/config-`uname -r`" > "${TEMPYASATDIR}/kernel_config" #fi # if user give me the path to a .config, I wont read /proc/config.gz #if [ -z $YASAT_PATH_TO_KERNEL_CONFIG ] ;then # YASAT_PATH_TO_KERNEL_CONFIG='/usr/src/linux/.config' # if [ -e /proc/config.gz ] ;then # Display --indent 2 --text "/proc/config.gz" --result FOUND --color GREEN # zcat /proc/config.gz > ${TEMPYASATDIR}/kernel_config # else # if [ -e "${TEMPYASATDIR}/kernel_config" ] ;then # #we have already found .config elsewhere # Display --indent 2 --text "/proc/config.gz" --result NOTFOUND --color BLUE # else # Display --indent 2 --text "/proc/config.gz" --result NOTFOUND --color ORANGE --advice KERNEL_NO_CONFIG # fi # fi #fi #if [ ! -e "${TEMPYASATDIR}/kernel_config" ] ;then # if [ -e "$YASAT_PATH_TO_KERNEL_CONFIG" ] ;then # Display --indent 2 --text "$YASAT_PATH_TO_KERNEL_CONFIG" --result FOUND --color GREEN # cat "$YASAT_PATH_TO_KERNEL_CONFIG" > ${TEMPYASATDIR}/kernel_config # else # Display --indent 2 --text "$YASAT_PATH_TO_KERNEL_CONFIG" --result NOTFOUND --color ORANGE --advice KERNEL_NO_CONFIG # fi #fi prepare_kernel_config #TODO IA32 disable via /proc/sys/abi/vsyscall32 #TODO CC_STACKPROTECTOR_ALL wait until it is "stable" #TODO if PAX or GRSEC is enabled, check their suboptions if [ -e "${TEMPYASATDIR}/kernel_config" ];then TESTNAME='YASAT_TEST_KERNEL_DISABLE_IA32_EMULATION Check if IA32 emulation is enabled on x86_64 arch' if [ "$HARDWARE" = 'x86_64' ];then if [ ! -z "`grep 'CONFIG_IA32_EMULATION=y' ${TEMPYASATDIR}/kernel_config`" ];then Display --indent 2 --text "CONFIG_IA32_EMULATION" --result ENABLED --color ORANGE --advice KERNEL_CONFIG_IA32_EMULATION --comp 'KO' 'kernel' else Display --indent 2 --text "CONFIG_IA32_EMULATION" --result DISABLED --color GREEN --comp 'OK' 'kernel' fi else Compliance --result 'NOTTESTED' --plugin kernel --color 'BLUE' --yasatresult 'NOTTESTED' fi TESTNAME='YASAT_TEST_KERNEL_COMPAT_BRK Check if COMPAT_BRK is enabled' if [ ! -z "`grep 'CONFIG_COMPAT_BRK=y' ${TEMPYASATDIR}/kernel_config`" ];then Display --indent 2 --text "CONFIG_COMPAT_BRK" --result ENABLED --color ORANGE --advice KERNEL_CONFIG_COMPAT_BRK --comp 'KO' 'kernel' else Display --indent 2 --text "CONFIG_COMPAT_BRK" --result DISABLED --color GREEN --comp 'OK' 'kernel' fi TESTNAME='YASAT_TEST_KERNEL_COMPAT_VDSO Check if COMPAT_VDSO is enabled' if [ ! -z "`grep 'CONFIG_COMPAT_VDSO=y' ${TEMPYASATDIR}/kernel_config`" ];then Display --indent 2 --text "CONFIG_COMPAT_VDSO" --result ENABLED --color ORANGE --advice KERNEL_CONFIG_COMPAT_VDSO --comp 'KO' 'kernel' else Display --indent 2 --text "CONFIG_COMPAT_VDSO" --result DISABLED --color GREEN --comp 'OK' 'kernel' fi TESTNAME='YASAT_TEST_KERNEL_DEVKMEM Check if DEVKMEM is enabled' if [ ! -z "`grep 'CONFIG_DEVKMEM=y' ${TEMPYASATDIR}/kernel_config`" ];then Display --indent 2 --text "CONFIG_DEVKMEM" --result ENABLED --color ORANGE --advice KERNEL_CONFIG_DEVKMEM --comp 'KO' 'kernel' else Display --indent 2 --text "CONFIG_DEVKMEM" --result DISABLED --color GREEN --comp 'OK' 'kernel' fi TESTNAME='YASAT_TEST_KERNEL_STRICT_DEVMEM Check if STRICT_DEVMEM is enabled' if [ -z "`grep 'CONFIG_STRICT_DEVMEM=y' ${TEMPYASATDIR}/kernel_config`" ];then Display --indent 2 --text "CONFIG_STRICT_DEVMEM" --result DISABLED --color ORANGE --advice KERNEL_CONFIG_STRICT_DEVMEM --comp 'KO' 'kernel' else Display --indent 2 --text "CONFIG_STRICT_DEVMEM" --result ENABLED --color GREEN --comp 'OK' 'kernel' fi TESTNAME='YASAT_TEST_KERNEL_MMAP_MIN_ADDR Check the value if /proc/sys/vm/mmap_min_addr' if [ -e /proc/sys/vm/mmap_min_addr ];then VALUE="`cat /proc/sys/vm/mmap_min_addr`" if [ $? -ne 0 ];then #under Redhat with a non root test this test is denied Display --indent 2 --text "/proc/sys/vm/mmap_min_addr" --result DENIED --color RED --advice YASAT_DENIED --comp 'NOTTESTED' 'kernel' else if [ $VALUE -ge 1 ];then Display --indent 2 --text "/proc/sys/vm/mmap_min_addr" --result "$VALUE" --color GREEN --comp 'OK' 'kernel' else Display --indent 2 --text "/proc/sys/vm/mmap_min_addr" --result "$VALUE" --color RED --advice KERNEL_MMAP_MIN_ADDR --comp 'KO' 'kernel' fi fi fi TESTNAME='YASAT_TEST_KERNEL_MCE Check if MCE is enabled' if [ "$HARDWARE_GEN" = 'x86' -o "$HARDWARE_GEN" = 'x86_64' ];then if [ ! -z "`grep 'CONFIG_X86_MCE=y' ${TEMPYASATDIR}/kernel_config`" ];then Display --indent 2 --text "CONFIG_X86_MCE" --result ENABLED --color GREEN --comp 'OK' 'kernel' Check_tool_presence mcelog if [ $? -eq 1 ];then Display --indent 4 --text "mcelog tool" --result NOTFOUND --color RED --advice MCELOG_TOOL else Display --indent 4 --text "mcelog tool" --result FOUND --color GREEN fi else Display --indent 2 --text "CONFIG_X86_MCE" --result DISABLED --color ORANGE --advice KERNEL_CONFIG_MCE --comp 'KO' 'kernel' fi else #MCE is x86 only Compliance --result NOTTESTED --plugin kernel fi TESTNAME='YASAT_TEST_KERNEL_PAX Check if PAX is enabled' if [ ! -z "`grep 'CONFIG_PAX=y' ${TEMPYASATDIR}/kernel_config`" ];then Display --indent 2 --text "CONFIG_PAX" --result ENABLED --color GREEN --comp 'OK' 'kernel' else Display --indent 2 --text "CONFIG_PAX" --result DISABLED --color ORANGE --advice KERNEL_CONFIG_PAX --comp 'KO' 'kernel' fi TESTNAME='YASAT_TEST_KERNEL_GRKERNSEC Check if grsecurity is enabled' if [ ! -z "`grep 'CONFIG_GRKERNSEC=y' ${TEMPYASATDIR}/kernel_config`" ];then Display --indent 2 --text "CONFIG_GRKERNSEC" --result ENABLED --color GREEN --comp 'OK' 'kernel' else Display --indent 2 --text "CONFIG_GRKERNSEC" --result DISABLED --color ORANGE --advice KERNEL_CONFIG_GRSEC --comp 'KO' 'kernel' fi TESTNAME='YASAT_TEST_KERNEL_SELINUX check if SELINUX is enabled' if [ ! -z "`grep 'CONFIG_SECURITY_SELINUX=y' ${TEMPYASATDIR}/kernel_config`" ];then Display --indent 2 --text "CONFIG_SECURITY_SELINUX" --result ENABLED --color GREEN --comp 'OK' 'kernel' else Display --indent 2 --text "CONFIG_SECURITY_SELINUX" --result DISABLED --color ORANGE --advice KERNEL_CONFIG_SECURITY_SELINUX --comp 'KO' 'kernel' fi TESTNAME='YASAT_TEST_KERNEL_RONX check if RONX is enabled' if [ ! -z "`grep 'CONFIG_DEBUG_SET_MODULE_RONX=y' ${TEMPYASATDIR}/kernel_config`" ] ;then Display --indent 2 --text "CONFIG_DEBUG_SET_MODULE_RONX" --result ENABLED --color GREEN --comp 'OK' 'kernel' else Display --indent 2 --text "CONFIG_DEBUG_SET_MODULE_RONX" --result DISABLED --color ORANGE --advice KERNEL_CONFIG_DEBUG_SET_MODULE_RONX --comp 'KO' 'kernel' fi TESTNAME='YASAT_TEST_KERNEL_RODATA check if RODATA is enabled' if [ ! -z "`grep 'CONFIG_DEBUG_RODATA=y' ${TEMPYASATDIR}/kernel_config`" ] ;then Display --indent 2 --text "CONFIG_DEBUG_RODATA" --result ENABLED --color GREEN --comp 'OK' 'kernel' else Display --indent 2 --text "CONFIG_DEBUG_RODATA" --result DISABLED --color ORANGE --advice KERNEL_CONFIG_DEBUG_RODATA --comp 'KO' 'kernel' fi TESTNAME='YASAT_TEST_KERNEL_STRICT_USER_COPY_CHECKS Check if STRICT_USER_COPY_CHECKS is enabled' if [ ! -z "`grep 'CONFIG_DEBUG_STRICT_USER_COPY_CHECKS=y' ${TEMPYASATDIR}/kernel_config`" ] ;then Display --indent 2 --text "CONFIG_DEBUG_STRICT_USER_COPY_CHECKS" --result ENABLED --color GREEN --comp 'OK' 'kernel' else Display --indent 2 --text "CONFIG_DEBUG_STRICT_USER_COPY_CHECKS" --result DISABLED --color ORANGE --advice KERNEL_CONFIG_DEBUG_STRICT_USER_COPY_CHECKS --comp 'KO' 'kernel' fi rm "${TEMPYASATDIR}/kernel_config" fi #end of -e "${TEMPYASATDIR}/kernel_config yasat/plugins/logrotate.test0000640000175000017500000000510612457227301017014 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ #TODO FreeBSD dont use logrotate Title "Check logrotate configurations" #YASAT_TEST_LOGROTATE CCEID=4182-2 NSAG=2.6.1.3.1 Check if all logs is rotated if [ ! -e /etc/logrotate.conf ] ;then Display --indent 2 --text "No logrotate" --result NOTFOUND --color RED return 1; fi #solaris have logs in others directory find /var/log/ -type f | grep 'log$' | grep -v Xorg. |grep -v 'faillog$'|grep -v 'lastlog$' | while read line do RESULT=`grep -ri $line /etc/logrotate.*` if [ -z "${RESULT}" ] then # echo "XXXX==========================================================" #Test wildcards DEFINED_IN_WILD=0 LOGROTATE_WILDS="`grep -ri '/var/log/' /etc/logrotate.* | grep '*' | sed 's/[[:space:]]{.*//g'`" for wilds in $LOGROTATE_WILDS do LOGROTATE_WILDS_DEFINE="`echo $wilds | cut -d\: -f1`" LOGROTATE_WILDS_LOGS=`echo $wilds | cut -d\: -f2` # echo "$LOGROTATE_WILDS_DEFINE $LOGROTATE_WILDS_LOGS" LOGROTATE_WILDS_ALLLOG=`echo $LOGROTATE_WILDS_LOGS` for wild in `echo $LOGROTATE_WILDS_ALLLOG` do if [ ! -z "`echo $line | grep $wild`" ] then Display --indent 2 --text "$line by `echo $LOGROTATE_WILDS_DEFINE | cut -d\: -f1`" --result FOUND --color GREEN DEFINED_IN_WILD=1 fi done done # echo "==========================================================" if [ $DEFINED_IN_WILD -eq 0 ] ;then Display --indent 2 --text "$line is not rotated" --result NOTFOUND --color RED --advice LOGROTATE_NOT_ROTATED fi else Display --indent 2 --text "$line by `echo $RESULT | cut -d\: -f1`" --result FOUND --color GREEN fi done yasat/plugins/dovecot.test0000640000175000017500000000333212466625167016472 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check Dovecot" if [ ! -e /etc/dovecot/dovecot.conf ];then return 0 fi prepare_dovecot_conf /etc/dovecot/dovecot.conf /etc/dovecot/ FindValueOfEqual "$TEMPYASATDIR/dovecot.conf" ssl JUSTTEST is_equal "$RESULTAT" 'yes' if [ $? -eq 0 ];then Display --indent 2 --text "Dovecot SSL enabled" --result GOOD --color GREEN else Display --indent 2 --text "Dovecot SSL disabled" --result BAD --color RED fi FindValueOfEqual "$TEMPYASATDIR/dovecot.conf" ssl_protocols JUSTTEST if [ ! -z "$RESULTAT" ];then check_ssl_protocol_openssl 2 "$RESULTAT" fi FindValueOfEqual "$TEMPYASATDIR/dovecot.conf" ssl_cipher_list JUSTTEST if [ ! -z "$RESULTAT" ];then check_cipher_list 2 "$RESULTAT" fi return 0; yasat/plugins/system_rights.data0000640000175000017500000000670312457227301017656 0ustar montjoiemontjoie# PATH DROITS USER GROUP OPTIONS( N R ) DISTRIB RecursiveOPTIONS NSAGforowner CCEIDforowner NSAGforgrp CCEIDforgrp NSAGforright CCEIDforright # N is for not necessery # R is for recurssive /boot|750|root|root|R /root|700|root|root|N /etc/xinetd.conf|640|root|root| /etc/xinetd.d|750|root|root|R /etc/inetd.d|750|root|root|R /etc/syslog-ng|750|root|root| /etc/syslog-ng/syslog-ng.conf|640|root|root| /etc/sudoers|440|root|root| /etc/passwd|644|root|root|N|||2.2.3.1|3958-6|2.2.3.1|3495-9|2.2.3.1|3566-7 /etc/group|644|root|root|N|||2.2.3.1|3276-3|2.2.3.1|3883-6|2.2.3.1|3967-7 /var/backups/passwd.bak|600|root|root|N|Etch /var/backups/group.bak|600|root|root|N|Etch /etc/passwd-|600|root|root|N /etc/shadow|600|root|root|N|||2.2.3.1|3918-0|2.2.3.1|3988-3|2.2.3.1|4130-1 #!Gentoo!Etch!Lenny!Squeeze /etc/shadow|600|root|root|N|Gentoo||2.2.3.1|3918-0|2.2.3.1|3988-3|2.2.3.1|4130-1 /etc/shadow|640|root|shadow|N|Etch||2.2.3.1|3918-0|2.2.3.1|3988-3|2.2.3.1|4130-1 /etc/shadow|640|root|shadow|N|Lenny||2.2.3.1|3918-0|2.2.3.1|3988-3|2.2.3.1|4130-1 /etc/shadow|640|root|shadow|N|Squeeze||2.2.3.1|3918-0|2.2.3.1|3988-3|2.2.3.1|4130-1 /var/backups/shadow.bak|600|root|shadow|N|Etch /var/backups/gshadow.bak|600|root|shadow|N|Etch /etc/shadow-|600|root|root|N /etc/gshadow|400|root|root|N|||2.2.3.1|4210-1|2.2.3.1|4064-2|2.2.3.1|3932-1 #!Lenny!Etch!Lenny!Squeeze /etc/gshadow|400|root|shadow|N|Etch||2.2.3.1|4210-1|2.2.3.1|4064-2|2.2.3.1|3932-1 /etc/gshadow|640|root|shadow|N|Lenny||2.2.3.1|4210-1|2.2.3.1|4064-2|2.2.3.1|3932-1 /etc/gshadow|640|root|shadow|N|Squeeze||2.2.3.1|4210-1|2.2.3.1|4064-2|2.2.3.1|3932-1 /etc/vsftpd.conf|640|root|root /etc/cron.d|750|root|root|R|||3.4.2|4380-2|3.4.2|4212-7|3.4.2|4450-3 /etc/cron.hourly|750|root|root|R|||3.4.2|3983-4|3.4.2|4053-4|3.4.2|4106-1 /etc/cron.daily|750|root|root|R|||3.4.2|4022-0|3.4.2|3481-9|3.4.2|4450-3 /etc/cron.weekly|750|root|root|R|||3.4.2|3833-1|3.4.2|4331-5|3.4.2|4203-6 /etc/cron.monthly|750|root|root|R|||3.4.2|4441-2|3.4.2|4322-4|3.4.2|4251-5 /etc/fstab|640|root|root| /etc/lilo.conf|600|root|root /etc/apache2|750|root|root|R /etc/vsftpd|750|root|root|R /etc/snmp|750|root|root|R /etc/exports|640|root|root /etc/mysql|750|root|root|R #/etc/mysql/my.cnf|640|root|root /etc/mysql/Etch.cnf|640|root|root /etc/postfix|750|root|root|R #/etc/nagios|750|nagios|apache /etc/nagios/nagios.cfg|640|root|nagios /etc/nagios/cgi.cfg|640|root|nagios /etc/nagios/ndo2db.cfg|640|root|nagios /etc/nagios/ndomod.cfg|640|root|nagios /etc/nagios/resource.cfg|640|root|nagios #/etc/nagios/objects|750|root|nagios|R /etc/saslauthd.conf|640|root|saslauth /etc/ulogd.conf|640|root|root /etc/sysctl.conf|640|root|root /etc/rsyncd.conf|640|root|root /etc/logrotate.conf|640|root|root /etc/freshclam.conf|640|root|root /etc/clamd.conf|640|root|root /etc/crontab|640|root|root||||3.4.2|3851-3|3.4.2|3626-9|3.4.2|4388-5 /etc/anacrontab|640|root|root||||3.4.2|4379-4|3.4.2|3604-6|3.4.2|4304-2 /etc/cron.deny|640|root|root /etc/ldap/ldap.conf|644|root|root /var/log/wtmp|664|root|utmp|N /var/log/btmp|600|root|utmp|N|Gentoo /var/log/btmp|660|root|utmp|N|Etch /var/log/lastlog|644|root|root|N|Gentoo /var/log/lastlog|644|root|utmp|N|Etch /var/log/faillog|600|root|root|N /var/log/openvpn|750|root|root /var/log/munin|750|munin|munin /var/log/mysql|750|mysql|mysql /var/log/ldap_old|750|root|root /var/log/ulogd|750|root|root /var/log/ulogd_arch|750|root|root /var/log/mail_old|750|root|root /var/log/amavis_old|750|root|root /var/lib/mysql|750|mysql|mysql|R||gw #/usr/lib/nagios/|750|root|nagios|R yasat/plugins/postfix.advice0000640000175000017500000000040512457227301016761 0ustar montjoiemontjoieEN,POSTFIX_OBSOLETE_TLS=see http://www.postfix.org/TLS_README.html ADVICEEND EN,POSTFIX_NO_TLS=Enable TLS for sending mail via a TLS secured connection See http://www.postfix.org/TLS_README.html ADVICEEND yasat/plugins/apache_modules.advice0000640000175000017500000000032612457227301020240 0ustar montjoiemontjoieEN,APACHE_MODULE_ERROR_CODE=Check your apache configuration Try apache2 -t ADVICEEND EN,APACHE_MODULE_DISABLE_UNNECESSARY_MODULES=Disable unnecessary modules Check if you really needs theses modules. ADVICEEND yasat/plugins/network.test0000640000175000017500000001062712457227301016511 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check network parameter" #TODO check if we have a public IP and check open ports if [ "$OS_TYPE" != "Linux" ] ;then Display --indent 2 --text "Not Linux" --result TODO --color BLUE return 1; fi TESTNAME='YASAT_TEST_NETWORK_SNIFFER NSAG=2.5.1.3 CCEID=15013-6 Ensure System is Not Acting as a Network Sniffer' if [ "$SCAN_ROOT" = '/' -a -e /proc/net/packet ] ;then if [ `cat /proc/net/packet | wc -l` -ge 2 ] ;then Display --indent 2 --text "Sniffer check" --result NOK --color ORANGE Compliance --result 'NOK' --plugin network --nsag 2.5.1.3 --cce 15013-6 else Display --indent 2 --text "Sniffer check" --result OK --color GREEN Compliance --result 'OK' --plugin network --nsag 2.5.1.3 --cce 15013-6 fi else Display --indent 2 --text "Sniffer check" --result SKIP --color BLUE Compliance --result 'NOTTESTED' --plugin network --nsag 2.5.1.3 --cce 15013-6 fi if [ ! -e "${PLUGINS_REP}/network.data" ] ;then Display --indent 2 --text "No $PLUGINS_REP/network.data" --result WARNING --color ORANGE fi for i in `grep -v ^# $PLUGINS_REP/network.data` do ldirective=`echo $i | cut -f1 -d\|` lparam=`echo $i | cut -f2 -d\|` loption=`echo $i | cut -f3 -d\|` ladvice=`echo $i | cut -f4 -d\|` lnsag=`echo $i | cut -f5 -d\|` lcce=`echo $i | cut -f6 -d\|` if [ -z "$lnsag" ];then lnsag=0 fi if [ -z "$lcce" ];then lcce=0 fi EL_PATH=`echo "/proc/sys/$ldirective" | sed 's/\./\//g'` if [ -e "$EL_PATH" ] ;then VALUE="`cat $EL_PATH`" case $loption in '=')#equal if [ $VALUE -eq $lparam ] ;then Display --indent 2 --text "$EL_PATH" --result "$VALUE" --color GREEN else Display --indent 2 --text "$EL_PATH" --result "$VALUE" --color RED --advice $ladvice fi ;; '<') if [ $VALUE -lt $lparam ] ;then Display --indent 2 --text "$EL_PATH" --result "$VALUE" --color GREEN else Display --indent 2 --text "$EL_PATH" --result "$VALUE" --color RED --advice $ladvice fi ;; *) Display --indent 2 --text "Unknown $loption" --result WARNING --color RED --advice $ladvice esac else Display --indent 2 --text "$EL_PATH " --result NOTFOUND --color ORANGE --advice $ladvice fi TESTNAME="YASAT_TEST_NETWORK_GENERIC Check if $ldirective is present in sysctl.conf" Get_sysctl $ldirective if [ -z "$RESULTAT" ] ;then Display --indent 4 --text "not in sysctl.conf" --result NOTFOUND --color ORANGE --advice $ladvice Compliance --result NOK --plugin network --nsag $lnsag --cce $lcce else VALUE=`grep "^[[:space:]]*$ldirective" /etc/sysctl.conf | sed 's/^.*=[[:space:]]*//g'` case $loption in '=')#equal if [ $VALUE -eq $lparam ] ;then Display --indent 4 --text "in sysctl.conf" --result "$VALUE" --color GREEN Compliance --result OK --plugin network --nsag $lnsag --cce $lcce else Display --indent 4 --text "in sysctl.conf" --result "$VALUE" --color RED --advice $ladvice Compliance --result NOK --plugin network --nsag $lnsag --cce $lcce fi ;; '<') if [ $VALUE -lt $lparam ] ;then Display --indent 4 --text "in sysctl.conf" --result "$VALUE" --color GREEN Compliance --result OK --plugin network --nsag $lnsag --cce $lcce else Display --indent 4 --text "in sysctl.conf" --result "$VALUE" --color RED --advice $ladvice Compliance --result NOK --plugin network --nsag $lnsag --cce $lcce fi ;; *) Display --indent 4 --text "Unknown $loption" --result WARNING --color RED --advice $ladvice esac fi done return 0; yasat/plugins/apache_conf.advice0000640000175000017500000001164712457717772017545 0ustar montjoiemontjoieEN,APACHE_CONF_TIMEOUT=configure timeout below 20s Your timeout is too high, for protection against DoS set it low. 20s is good enough.
Timeout 20
See http://httpd.apache.org/docs/2.2/mod/core.html#timeout ADVICEEND EN,APACHE_CONF_HOSTNAMELOOKUPS=Set HostNameLookup to off It's better for performance and network traffic.
HostNameLookup off
See http://httpd.apache.org/docs/2.2/mod/core.html#hostnamelookups ADVICEEND EN,APACHE_CONF_SERVERSIGNATURE=Hide apache version by setting serversignature off Hide your apache version
ServerSignature off
See http://httpd.apache.org/docs/2.2/mod/core.html#serversignature ADVICEEND EN,APACHE_CONF_SERVERTOKENS=Hide apache version by setting servertokens to prod Hide your apache version
servertokens prod
See http://httpd.apache.org/docs/2.2/mod/core.html#servertokens ADVICEEND EN,APACHE_CONF_PROXYREQUESTS=You are acting as an open-proxy, check your configuration for be sure to enable only local users See http://httpd.apache.org/docs/2.2/mod/mod_proxy.html ADVICEEND EN,APACHE_CONF_TRACEENABLE=Disable the TRACE debugging function. See http://httpd.apache.org/docs/2.0/mod/core.html#traceenable http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/ ADVICEEND EN,APACHE_CONF_LIMITREQUESTBODY=Set the limitrequestbody directive See http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestbody ADVICEEND EN,APACHE_CONF_LIMITREQUESTFIELDS=Set the LimitRequestFields directive See http://httpd.apache.org/docs/2.2/mod/core.html#LimitRequestFields ADVICEEND EN,APACHE_CONF_LIMITREQUESTFIELDSIZE=Set the LimitRequestFieldsize directive See http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfieldsize ADVICEEND EN,APACHE_CONF_LIMITREQUESTLINE=Set the limitrequestline directive See http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestline ADVICEEND EN,APACHE_ERRORDOC_CUSTOM=Use a custom ErrorDocument If possible, make and use a custom ErrorDocument branded according to your website. See http://httpd.apache.org/docs/2.2/mod/core.html#errordocument ADVICEEND EN,APACHE_CONF_KEEPALIVES=Enable keepalive
KeepAlive on
See http://httpd.apache.org/docs/2.2/mod/core.html#keepalive ADVICEEND EN,APACHE_CONF_KEEPALIVE_TIMEOUT=Decrease the value of keepalivetimeout According toe the official documentation Setting KeepAliveTimeout to a high value may cause performance problems in heavily loaded servers. The higher the timeout, the more server processes will be kept occupied waiting on connections with idle clients.
KeepAliveTimeout 5
See http://httpd.apache.org/docs/2.2/mod/core.html#keepalivetimeout ADVICEEND EN,APACHE_USER_OWNER_CONF_REP=Apache configuration files must be owned by root Apache doesn't have to own its configuration files.
chown -R root apache_conf_root
ADVICEEND EN,APACHE_USER_GROUP_CONF_REP=Apache configuration files must be group owned by root Apache reads its config files when root (before setuid to apache/www-data user)
chgrp -R root apache_conf_root
ADVICEEND EN,APACHE_USER_OTHERS_CONF_REP=Apache configuration files must not have others access Others don't need to read apache configuration files
chmod -R o-rwx apache_conf_root
ADVICEEND EN,APACHE_USER_BAD_SHELL=apache must not have a shell Set a non-shell setting to apache user like /bin/false or /bin/nologin
usermod -s /bin/false www-data
ADVICEEND EN,APACHE_USER_PASSWD_IN_CONF_REP=It's preferred to put htpasswd files in a directory group owned by apache that is not a docroot Apache reads password files after "setuiding" to apache/www-data Example: Put your htpasswd files in /var/www/.htpasswd and docroot in /var/www/servername ADVICEEND yasat/plugins/ntp.test0000750000175000017500000000613412457227301015621 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check ntp and ntpd" #I known only ntpd and openntpd FOUND_NTPD=0 ACTUAL_NTPD='' #/usr/sbin/ntpd can be ntpd or openntpd #On openBSD openntpd is ntpd: POSSIBLE_NTPD_BINARIES="/usr/sbin/ntpd openntpd ntpd: ntpd chronyd /usr/sbin/chronyd" for NTPD_TO_TEST in $POSSIBLE_NTPD_BINARIES do RESULTAT="`ps aux |grep -i $NTPD_TO_TEST |grep -v grep`" if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "$NTPD_TO_TEST" --result FOUND --color GREEN FOUND_NTPD=1 ACTUAL_NTPD="$NTPD_TO_TEST" fi done TESTNAME='YASAT_TEST_NTPD NSAG=3.10.2.2 Test if a NTP server is running' if [ $FOUND_NTPD -eq 0 ] ;then Display --indent 2 --text "NTP daemon" --result NOTFOUND --color RED --advice NTPD_NO_NTPD Compliance --result NOK --plugin ntp --nsag 3.10.2.2 else Display --indent 2 --text "NTP daemon $ACTUAL_NTPD" --result FOUND --color GREEN Compliance --result OK --plugin ntp --nsag 3.10.2.2 fi POSSIBLE_NTPD_CONF="/etc/openntpd/ntpd.conf /etc/ntpd.conf /etc/ntp.conf" NTPD_CONF='/etc/ntpd.conf' for LOCATION in ${POSSIBLE_NTPD_CONF} do if [ -e "${LOCATION}" ] then NTPD_CONF="${LOCATION}" fi done TESTNAME='YASAT_TEST_NTPD_AUTOSTART NSAG=3.10.2.2.1 CCEID=4376-0 Check if the service ntpd is enabled' Check_auto_start ntpd ntp yes 3.10.2.2.1 4376-0 if [ -e "$NTPD_CONF" ] ;then Display --indent 2 --text "$NTPD_CONF" --result FOUND --color BLUE else Display --indent 2 --text "NTPD configuration file" --result NOTFOUND --color BLUE fi TESTNAME='YASAT_TEST_TODO_NTPD_RESTRICT NSAG=3.10.2.2.2 CCEID=4134-3 Deny All Access to ntpd by Default' Compliance --result NOTIMPL --plugin NTP --nsag 3.10.2.2.2 --cce 4134-3 TESTNAME='YASAT_TEST_TODO_NTPD_REMOTE NSAG=3.10.2.2.3 CCEID=4385-1 Specify a Remote NTP Server for Time Data' Compliance --result NOTIMPL --plugin NTP --nsag 3.10.2.2.3 --cce 4385-1 TESTNAME='YASAT_TEST_TODO_NTPD_CLIENT NSAG=3.10.2.2.4 Allow Legitimate NTP Clients to Access the Server' Compliance --result NOTIMPL --plugin NTP --nsag 3.10.2.2.4 #if [ "$OS_TYPE" = 'BSD' ] #then #TODO ntpdate_enable="YES" #TODO ntpd_enable="YES" #fi #TODO restrict default ignore return 0; yasat/plugins/cyrus.test0000640000175000017500000000760112457227301016163 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ POSSIBLE_IMAPD_CONF="/etc/imapd.conf /usr/local/etc/imapd.conf" IMAPD_CONF="" POSSIBLE_CYRUS_CONF="/etc/cyrus.conf /usr/local/etc/cyrus.conf" CYRUS_CONF="" POSSIBLE_SASLAUTHD_CONF="/etc/saslauthd.conf /usr/local/etc/saslauthd.conf" SASLAUTHD_CONF="" for LOCATION in ${POSSIBLE_CYRUS_CONF} do if [ -e "${LOCATION}" ] then CYRUS_CONF="${LOCATION}" fi done for LOCATION in ${POSSIBLE_IMAPD_CONF} do if [ -e "${LOCATION}" ] then IMAPD_CONF="${LOCATION}" fi done for LOCATION in ${POSSIBLE_SASLAUTHD_CONF} do if [ -e "${LOCATION}" ] then SASLAUTHD_CONF="${LOCATION}" fi done Title "Check cyrus imapd" if [ -z "${CYRUS_CONF}" ] then Display --indent 2 --text "cyrus imapd" --result NOTFOUND --color BLUE return 1; fi if [ ! -e "$CYRUS_CONF" ] then Display --indent 2 --text "No $CYRUS_CONF" --result NOTFOUND --color BLUE return 1; fi Display --indent 2 --text "$CYRUS_CONF" --result FOUND --color GREEN if [ ! -e "$IMAPD_CONF" ] then Display --indent 2 --text "No $IMAPD_CONF" --result NOTFOUND --color BLUE return 1; fi Display --indent 2 --text "$IMAPD_CONF" --result FOUND --color GREEN #check for TLS in cyrus.conf and certificate if [ -z "`grep '[[:space:]]*imaps' $CYRUS_CONF`" ] then Display --indent 2 --text "IMAPDS" --result DISABLED --color BLUE else Display --indent 2 --text "IMAPDS" --result ENABLED --color GREEN fi #check /etc/imapd.conf 640 root:mail #hint for replication # check sasl_mech_list: # if allowplaintext: check allowplainwithouttls: no # client_timeout: # serverinfo: ? #TODO timeout: 30min by default #tls_cert_file: and other tls_ for finding certificat FindValueOfDDot $IMAPD_CONF tls_cert_file if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "TLS $RESULTAT" --result OK --color GREEN check_file $RESULTAT 4 CERT else Display --indent 2 --text "No TLS cert" --result ADVICE --color ORANGE fi FindValueOfDDot $IMAPD_CONF tls_key_file if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "TLS $RESULTAT" --result OK --color GREEN check_file $RESULTAT 4 PRIVKEY else Display --indent 2 --text "No TLS key" --result ADVICE --color ORANGE fi FindValueOfDDot $IMAPD_CONF tls_cipher_list if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "tls_cipher_list $RESULTAT" --result OK --color GREEN check_cipher_list 2 "$RESULTAT" else Display --indent 2 --text "no tls_cipher_list" --result ADVICE --color ORANGE fi if [ -z "${SASLAUTHD_CONF}" ] then return 1; fi if [ ! -e "$SASLAUTHD_CONF" ] then return 1; fi Display --indent 2 --text "$SASLAUTHD_CONF" --result FOUND --color GREEN #check rights and saslauthd under non root account SASL_USER="`ps aux |grep saslauthd | grep -v grep | cut -d\ -f1 | head -n 1`" if [ "$SASL_USER" = 'root' ] then Display --indent 2 --text "saslauth run as $SASL_USER" --result BAD --color RED else Display --indent 2 --text "saslauth run as $SASL_USER" --result GOOD --color BLUE fi return 0; yasat/plugins/packages.data0000640000175000017500000000157312457227301016530 0ustar montjoiemontjoie#installed by default on debian / ubuntu and not always necessary on server DEBIAN,cyrus-sasl2-doc DEBIAN,portmap DEBIAN,dbus DEBIAN,dbus-x11 DEBIAN,consolekit DEBIAN,dhcp3-client DEBIAN,dhcp3-common DEBIAN,ntfs-3g DEBIAN,dosfstools DEBIAN,laptop-detect DEBIAN,wireless-tools DEBIAN,wpasupplicant DEBIAN,ufw DEBIAN,libntfs-3g28 DEBIAN,libiw29 DEBIAN,landscape-common DEBIAN,pppoeconf #not on server libc6-dev gcc build-essential #Installed by default on red hat #amtu alchemist REDHAT,bluez-utils REDHAT,bluez-gnome REDHAT,bluez-libs REDHAT,alacarte REDHAT,dhcpv6-client #REDHAT,dhclient network manager need it REDHAT,emacspeak REDHAT,emacs REDHAT,emacs-common REDHAT,emacs-leim REDHAT,linuxwacom REDHAT,rsh REDHAT,samba-common REDHAT,php REDHAT,squid REDHAT,pcmciautils REDHAT,pcsc-lite REDHAT,pcsc-lite-libs REDHAT,vino REDHAT,wdaemon REDHAT,pirut REDHAT,orca REDHAT,evince REDHAT,eog yasat/plugins/postgresql.test0000640000175000017500000000356112457227301017222 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ POSSIBLE_PG_CONF_REP="/etc/postgresql/8.3/main/postgresql.conf /etc/postgresql/8.2/main/postgresql.conf /etc/postgresql/postgresql.conf /var/lib/postgresql/9.1/data /etc/postgresql-9.1/postgresql.conf" PG_CONF="/etc/postgresql/postgresql.conf" for LOCATION in ${POSSIBLE_PG_CONF_REP} do if [ -e "${LOCATION}" ] ;then PG_CONF="${LOCATION}" fi done Title "Check postgresql $PG_CONF" if [ ! -e "$PG_CONF" ] ;then return 1 fi #listen_addresses FindValueOfEqual "$PG_CONF" listen_addresses if [ -z "$RESULTAT" ] then Display --indent 2 --text "no listen_addresses (default localhost)" --result OK --color GREEN else echo $RESULTAT | grep -qi "\'*\'" if [ $? -eq 1 ] then Display --indent 2 --text "Listen on " --result "$RESULTAT" --color ORANGE else Display --indent 2 --text "Listen on *" --result WARNING --color RED fi fi return 0; yasat/plugins/process.data0000640000175000017500000001422312464137111016421 0ustar montjoiemontjoie#CANBEROOT /usr/sbin/cupsd=CANBEROOT cupsd=CANBEROOT /usr/sbin/ntpd=CANBEROOT ntpd=CANBEROOT /usr/bin/gdm=CANBEROOT /usr/sbin/ulogd=CANBEROOT ulogd=CANBEROOT /usr/sbin/munin-node=CANBEROOT /sbin/apcupsd=CANBEROOT /usr/sbin/snmpd=CANBEROOT /usr/sbin/openvpn=CANBEROOT /usr/lib/postfix/master=CANBEROOT /usr/libexec/postfix/master=CANBEROOT /usr/bin/rsync=CANBEROOT /usr/sbin/vsftpd=CANBEROOT #BSD CANBEROOT pflogd=CANBEROOT syslogd=CANBEROOT /usr/sbin/syslogd=CANBEROOT sendmail:=CANBEROOT gpm=CANBEROOT rpc.idmapd=CANBEROOT pcscd=CANBEROOT rpc.statd=CANBEROOT /usr/sbin/gdm-binary=CANBEROOT aisexec=CANBEROOT #under debian run as daemon /usr/sbin/atd=CANBEROOT /usr/sbin/monit=CANBEROOT /sbin/rsyslogd=CANBEROOT #ONLYROOT /sbin/udevd=ONLYROOT udevd=ONLYROOT /lib/udev/udevd=ONLYROOT /lib/systemd/systemd-udevd=ONLYROOT #/sbin/devd on freebsd /sbin/devd=ONLYROOT /usr/sbin/cron=ONLYROOT /usr/sbin/crond=ONLYROOT cron=ONLYROOT /usr/sbin/acpid=ONLYROOT acpid=ONLYROOT /sbin/auditd=ONLYROOT auditd=ONLYROOT /sbin/audispd=ONLYROOT audispd=ONLYROOT /usr/sbin/sshd=ONLYROOT /sbin/dhcpcd=ONLYROOT /usr/sbin/syslog-ng=ONLYROOT /sbin/syslog-ng=ONLYROOT syslog-ng=ONLYROOT /usr/sbin/xinetd=ONLYROOT /sbin/init=ONLYROOT init=ONLYROOT kthreadd=ONLYROOT ksoftirqd/0=ONLYROOT events/0=ONLYROOT khelper=ONLYROOT async/mgr=ONLYROOT khubd=ONLYROOT kpsmoused=ONLYROOT kblockd/0=ONLYROOT kacpid=ONLYROOT kacpi_notify=ONLYROOT ata/0=ONLYROOT ata_aux=ONLYROOT ksuspend_usbd=ONLYROOT cifsoplockd=ONLYROOT crypto/0=ONLYROOT usbhid_resumer=ONLYROOT kjournald=ONLYROOT kseriod=ONLYROOT kswapd0=ONLYROOT aio/0=ONLYROOT pdflush=ONLYROOT kondemand/0=ONLYROOT getty=ONLYROOT /sbin/getty=ONLYROOT sendmail=ONLYROOT /sbin/iscid=ONLYROOT /usr/libexec/getty=ONLYROOT adjkerntz=ONLYROOT crond=ONLYROOT irqbalance=ONLYROOT klogd=ONLYROOT xinetd=ONLYROOT automount=ONLYROOT libvirtd=ONLYROOT mcstransd=ONLYROOT /sbin/multipathd=ONLYROOT /usr/sbin/restorecond=ONLYROOT /usr/sbin/smartd=ONLYROOT rhnsd=ONLYROOT /sbin/dlm_controld=ONLYROOT /sbin/ccsd=ONLYROOT /sbin/fenced=ONLYROOT /sbin/gfs_controld=ONLYROOT /sbin/groupd=ONLYROOT /usr/bin/kvm=ONLYROOT brcm_iscsiuio=ONLYROOT /usr/sbin/rsyslogd=ONLYROOT mdadm=ONLYROOT minicron:=ONLYROOT /usr/sbin/anacron=ONLYROOT /usr/sbin/inetd=ONLYROOT /usr/sbin/irqbalance=ONLYROOT /usr/sbin/rpc.idmapd=ONLYROOT /usr/sbin/rpc.mountd=ONLYROOT /usr/sbin/rpc.rquotad=ONLYROOT /usr/sbin/smbd=ONLYROOT /usr/sbin/nmbd=ONLYROOT /usr/lib/virtualbox/VBoxHeadless=ONLYROOT /usr/lib/virtualbox/VBoxHeadless=ONLYROOT /usr/lib/virtualbox/VBoxSVC=ONLYROOT /usr/lib/virtualbox/VBoxXPCOMIPCD=ONLYROOT /usr/lib/virtualbox/vboxwebsrv=ONLYROOT /lib/systemd/systemd-logind=ONLYROOT /lib/systemd/systemd-stdout-syslog-bridge=ONLYROOT dovecot/config=ONLYROOT dovecot/log=ONLYROOT dovecot/ssl-params=ONLYROOT /sbin/lvmetad=ONLYROOT /usr/sbin/dovecot=ONLYROOT #TODO check if mcelog can run as user /usr/sbin/mcelog=ONLYROOT #NOTBEROOT /usr/lib/mozilla-thunderbird/thunderbird-bin=NOTBEROOT /usr/bin/dbus-daemon=NOTBEROOT /usr/bin/metacity=NOTBEROOT nautilus=NOTBEROOT /usr/sbin/clamd=NOTBEROOT /usr/bin/freshclam=NOTBEROOT gnome-session=NOTBEROOT gnome-pty-helper=NOTBEROOT ssh-agent=NOTBEROOT pidgin=NOTBEROOT /usr/libexec/cpufreq-applet=NOTBEROOT cpufreq-applet=NOTBEROOT /usr/libexec/sensors-applet=NOTBEROOT /usr/libexec/multiload-applet-2=NOTBEROOT /usr/libexec/mixer_applet2=NOTBEROOT /usr/bin/dbus-launch=NOTBEROOT /usr/libexec/gconfd-2=NOTBEROOT /usr/libexec/gvfsd=NOTBEROOT gvfsd=NOTBEROOT /usr/libexec/gvfsd-metadata=NOTBEROOT /usr/libexec/gvfsd-computer=NOTBEROOT gvfsd-computer=NOTBEROOT /usr/libexec/gvfsd-trash=NOTBEROOT gvfsd-trash=NOTBEROOT /usr/libexec/gvfsd-http=NOTBEROOT gvfsd-http=NOTBEROOT xscreensaver=NOTBEROOT xchat=NOTBEROOT /usr/bin/gpg-agent=NOTBEROOT /usr/libexec/bonobo-activation-server=NOTBEROOT /usr/local/bin/clusterm=NOTBEROOT /usr/sbin/console-kit-daemon=NOTBEROOT /usr/bin/gnome-keyring-daemon=NOTBEROOT amarokapp=NOTBEROOT kdeinit=NOTBEROOT amule=NOTBEROOT dbus-daemon=NOTBEROOT /usr/bin/mysql=NOTBEROOT /usr/sbin/mysqld=NOTBEROOT /usr/bin/java=NOTBEROOT java=NOTBEROOT firefox=NOTBEROOT opera=NOTBEROOT /usr/lib/openldap/slapd=NOTBEROOT /usr/sbin/nagios=NOTBEROOT pickup=NOTBEROOT tlsmgr=NOTBEROOT qmgr=NOTBEROOT flush=NOTBEROOT amavisd=NOTBEROOT /usr/bin/nagircbot=NOTBEROOT /usr/bin/snmpget=NOTBEROOT /usr/sbin/saslauthd=NOTBEROOT /usr/lib/cyrus/master=NOTBEROOT /bin/ping=NOTBEROOT /usr/lib/nagios/plugins/check_ping=NOTBEROOT /sbin/portmap=NOTBEROOT portmap=NOTBEROOT /sbin/rpc.statd=NOTBEROOT postgres:=NOTBEROOT /usr/lib/postgresql/8.3/bin/postgres=NOTBEROOT /usr/sbin/exim4=NOTBEROOT /usr/bin/distccd=NOTBEROOT /usr/lib/java/bin/java=NOTBEROOT /usr/sbin/bopm=NOTBEROOT imapd=NOTBEROOT /usr/sbin/named=NOTBEROOT anvil=NOTBEROOT clusterm=NOTBEROOT eggdrop=NOTBEROOT aumix=NOTBEROOT bonobo-activati=NOTBEROOT hald=NOTBEROOT hald-addon-acpi:=NOTBEROOT hald-addon-keyboard:=NOTBEROOT avahi-daemon:=NOTBEROOT /bin/dbus-daemon=NOTBEROOT bt-applet=NOTBEROOT eggcups=NOTBEROOT ./escd=NOTBEROOT metacity=NOTBEROOT nm-applet=NOTBEROOT pam-panel-icon=NOTBEROOT /usr/bin/gnome-session=NOTBEROOT /usr/libexec/clock-applet=NOTBEROOT /usr/libexec/gam_server=NOTBEROOT /usr/libexec/gnome-settings-daemon=NOTBEROOT /usr/libexec/gnome-vfs-daemon=NOTBEROOT /usr/libexec/mapping-daemon=NOTBEROOT /usr/libexec/notification-area-applet=NOTBEROOT /usr/libexec/notification-daemon=NOTBEROOT /usr/libexec/trashapplet=NOTBEROOT /usr/libexec/wnck-applet=NOTBEROOT xfs=NOTBEROOT /usr/libexec/gdmgreeter=NOTBEROOT /usr/bin/postmaster=NOTBEROOT dovecot/anvil=NOTBEROOT dovecot/auth=NOTBEROOT dovecot/imap=NOTBEROOT dovecot/imap-login=NOTBEROOT /usr/xymon/client/bin/xymonlaunch=NOTBEROOT /usr/sbin/opendkim=NOTBEROOT #to test, globally a process begining with dont have to be root but there are counter exemple (puppet) ruby=NOTBEROOT wish=NOTBEROOT /usr/bin/ruby18=NOTBEROOT /usr/bin/ruby1.8=NOTBEROOT /usr/bin/perl=NOTBEROOT /usr/bin/python=NOTBEROOT /usr/bin/ssh-agent=NOTBEROOT #NOTHINGTOSAY /bin/bash=NOTHINGTOSAY /usr/sbin/apache2=NOTHINGTOSAY apache2=NOTHINGTOSAY sshd:=NOTHINGTOSAY sshd=NOTHINGTOSAY bash=NOTHINGTOSAY ksh=NOTHINGTOSAY ps=NOTHINGTOSAY SCREEN=NOTHINGTOSAY #httd need to be root for forking non root httpd /usr/sbin/httpd=NOTHINGTOSAY #BADPROCESS TODO ssh-scan=BADPROCESS yasat/plugins/firewall.advice0000640000175000017500000000237212457227301017077 0ustar montjoiemontjoieEN,FIREWALL_POLICY_INPUT=Configure your firewall with a drop by default policy See http://www.netfilter.org/ for tutorials and howto ADVICEEND EN,FIREWALL_POLICY_OUTPUT=Configure your firewall with a drop by default policy See http://www.netfilter.org/ for tutorials and howto ADVICEEND EN,FIREWALL_POLICY_FORWARD=Unless this machine is a router, DROP forwarding See http://www.netfilter.org/ for tutorials and howto ADVICEEND EN,FIREWALL_TEST_ERROR=Arggg I cannot test your firewall Perhaps it's a bug or perhaps you have some security that prevent me to check your firewall. ADVICEEND EN,FIREWALL_IPV6_NO_FW=Install ip6tables and configure a firewall IPv6 is enabled on this machine, and you don't have a firewall for it. ADVICEEND EN,FIREWALL_PF_NOT_ENABLED=Enable PF firewall Enable the firewall. See http://www.freebsd.org/doc/en/books/handbook/firewalls-pf.html ADVICEEND EN,FIREWALL_PF_NO_RULES=TODO See http://www.freebsd.org/doc/en/books/handbook/firewalls-pf.html ADVICEEND yasat/plugins/storage.advice0000640000175000017500000000052512457227301016734 0ustar montjoiemontjoieEN,TODO=To be done To be done ADVICEEND EN,HDD_SMARTCTL=Monitor your hdd with S.M.A.R.T. Install smartmontools See http://smartmontools.sourceforge.net ADVICEEND EN,HDD_READ_AHEAD_HIGH=Check the value of read_ahead A too high value of read_ahead can decrease performance. ADVICEEND yasat/plugins/repo.test0000750000175000017500000001132012457227301015756 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check package repository" #gentoo if [ "$LINUX_VERSION" = 'Gentoo' ];then #TODO check last sync #TODO webrsync #TODO gpg check return 0; fi #TODO do an option (like --parano?) for alerting of non-official repo ALL_REPO_HAVE_GPG=0 TESTNAME='YASAT_TEST_REPO_GPGCHECK1 CCEID=14914-6 NSAG=2.1.2.3.3 Check if the package manager check gpg signatures' YUMCONF="$SCAN_ROOT/etc/yum.conf" if [ -e "$YUMCONF" ] ; then FindValueOfEqual "$YUMCONF" gpgcheck JUSTTEST if [ $RESULTAT = '1' ] ; then Display --indent 2 --text "gpgcheck" --result ENABLED --color GREEN Compliance --plugin "repo" --result 'OK' --type 'CCE' --cid '14914-6' --type 'NSAG' --cid '2.1.2.3.3' ALL_REPO_HAVE_GPG=1 else Display --indent 2 --text "gpgcheck" --result DISABLED --color RED Compliance --plugin "repo" --result 'NOK' --type 'CCE' --cid '14914-6' --type 'NSAG' --cid '2.1.2.3.3' add_correction "sed -i 's/gpgcheck=0/gpgcheck=1/' $YUMCONF" fi fi YUM_REPOD="$SCAN_ROOT/etc/yum.repos.d" if [ -e "$YUM_REPOD" ] ; then Display --indent 2 --text "yum repo" --result FOUND --color BLUE ls ${YUM_REPOD}/*.repo | while read repo do REPOFILE=`basename $repo` Display --indent 4 --text "$REPOFILE" --result FOUND --color BLUE while read line do if [ ! -z "`echo $line |grep '^gpgcheck='`" ] ; then REPO_GPG=`echo $line | cut -d\= -f2` fi if [ ! -z "`echo $line |grep '^enabled='`" ] ; then REPO_ENABLED=`echo $line | cut -d\= -f2` fi if [ ! -z "`echo $line |grep '^\['`" ] ; then if [ ! -z "$REPONAME" ] ; then if [ $REPO_GPG -eq 0 ] ; then TESTNAME='YASAT_TEST_REPO_GPGCHECK2 CCEID=14813-0 NSAG=2.1.2.3.4 Check if all repo have gpg signatures enabled' Display --indent 8 --text "gpgcheck" --result DISABLED --color RED ALL_REPO_HAVE_GPG=0 fi if [ $REPO_ENABLED -eq 0 ] ; then Display --indent 8 --text "status" --result DISABLED --color BLUE fi fi REPONAME="`echo $line | cut -d\[ -f2 | cut -d\] -f1`" Display --indent 6 --text "$REPONAME" --result FOUND --color BLUE REPO_GPG=0 REPO_ENABLED=1 fi done < $repo if [ ! -z "$REPONAME" ] ; then if [ $REPO_GPG -eq 0 ] ; then Display --indent 8 --text "gpgcheck" --result DISABLED --color RED fi if [ $REPO_ENABLED -eq 0 ] ; then Display --indent 8 --text "status" --result DISABLED --color BLUE fi fi done if [ $ALL_REPO_HAVE_GPG -eq 1 ] ;then Compliance --plugin "repo" --result 'OK' --type 'CCE' --cid '14813-0' Compliance --plugin "repo" --result 'OK' --type 'NSAG' --cid '2.1.2.3.4' else Compliance --plugin "repo" --result 'NOK' --type 'CCE' --cid '14813-0' Compliance --plugin "repo" --result 'NOK' --type 'NSAG' --cid '2.1.2.3.4' fi fi #TODO check gpgkey= #/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #rpm -qa gpg-pubkey* #rpm -qa gpg-pubkey* | xargs rpm -qi |grep Summary #rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey #gpg(CentOS-5 Key (CentOS 5 Official Signing Key) ) #gpg(CFEngine AS (CFEngine Community package repository) ) TESTNAME='Ensure Red Hat GPG Key is Installed' Compliance --result 'NOTIMPL' --plugin 'repo' --nsag '2.1.2.1.1' --cce '14440-2' #APT APT_SOURCELISTD="$SCAN_ROOT/etc/apt/sources.list.d" if [ -e "$SCAN_ROOT/etc/apt/" ] ; then Display --indent 2 --text "APT repo" --result FOUND --color BLUE TMP_SRCLIST="$TEMPYASATDIR/src.list" cat "$SCAN_ROOT/etc/apt/sources.list" > $TMP_SRCLIST cat $APT_SOURCELISTD/*.list >> $TMP_SRCLIST 2> /dev/null if [ -z "`grep '^deb http://security.debian.org/' $TMP_SRCLIST`" ] ; then Display --indent 4 --text "security mirror" --result DISABLED --color RED else Display --indent 4 --text "security mirror" --result ENABLED --color GREEN fi fi #BSD return 0; yasat/plugins/classique.advice0000640000175000017500000000247512457227301017267 0ustar montjoiemontjoieEN,UMASK_NOT027=Set umask to 027 With a 027 umask, new files/directory would not be viewable by other people. ADVICEEND EN,UMASK_NOT077=Set umask to 077 With a 077 umask, new files/directory would not be viewable by other people. ADVICEEND EN,NO_FORK_BOMB_PREVENTION=Set a hard ulimit See man limits.conf for setting a hard nproc limit This is important in shared environment (Universities, shared hosting, etc.) ADVICEEND EN,FILES_WITHOUT_OWNER=Correct the permissions for these files The list of these files can be found in files_without_owner in the YASAT temp directory. ADVICEEND EN,FILES_WITHOUT_GROUP=Correct the group permissions for these files EN,LIMITS_NO_CORE_RESTRICTION=Prevent the creation of core files If you don't want to debug a process crash, disable core files. See http://en.wikipedia.org/wiki/Core_dump for definition of a corefile. ADVICEEND EN,LD_SO_CONF_UNK_LIB=Check if this libray location is normal EN,SUID_COREDUMPABLE=Disable coredump for suid binaries You can disable coredump for suid binaries with sysctl fs.suid_dumpable=0 ADVICEEND EN,PASSWORD_MIN_LENGTH=Set minimal password length to at least 8 or more This can be configured in /etc/login.defs ADVICEEND EN,PATH_UNKNOWN=Check if this value is supposed to be in your PATH ADVICEEND yasat/plugins/system_rights.test0000640000175000017500000002045712457227301017726 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ CONF_FILE="system_rights.data" if [ "${OS_TYPE}" = 'BSD' ] then CONF_FILE="system_rights_bsd.data" fi Title "Check system rights $LINUX_VERSION" if [ -f $PLUGINS_REP/$CONF_FILE ] ;then for i in `grep -v '^#' $PLUGINS_REP/$CONF_FILE |grep -v "!$OS_NICKNAME" | grep -v "!$LINUX_VERSION" | sed 's/#.*//g'` do # echo "TEST ==== $i" lepath="`echo $i | cut -f1 -d\|`" if [ "$SCAN_ROOT" != '/' ] ; then lepath="$SCAN_ROOT/`echo $i | cut -f1 -d\|`" fi lesdroits=`echo $i | cut -f2 -d\|` luser=`echo $i | cut -f3 -d\|` lgroup=`echo $i | cut -f4 -d\|` loption=`echo $i | cut -f5 -d\|` ldistrib=`echo $i | cut -f6 -d\|` loption2=`echo $i | cut -f7 -d\|` nsag_id_o=`echo $i | cut -f8 -d\|` cceid_o=`echo $i | cut -f9 -d\|` nsag_id_g=`echo $i | cut -f10 -d\|` cceid_g=`echo $i | cut -f11 -d\|` nsag_id_r=`echo $i | cut -f12 -d\|` cceid_r=`echo $i | cut -f13 -d\|` if [ -z "$cceid_o" ] ;then cceid_o=0;fi if [ -z "$nsag_id_o" ] ;then nsag_id_o=0;fi if [ -z "$cceid_g" ] ;then cceid_g=0;fi if [ -z "$nsag_id_g" ] ;then nsag_id_g=0;fi if [ -z "$cceid_r" ] ;then cceid_r=0;fi if [ -z "$nsag_id_r" ] ;then nsag_id_r=0;fi ALLGOOD=1 if [ "$OS_TYPE" = "BSD" ] ;then if [ $lgroup = 'root' ] ;then lgroup='wheel'; fi fi if [ "${ldistrib}x" != "x" ] ;then if [ "$ldistrib" != "$LINUX_VERSION" -a "$ldistrib" != "$OS_NICKNAME" ] ;then continue fi fi if [ "$loption" = "N" ] ;then if [ ! -e "$lepath" ] ; then Display --indent 2 --text "Error $lepath do not exists" --result ERROR --color RED fi fi if [ ! -e "$lepath" ];then lepath="/usr/local/$lepath" fi if [ -e "$lepath" ] ;then #echo -n "check $lepath => $lesdroits $luser $lgroup $loption" case $loption in R) TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is chmod $lesdroits" Display --indent 2 --text "Checking $lepath" --result INFO --color BLUE #check for files with other rights TMP_RESULT="${TEMPYASATDIR}/system_right.tmp" check_directory_others $lepath $TMP_RESULT 4 GLOBAL_FILE_OTHER_READABLE RIGHT="`stat $STAT_RIGHT $lepath`" if [ $RIGHT != "$lesdroits" ] ;then Display --indent 4 --text "Right of $lepath: $RIGHT" --result BAD --color RED Compliance --result 'NOK' --plugin "system_rights_r_$lepath" --nsag $nsag_id_r --cce $cceid_r else Display --indent 4 --text "Right of $lepath: $RIGHT" --result OK --color GREEN Compliance --result 'OK' --plugin "system_rights_r_$lepath" --nsag $nsag_id_r --cce $cceid_r fi #TODO tests if [ "$loption2" != "gw" ] ;then RESULTAT="`find $lepath ! -type l -perm $PERM_GW`" if [ ! -z "$RESULTAT" ] ;then Display --indent 2 --text "Group writable files in $lepath" --result WARNING --color RED find $lepath ! -type l -perm $PERM_GW | while read line do Display --indent 4 --text "$line" --result "`stat $STAT_RIGHT $line`" --color RED done fi fi # find $lepath -type f -perm $PERM_GX -ls; #check the owner of the files TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is owned by $luser" RESULTATUSER="`find $lepath ! -user $luser -ls`" if [ ! -z "$RESULTATUSER" ] ;then Display --indent 2 --text "Bad owner $lepath (must be $luser)" --result WARNING --color RED Compliance --result 'NOK' --plugin "system_rights_own_$lepath" --nsag $nsag_id_o --cce $cceid_o find $lepath ! -user $luser | while read line do Display --indent 4 --text "$line" --result "`stat $STAT_USER $line`" --color RED done ALLGOOD=0 else Display --indent 4 --text "$lepath owner `stat $STAT_USER $lepath`" --result GOOD --color GREEN Compliance --result 'OK' --plugin "system_rights_own_$lepath" --nsag $nsag_id_o --cce $cceid_o fi TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is owned by group $lgroup" RESULTATGROUPE="`find $lepath ! -group $lgroup`" if [ ! -z "$RESULTATGROUPE" ] ;then Display --indent 2 --text "Bad group $lepath (must be $lgroup)" --result WARNING --color RED Compliance --result 'NOK' --plugin "system_rights_grp_$lepath" --nsag $nsag_id_g --cce $cceid_g find $lepath ! -group $lgroup | while read line do Display --indent 4 --text "$line" --result "`stat $STAT_GROUP $line`" --color RED done ALLGOOD=0 else Display --indent 4 --text "$lepath group `stat $STAT_GROUP $lepath`" --result GOOD --color GREEN Compliance --result 'OK' --plugin "system_rights_grp_$lepath" --nsag $nsag_id_g --cce $cceid_g fi # echo "" ;; *) TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is chmod $lesdroits" ACTUAL_RIGHT="`stat $STAT_RIGHT $lepath`" if [ "${ACTUAL_RIGHT}" != $lesdroits -o `stat $STAT_GROUP $lepath` != $lgroup -o `stat $STAT_USER $lepath` != $luser ] ;then #check for stricter right than we want (example we want 640 but local have 600) if [ $lesdroits = 640 -a "${ACTUAL_RIGHT}" = 600 ] ; then Display --indent 2 --text "$lepath $lesdroits $luser $lgroup is more strict than i want" --result OK --color GREEN TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is owned by $luser" Compliance --result 'OK' --plugin "system_rights_own_$lepath" --nsag $nsag_id_o --cce $cceid_o TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is owned by group $lgroup" Compliance --result 'OK' --plugin "system_rights_grp_$lepath" --nsag $nsag_id_g --cce $cceid_g TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is chmod $lesdroits" Compliance --result 'OK' --plugin "system_rights_rig_$lepath" --nsag $nsag_id_r --cce $cceid_r else Display --indent 2 --text "$lepath is not $lesdroits $luser $lgroup " --result WARNING --color RED ALLGOOD=0 TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is owned by $luser" Compliance --result 'NOK' --plugin "system_rights_own_$lepath" --nsag $nsag_id_o --cce $cceid_o TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is owned by group $lgroup" Compliance --result 'NOK' --plugin "system_rights_grp_$lepath" --nsag $nsag_id_g --cce $cceid_g TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is chmod $lesdroits" Compliance --result 'NOK' --plugin "system_rights_rig_$lepath" --nsag $nsag_id_r --cce $cceid_r fi else Display --indent 2 --text "$lepath => $lesdroits $luser $lgroup " --result OK --color GREEN TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is owned by $luser" Compliance --result 'OK' --plugin "system_rights_own_$lepath" --nsag $nsag_id_o --cce $cceid_o TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is owned by group $lgroup" Compliance --result 'OK' --plugin "system_rights_grp_$lepath" --nsag $nsag_id_g --cce $cceid_g TESTNAME="YASAT_TEST_SYSTEMRIGHT_GENERIC Check if $lepath is chmod $lesdroits" Compliance --result 'OK' --plugin "system_rights_rig_$lepath" --nsag $nsag_id_r --cce $cceid_r fi esac fi if [ ! -z "$nsag_id" ] ; then TESTNAME='YASAT_TEST_SYSTEMRIGHT_GENERIC TODO' if [ $ALLGOOD -eq 1 ] ; then Compliance --result 'OK' --plugin 'system_rights_$lepath' --nsag $nsag_id else Compliance --result 'NOK' --plugin 'system_rights_$lepath' --nsag $nsag_id fi fi done fi #/etc/security/console.perms.d/50-default.perms TOTHINK #if [ "$LINUX_VERSION" = 'Red Hat' ] #then # #fi yasat/plugins/apache_vhosts.data0000640000175000017500000050462212457227301017604 0ustar montjoiemontjoie# name of location | nothing = warning , O = just advice , R = just report| ID of ADVICE /nagios|R|APACHE_VHOSTS_KNOWN_NAME /awstats|R|APACHE_VHOSTS_KNOWN_NAME /server-info|R|APACHE_VHOSTS_KNOWN_NAME /server-status|R|APACHE_VHOSTS_KNOWN_NAME /ldap-status|R|APACHE_VHOSTS_KNOWN_NAME /phpmyadmin|R|APACHE_VHOSTS_KNOWN_NAME /ldapmyadmin|R|APACHE_VHOSTS_KNOWN_NAME /%00|R|APACHE_VHOSTS_KNOWN_NAME /~1/|R|APACHE_VHOSTS_KNOWN_NAME /1/|R|APACHE_VHOSTS_KNOWN_NAME /10/|R|APACHE_VHOSTS_KNOWN_NAME /2/|R|APACHE_VHOSTS_KNOWN_NAME /2532Gigs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /..%2f..%2f..%2f..%2fboot.ini|R|APACHE_VHOSTS_KNOWN_NAME /2phpmyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /3/|R|APACHE_VHOSTS_KNOWN_NAME /%3f.jsp|R|APACHE_VHOSTS_KNOWN_NAME /4/|R|APACHE_VHOSTS_KNOWN_NAME /5/|R|APACHE_VHOSTS_KNOWN_NAME /6/|R|APACHE_VHOSTS_KNOWN_NAME /68k/themes/admin/default/modules/show.php|R|APACHE_VHOSTS_KNOWN_NAME /7/|R|APACHE_VHOSTS_KNOWN_NAME /8/|R|APACHE_VHOSTS_KNOWN_NAME /%80../%80../%80../%80../%80../%80../%80../%80../boot.ini|R|APACHE_VHOSTS_KNOWN_NAME /9/|R|APACHE_VHOSTS_KNOWN_NAME /a/|R|APACHE_VHOSTS_KNOWN_NAME /about/|R|APACHE_VHOSTS_KNOWN_NAME /about.html|R|APACHE_VHOSTS_KNOWN_NAME /about.php|R|APACHE_VHOSTS_KNOWN_NAME /about-show.do|R|APACHE_VHOSTS_KNOWN_NAME /abtpportal/includes/esqueletos/skel_null.php|R|APACHE_VHOSTS_KNOWN_NAME /acceso/|R|APACHE_VHOSTS_KNOWN_NAME /access/|R|APACHE_VHOSTS_KNOWN_NAME /accesswatch/|R|APACHE_VHOSTS_KNOWN_NAME /acciones/|R|APACHE_VHOSTS_KNOWN_NAME /account/|R|APACHE_VHOSTS_KNOWN_NAME /account/index.php|R|APACHE_VHOSTS_KNOWN_NAME /accounting/|R|APACHE_VHOSTS_KNOWN_NAME /acid/|R|APACHE_VHOSTS_KNOWN_NAME /acidcat/main_login.asp|R|APACHE_VHOSTS_KNOWN_NAME /Acidcat/main_login.asp|R|APACHE_VHOSTS_KNOWN_NAME /activex/|R|APACHE_VHOSTS_KNOWN_NAME /acute-cp/|R|APACHE_VHOSTS_KNOWN_NAME /adaptbb/index.php|R|APACHE_VHOSTS_KNOWN_NAME /adaptcms/inc/smarty/libs/init.php|R|APACHE_VHOSTS_KNOWN_NAME /adaptcms/sitemap.xml|R|APACHE_VHOSTS_KNOWN_NAME /addrbook/index.php|R|APACHE_VHOSTS_KNOWN_NAME /addressbook/index.php|R|APACHE_VHOSTS_KNOWN_NAME /address/index.php|R|APACHE_VHOSTS_KNOWN_NAME /add_url.htm|R|APACHE_VHOSTS_KNOWN_NAME /adframe.php|R|APACHE_VHOSTS_KNOWN_NAME /adm/|R|APACHE_VHOSTS_KNOWN_NAME /admcgi/|R|APACHE_VHOSTS_KNOWN_NAME /admentor/|R|APACHE_VHOSTS_KNOWN_NAME /admidio/adm_program/index.php|R|APACHE_VHOSTS_KNOWN_NAME /admin|R|APACHE_VHOSTS_KNOWN_NAME /~admin/|R|APACHE_VHOSTS_KNOWN_NAME /admin_/|R|APACHE_VHOSTS_KNOWN_NAME /admin/|R|APACHE_VHOSTS_KNOWN_NAME /admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/aindex.htm|R|APACHE_VHOSTS_KNOWN_NAME /admin.back/|R|APACHE_VHOSTS_KNOWN_NAME /admin-bak/|R|APACHE_VHOSTS_KNOWN_NAME /admin/config.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/db/main.php|R|APACHE_VHOSTS_KNOWN_NAME /Admin_files/|R|APACHE_VHOSTS_KNOWN_NAME /adming/|R|APACHE_VHOSTS_KNOWN_NAME /admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /administration/|R|APACHE_VHOSTS_KNOWN_NAME /Administration/|R|APACHE_VHOSTS_KNOWN_NAME /administrator/|R|APACHE_VHOSTS_KNOWN_NAME /administrator/admin/|R|APACHE_VHOSTS_KNOWN_NAME /administrator/admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/db/|R|APACHE_VHOSTS_KNOWN_NAME /administrator/dbadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/db/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/mysql-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/mysqladmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/mysql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/mysqlmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpmyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin/|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.2.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.2.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.5.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.5.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.5.5/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.5.5-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.5.5-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.5.5-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.5.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.5.6-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.5.6-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.5.7/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.5.7-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.0-alpha2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.0-alpha/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.0-beta2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.0-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.0-rc3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.1-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.1-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.1-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.1-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.2-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.2-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.2-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.3-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.3-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.4-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.4-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.4-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.4-pl4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.6.4-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.7.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.7.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.7.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.7.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.7.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.8.0.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.8.0.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.8.0.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.8.0.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.8.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.8.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.8.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.8.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.8.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.8.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2.8.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpmyadmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin-2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/php-my-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/php-myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpmy-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpmyadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/phpMyAdmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/pma/|R|APACHE_VHOSTS_KNOWN_NAME /administrator/PMA/|R|APACHE_VHOSTS_KNOWN_NAME /administrator/pma2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/pMA2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/pma2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/pMA2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/p/m/a/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/pMA/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/sqlmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/sqlweb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/web/|R|APACHE_VHOSTS_KNOWN_NAME /administrator/webadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/webdb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/web/main.php|R|APACHE_VHOSTS_KNOWN_NAME /administrator/websql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/login.html|R|APACHE_VHOSTS_KNOWN_NAME /admin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/lost-pass.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/myadmin/|R|APACHE_VHOSTS_KNOWN_NAME /admin/myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/mysql-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/mysqladmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/mysql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/mysqlmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin-old/|R|APACHE_VHOSTS_KNOWN_NAME /admin.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpmyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.2.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.2.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.5.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.5.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.5.5/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.5.5-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.5.5-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.5.5-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.5.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.5.6-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.5.6-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.5.7/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.5.7-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.0-alpha2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.0-alpha/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.0-beta2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.0-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.0-rc3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.1-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.1-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.1-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.1-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.2-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.2-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.2-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.3-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.3-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.4-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.4-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.4-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.4-pl4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.6.4-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.7.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.7.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.7.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.7.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.7.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.8.0.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.8.0.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.8.0.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.8.0.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.8.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.8.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.8.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.8.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.8.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.8.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2.8.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpmyadmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin-2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/php-my-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/php-myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpmy-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpmyadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpMyAdmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/phpmyadmin/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/pma2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/PMA2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/pma2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/PMA2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/p/m/a/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/pMA/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/pma/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/setup.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/sqladmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/sqlmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/sqlweb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/sysadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/updatelist.php|R|APACHE_VHOSTS_KNOWN_NAME /adminuser/|R|APACHE_VHOSTS_KNOWN_NAME /adminweb/|R|APACHE_VHOSTS_KNOWN_NAME /AdminWeb/|R|APACHE_VHOSTS_KNOWN_NAME /admin/webadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/webdb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/web/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admin/websql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /admisapi/|R|APACHE_VHOSTS_KNOWN_NAME /adpeeps/index.php|R|APACHE_VHOSTS_KNOWN_NAME /AdvWebAdmin/|R|APACHE_VHOSTS_KNOWN_NAME /af.cgi|R|APACHE_VHOSTS_KNOWN_NAME /aflog/Readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /ag/ang/index.php|R|APACHE_VHOSTS_KNOWN_NAME /agc/vicidial.php|R|APACHE_VHOSTS_KNOWN_NAME /agenda.php3|R|APACHE_VHOSTS_KNOWN_NAME /Agent/|R|APACHE_VHOSTS_KNOWN_NAME /agentes/|R|APACHE_VHOSTS_KNOWN_NAME /Agents/|R|APACHE_VHOSTS_KNOWN_NAME /ag/index.php|R|APACHE_VHOSTS_KNOWN_NAME /aihs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /aiocp/public/code/cp_dpage.php|R|APACHE_VHOSTS_KNOWN_NAME /AIOCP/public/code/cp_dpage.php|R|APACHE_VHOSTS_KNOWN_NAME /ajaxp_backend.php|R|APACHE_VHOSTS_KNOWN_NAME /ajaxportal/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ajaxportal/install/index.php|R|APACHE_VHOSTS_KNOWN_NAME /a.jsp/|R|APACHE_VHOSTS_KNOWN_NAME /Album/|R|APACHE_VHOSTS_KNOWN_NAME /AlbumArt_/|R|APACHE_VHOSTS_KNOWN_NAME /album/index.php|R|APACHE_VHOSTS_KNOWN_NAME /alerts.php|R|APACHE_VHOSTS_KNOWN_NAME /alienform.cgi|R|APACHE_VHOSTS_KNOWN_NAME /amazon/search.php|R|APACHE_VHOSTS_KNOWN_NAME /am/index.php|R|APACHE_VHOSTS_KNOWN_NAME /AM/index.php|R|APACHE_VHOSTS_KNOWN_NAME /analog/|R|APACHE_VHOSTS_KNOWN_NAME /ang/ang/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ang/index.php|R|APACHE_VHOSTS_KNOWN_NAME /anguestbook/ang/index.php|R|APACHE_VHOSTS_KNOWN_NAME /anguestbook/index.php|R|APACHE_VHOSTS_KNOWN_NAME /~anna_foo_fighter|R|APACHE_VHOSTS_KNOWN_NAME /ans/ans.pl|R|APACHE_VHOSTS_KNOWN_NAME /ans.pl|R|APACHE_VHOSTS_KNOWN_NAME /anthill/|R|APACHE_VHOSTS_KNOWN_NAME /ant/Lisez%20moi.txt|R|APACHE_VHOSTS_KNOWN_NAME /Ant/Lisez%20moi.txt|R|APACHE_VHOSTS_KNOWN_NAME /ANT/Lisez%20moi.txt|R|APACHE_VHOSTS_KNOWN_NAME /ant/news/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Ant/news/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ANT/news/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ant/Readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /Ant/Readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /ANT/Readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /apache/|R|APACHE_VHOSTS_KNOWN_NAME /apage/lcgi-bin|R|APACHE_VHOSTS_KNOWN_NAME /apexec.pl|R|APACHE_VHOSTS_KNOWN_NAME /apoll/admin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /apoll/admin/lost-pass.php|R|APACHE_VHOSTS_KNOWN_NAME /app/|R|APACHE_VHOSTS_KNOWN_NAME /applets/|R|APACHE_VHOSTS_KNOWN_NAME /application/|R|APACHE_VHOSTS_KNOWN_NAME /applications/|R|APACHE_VHOSTS_KNOWN_NAME /apps/|R|APACHE_VHOSTS_KNOWN_NAME /app/webeditor/login.cgi|R|APACHE_VHOSTS_KNOWN_NAME /aproxengine/engine/inc/version.info|R|APACHE_VHOSTS_KNOWN_NAME /ar/|R|APACHE_VHOSTS_KNOWN_NAME /archive/|R|APACHE_VHOSTS_KNOWN_NAME /archives/|R|APACHE_VHOSTS_KNOWN_NAME /artmedic_links5/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ascils/phpmyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /ask/forum_answer.php|R|APACHE_VHOSTS_KNOWN_NAME /asp/|R|APACHE_VHOSTS_KNOWN_NAME /aspx/|R|APACHE_VHOSTS_KNOWN_NAME /assets/plugins/mp3_id/mp3_id.php|R|APACHE_VHOSTS_KNOWN_NAME /astrospaces/index.php|R|APACHE_VHOSTS_KNOWN_NAME /atc/|R|APACHE_VHOSTS_KNOWN_NAME /athenareg.php|R|APACHE_VHOSTS_KNOWN_NAME /atmail/index.php|R|APACHE_VHOSTS_KNOWN_NAME /audistat/index.php|R|APACHE_VHOSTS_KNOWN_NAME /auth/|R|APACHE_VHOSTS_KNOWN_NAME /authadmin/|R|APACHE_VHOSTS_KNOWN_NAME /authentication_index.php|R|APACHE_VHOSTS_KNOWN_NAME /avarcade/index.php|R|APACHE_VHOSTS_KNOWN_NAME /avarcade/upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /aw/|R|APACHE_VHOSTS_KNOWN_NAME /awcm/includes/window_top.php|R|APACHE_VHOSTS_KNOWN_NAME /awstats/awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /AWStats/awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /awstats-cgi/awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /awstats/cgi-bin/awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /awstats/wwwroot/cgi-bin/awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /ayuda/|R|APACHE_VHOSTS_KNOWN_NAME /b/|R|APACHE_VHOSTS_KNOWN_NAME /b2evolution/blogs/htsrv/login.php|R|APACHE_VHOSTS_KNOWN_NAME /b2-include/|R|APACHE_VHOSTS_KNOWN_NAME /back/|R|APACHE_VHOSTS_KNOWN_NAME /backend/|R|APACHE_VHOSTS_KNOWN_NAME /backend/plugin/Registration/index.php|R|APACHE_VHOSTS_KNOWN_NAME /_backup/|R|APACHE_VHOSTS_KNOWN_NAME /backup/|R|APACHE_VHOSTS_KNOWN_NAME /backup/down.php|R|APACHE_VHOSTS_KNOWN_NAME /backups/|R|APACHE_VHOSTS_KNOWN_NAME /baconmap/admin/updatelist.php|R|APACHE_VHOSTS_KNOWN_NAME /bak/|R|APACHE_VHOSTS_KNOWN_NAME /banca/|R|APACHE_VHOSTS_KNOWN_NAME /banco/|R|APACHE_VHOSTS_KNOWN_NAME /bands/index.php|R|APACHE_VHOSTS_KNOWN_NAME /bank/|R|APACHE_VHOSTS_KNOWN_NAME /banner/|R|APACHE_VHOSTS_KNOWN_NAME /banner01/|R|APACHE_VHOSTS_KNOWN_NAME /banners/|R|APACHE_VHOSTS_KNOWN_NAME /base/base_main.php|R|APACHE_VHOSTS_KNOWN_NAME /base_main.php|R|APACHE_VHOSTS_KNOWN_NAME /basilix.php|R|APACHE_VHOSTS_KNOWN_NAME /batch/|R|APACHE_VHOSTS_KNOWN_NAME /bb-dnbd/|R|APACHE_VHOSTS_KNOWN_NAME /bbv/|R|APACHE_VHOSTS_KNOWN_NAME /bdata/|R|APACHE_VHOSTS_KNOWN_NAME /bdatos/|R|APACHE_VHOSTS_KNOWN_NAME /beta/|R|APACHE_VHOSTS_KNOWN_NAME /bf/index.php|R|APACHE_VHOSTS_KNOWN_NAME /bible.php|R|APACHE_VHOSTS_KNOWN_NAME /bid/index.php|R|APACHE_VHOSTS_KNOWN_NAME /bigforum/index.php|R|APACHE_VHOSTS_KNOWN_NAME /billpay/|R|APACHE_VHOSTS_KNOWN_NAME /bin/|R|APACHE_VHOSTS_KNOWN_NAME /bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /bin/view/foswiki/WebHome|R|APACHE_VHOSTS_KNOWN_NAME /bin/view/TWiki/WebHome|R|APACHE_VHOSTS_KNOWN_NAME /bitweaver/users/login.php|R|APACHE_VHOSTS_KNOWN_NAME /bitweaver/wiki/index.php|R|APACHE_VHOSTS_KNOWN_NAME /BizTalkServerDocs/|R|APACHE_VHOSTS_KNOWN_NAME /BizTalkServerRepository/|R|APACHE_VHOSTS_KNOWN_NAME /BizTalkTracking/|R|APACHE_VHOSTS_KNOWN_NAME /blindblog/comment.php|R|APACHE_VHOSTS_KNOWN_NAME /blob/blob.php|R|APACHE_VHOSTS_KNOWN_NAME /blob.php|R|APACHE_VHOSTS_KNOWN_NAME /blog/|R|APACHE_VHOSTS_KNOWN_NAME /blogAdmin/jobs.php|R|APACHE_VHOSTS_KNOWN_NAME /blog/blob.php|R|APACHE_VHOSTS_KNOWN_NAME /blog/blogAdmin/jobs.php|R|APACHE_VHOSTS_KNOWN_NAME /blog/comment.php|R|APACHE_VHOSTS_KNOWN_NAME /blog/comments.php|R|APACHE_VHOSTS_KNOWN_NAME /blog/index.php|R|APACHE_VHOSTS_KNOWN_NAME /blog/index.php/Special/Main/Templates|R|APACHE_VHOSTS_KNOWN_NAME /blog/login.php|R|APACHE_VHOSTS_KNOWN_NAME /blog/public/view.php|R|APACHE_VHOSTS_KNOWN_NAME /blog/search.php|R|APACHE_VHOSTS_KNOWN_NAME /blogs/htsrv/login.php|R|APACHE_VHOSTS_KNOWN_NAME /blog/wp-content/plugins/phpmyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /boadmin/|R|APACHE_VHOSTS_KNOWN_NAME /board/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /board/db/users.dat|R|APACHE_VHOSTS_KNOWN_NAME /board/index.php|R|APACHE_VHOSTS_KNOWN_NAME /board/showtheme.php|R|APACHE_VHOSTS_KNOWN_NAME /board/upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /board/wcf/acp/dereferrer.php|R|APACHE_VHOSTS_KNOWN_NAME /boat-webdesign/detail.asp|R|APACHE_VHOSTS_KNOWN_NAME /boat-webdesignprintdetail.asp|R|APACHE_VHOSTS_KNOWN_NAME /book_panel/books.php|R|APACHE_VHOSTS_KNOWN_NAME /boot/|R|APACHE_VHOSTS_KNOWN_NAME /Boutiques/|R|APACHE_VHOSTS_KNOWN_NAME /breakcal/calendar.cgi|R|APACHE_VHOSTS_KNOWN_NAME /browse.php|R|APACHE_VHOSTS_KNOWN_NAME /btauxdir/|R|APACHE_VHOSTS_KNOWN_NAME /btnet/about.html|R|APACHE_VHOSTS_KNOWN_NAME /bug/|R|APACHE_VHOSTS_KNOWN_NAME /bugport/php/index.php|R|APACHE_VHOSTS_KNOWN_NAME /bugs/|R|APACHE_VHOSTS_KNOWN_NAME /bugs/bug.php|R|APACHE_VHOSTS_KNOWN_NAME /bugs/index.cgi|R|APACHE_VHOSTS_KNOWN_NAME /bugs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /bugtracker/about.html|R|APACHE_VHOSTS_KNOWN_NAME /bugtracker/index.php|R|APACHE_VHOSTS_KNOWN_NAME /bugzilla/|R|APACHE_VHOSTS_KNOWN_NAME /bugzilla/index.cgi|R|APACHE_VHOSTS_KNOWN_NAME /business/|R|APACHE_VHOSTS_KNOWN_NAME /buy/|R|APACHE_VHOSTS_KNOWN_NAME /buynow/|R|APACHE_VHOSTS_KNOWN_NAME /bw/users/login.php|R|APACHE_VHOSTS_KNOWN_NAME /bw/wiki/index.php|R|APACHE_VHOSTS_KNOWN_NAME /c/|R|APACHE_VHOSTS_KNOWN_NAME /cache-stats/|R|APACHE_VHOSTS_KNOWN_NAME /cacti/|R|APACHE_VHOSTS_KNOWN_NAME /cacti/index.php|R|APACHE_VHOSTS_KNOWN_NAME /caja/|R|APACHE_VHOSTS_KNOWN_NAME /calendar/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /calendar/details.asp|R|APACHE_VHOSTS_KNOWN_NAME /calendar/index.php|R|APACHE_VHOSTS_KNOWN_NAME /calendar/login.php|R|APACHE_VHOSTS_KNOWN_NAME /campsite/admin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /campsite/index.php|R|APACHE_VHOSTS_KNOWN_NAME /card/|R|APACHE_VHOSTS_KNOWN_NAME /cards/|R|APACHE_VHOSTS_KNOWN_NAME /car_portal/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cart/|R|APACHE_VHOSTS_KNOWN_NAME /cart/admin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /cart/extras/curltest.php|R|APACHE_VHOSTS_KNOWN_NAME /cart/includes/initsystem.php|R|APACHE_VHOSTS_KNOWN_NAME /cart/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cash/|R|APACHE_VHOSTS_KNOWN_NAME /caspsamp/|R|APACHE_VHOSTS_KNOWN_NAME /catalog/|R|APACHE_VHOSTS_KNOWN_NAME /catalog/index.php|R|APACHE_VHOSTS_KNOWN_NAME /catalog.php|R|APACHE_VHOSTS_KNOWN_NAME /caucho-status|R|APACHE_VHOSTS_KNOWN_NAME /cbblog/comment.php|R|APACHE_VHOSTS_KNOWN_NAME /cb/db/budget.sqlite|R|APACHE_VHOSTS_KNOWN_NAME /cbi-bin/|R|APACHE_VHOSTS_KNOWN_NAME /ccard/|R|APACHE_VHOSTS_KNOWN_NAME /ccards/|R|APACHE_VHOSTS_KNOWN_NAME /cctiddly/includes/include.php|R|APACHE_VHOSTS_KNOWN_NAME /cd/|R|APACHE_VHOSTS_KNOWN_NAME /cd-cgi/|R|APACHE_VHOSTS_KNOWN_NAME /cdrom/|R|APACHE_VHOSTS_KNOWN_NAME /ce_html/|R|APACHE_VHOSTS_KNOWN_NAME /celerbb/viewforum.php|R|APACHE_VHOSTS_KNOWN_NAME /celer/viewforum.php|R|APACHE_VHOSTS_KNOWN_NAME /centreon/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cert/|R|APACHE_VHOSTS_KNOWN_NAME /certificado/|R|APACHE_VHOSTS_KNOWN_NAME /certificate/|R|APACHE_VHOSTS_KNOWN_NAME /cfanywhere/index.html|R|APACHE_VHOSTS_KNOWN_NAME /cfappman/|R|APACHE_VHOSTS_KNOWN_NAME /cfdocs/|R|APACHE_VHOSTS_KNOWN_NAME /cfide/|R|APACHE_VHOSTS_KNOWN_NAME /CFIDE/administrator/index.cfm|R|APACHE_VHOSTS_KNOWN_NAME /cg739|R|APACHE_VHOSTS_KNOWN_NAME /cgi/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-auth/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bim/|R|APACHE_VHOSTS_KNOWN_NAME /cgibin/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin2/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/%3f.jsp|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/about.html|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/about.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/about-show.do|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/acceptDecline.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/add_url.htm|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/adframe.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/admin/config.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/admin/login.asp|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/admin/login.html|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/admin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-binadmin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/admin/lost-pass.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/adminSection/main.asp|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/admin/setup.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/admin/updatelist.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/af.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/agenda.php3|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/ajaxp_backend.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/alerts.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/alienform.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/ang/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/ans/ans.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/ans.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/apexec.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/artmedic_links5/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/assets/plugins/mp3_id/mp3_id.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/athenareg.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/authentication_index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/backend/plugin/Registration/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/base_main.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/basilix.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/bb_func_txt.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/bible.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/bin/view/foswiki/WebHome|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/bin/view/TWiki/WebHome|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/blob.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/blogAdmin/jobs.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/book_panel/books.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/breakcal/calendar.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/browse.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/calendar.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/calendar_scheduler.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/cal_week.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/cart32.exe/GetLatestBuilds|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/catalog.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/cgicso|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/cgi/tseekdir.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/changelog.txt|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/charts.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/chat/send.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/check_user_id.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/chgpwd.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/classifieds/Site_Admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/cms/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/cms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/cms/website.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/comment.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/comments.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/common/listrec.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/common/login.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/config.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/content/dynpage_load.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/content.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/core/editor.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/core/includes/gfw_smarty.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/Count.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/counter.exe|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/cvs.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/cvsweb.cgi/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/cwmail.exe|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/data/adminusers.csv|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/data/nanoadmin.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/db/budget.sqlite|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/db/users.dat|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/dcshop.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/dcshop.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/default.aspx|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/desktop.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/detail.asp|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/dig.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/directory.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/docbuilder/top.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/doc/catalogue.html|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/../Docs/ChangeLog.txt|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/Docs/ChangeLog.txt|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/docs/CHANGES|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/../Docs/ReadMe.txt|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/Docs/ReadMe.txt|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/download.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/down.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/e107_admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/easymsgb.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/easyshop.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/edit_image.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/editor/assetmanager/assetmanager.asp|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/edlink.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/engine/inc/version.info|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/error.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/eshop.pl/seite=;cat%20eshop.|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/evalsmsi.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/extras/curltest.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/faqmanager.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/filter.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/firstvisit.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/fom/fom.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/FormMail.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/formmail.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/FormMail.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/formmail.pl.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/forum_2.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/forum_answer.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/forum/Database/EZsiteForum.mdb|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/forum/email.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/forum.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/forum.php3|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/fr_left.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/gadgets/Blog/BlogModel.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/gallery.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/gen/obj/collectivite.class.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/gm.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/gnat/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/guestbook.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/GW5/GWWEB.EXE|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/GWWEB.EXE|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/gzip_loader.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/handlers/getpage.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/_head.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/hints.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-binhome|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/home|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/home.asp|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/horde/services/help/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/htaccess.txt|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/htdocs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/htdocs/login.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/html/affich.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/html/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/htsearch|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/htsearch.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/imageview.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/i-mall.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/includer.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/includes/esqueletos/skel_null.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/includes/include.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/includes/initsystem.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/includes/js/mambojavascript.js|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/includes/window_top.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/inc/smarty/libs/init.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/indeks.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index2.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/Index2.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index.asp|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index.html|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index.js%70|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-binindex.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index.php3|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index.php4|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index.php/Special/Main/Templates|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index.php/Special:Version|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index.pl/homels|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/index.rb|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/inserter.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/install/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/ion-p.exe|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/jgs_portal_statistik.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/journal.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/last10.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/left.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/library/lib.menu.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/lib/version.phps|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/license.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/LightNEasy.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/Lisez%20moi.txt|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/listinfo|R|APACHE_VHOSTS_KNOWN_NAME /cgi_bin/listrec.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/listrec.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/login/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/login.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/login_page.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/Login.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/login.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/mail.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/main_login.asp|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/manager/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/manpage/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/mapserv|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/mapserv.exe|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/metadot/index.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/mlog.html|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/module/biz/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/module/forum/main.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/module.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/modules/module_db.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/modules/news/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/modules.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/modules/plain/adminpart/addplain.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/modules/Submit/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/mrtg.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/mt.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/mt/mt.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/myevent.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/mylog.html|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/napro4/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/nbmember.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/newcomment/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/news/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/news/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/news.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/NonExistent.html|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/nph-mr.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/oldnews_reader.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/open.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/openwebmail/openwebmail.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/openwebmail.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/order.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/owls/glossaries/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/page.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/pages.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/passwiki.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/password_reminder.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/php/login.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/php/mytutos.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/php-ping.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/phpsysinfo/inc/hook_admin.inc.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/phpThumb.demo.demo.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/phptonuke.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/pivot/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/pki/pub/pki|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/pmwiki.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/portfolio_genre.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi_bin/powerup/r.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/powerup/r.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-binprintdetail.asp|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/printfaq.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/print.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/product.comparision.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/productionnu2/fileuploader.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/productionnu2/report.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-binprofil.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/public/code/cp_dpage.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/public/code/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/public/view.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/pub/pki|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/quixplorer_2_3/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/r.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/read_body.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/README|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/README.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/Readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/README.txt|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/register.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/results.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/revert.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/roschedule.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/rtm.log|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/ru/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/run-cvstrac/index|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/script/cat_for_gen.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/scripts.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/scr/soustab.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/sdbsearch.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/search|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/search/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/search=%3Cscript%3Ealert('XSS')%3C/script%3E|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/search.html|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/search.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/search.php3|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/search/results.stm|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/search/show.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/sendcard.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/services/help/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/servlet/one2planet.infolet.InfoServlet|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/session/login.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/settings.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/setup.php3|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/s_form.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/sgdynamo.exe|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/shopper.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi_bin/shop.pl/page=;cat%20shop.|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/shop.pl/page=;cat%20shop.|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/shopplus.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/shouts.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/showcategory.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/showcat.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/showproduct.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/showtheme.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/signing_system-admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/site/login.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/sitemap.xml|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/site.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/skins/default.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/smarty.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/snpfiltered.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/software-description.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/sources/functions.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/src/main.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/start.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/status.php3|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/story.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/stuworkdisplay.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/styles.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-binsymphony/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/SystemInfo|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/system/rss.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/team.rc5-72.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/Templates/default/index_logged.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/templates/system/css/editor.css|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/test-cgi.bat|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/test.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/themes/admin/default/modules/show.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/themes/program/themesettings.inc.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/thread.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/tiki-index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/tiki-orphan_pages.php/>">|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/tiny_mce/plugins/ibrowser/ibrowser.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/titleBar.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/tmpl/news_main.htm|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/tombstone.cfm|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/tools.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/topic.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/update.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/upload/account-login.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/upstnt.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/user.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/user.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/users/login.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/VERSION|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/viart_shop.xml|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/vicidial.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/viewcvs.cgi/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/viewforum.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/view_item|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/view.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/viewpic.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/view_user.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/viewvc/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/viewvc.cgi/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/vu2qQDc3jsqe.cfm|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/vu2qQDc3jsqe.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/vu2qQDc3jsqe.html|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/vu2qQDc3jsqe.inc|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/vu2qQDc3jsqe.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/vu2qQDc3jsqe.php3|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/vu2qQDc3jsqe.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/vu2qQDc3jsqe.sh|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/vu2qQDc3jsqe.shtml|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/WackoWiki|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/wcf/acp/dereferrer.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/webadmin.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-binwebcart.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/web/help.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/weblibs.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/webplus|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/webplus.exe|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/webspirs.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/Web_Store/web_store.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/wiki/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/wiki.php/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/www/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/wwwboard.html|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/www/default.asp|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/www/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/x_news.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/YaBB.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/zboard.php|R|APACHE_VHOSTS_KNOWN_NAME /cgi-bin/zml.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-csc/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-isapi/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-lib/|R|APACHE_VHOSTS_KNOWN_NAME /cgilib/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-local/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-local/apexec.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-local/eshop.pl/seite=;cat%20eshop.|R|APACHE_VHOSTS_KNOWN_NAME /cgi-local/listrec.pl|R|APACHE_VHOSTS_KNOWN_NAME /cgi-local/shop.pl/page=;cat%20shop.|R|APACHE_VHOSTS_KNOWN_NAME /cgi_local/view_item|R|APACHE_VHOSTS_KNOWN_NAME /cgi-local/view_item|R|APACHE_VHOSTS_KNOWN_NAME /cgi-mod/index.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgis/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-scripts/|R|APACHE_VHOSTS_KNOWN_NAME /cgiscripts/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-shl/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-shop/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-shop/view_item|R|APACHE_VHOSTS_KNOWN_NAME /cgi-sys/|R|APACHE_VHOSTS_KNOWN_NAME /cgi/tseekdir.cgi|R|APACHE_VHOSTS_KNOWN_NAME /cgi-weddico/|R|APACHE_VHOSTS_KNOWN_NAME /cgi-win/|R|APACHE_VHOSTS_KNOWN_NAME /cgiwin/|R|APACHE_VHOSTS_KNOWN_NAME /changelog.txt|R|APACHE_VHOSTS_KNOWN_NAME /charts.php|R|APACHE_VHOSTS_KNOWN_NAME /chat/|R|APACHE_VHOSTS_KNOWN_NAME /chat/home.asp|R|APACHE_VHOSTS_KNOWN_NAME /chat/index.php|R|APACHE_VHOSTS_KNOWN_NAME /chat/send.php|R|APACHE_VHOSTS_KNOWN_NAME /chillyCMS/admin/media.site.php|R|APACHE_VHOSTS_KNOWN_NAME /chillyCMS/tmp/OpenVAS_TEST_DELETE_ME_1924632898.php|R|APACHE_VHOSTS_KNOWN_NAME /chipmunk/index.php|R|APACHE_VHOSTS_KNOWN_NAME /chora/cvs.php|R|APACHE_VHOSTS_KNOWN_NAME /chora/horde/services/help/|R|APACHE_VHOSTS_KNOWN_NAME /chora/README|R|APACHE_VHOSTS_KNOWN_NAME /cilemhaber/www/default.asp|R|APACHE_VHOSTS_KNOWN_NAME /citrix/MetaframeXP/default/login.asp|R|APACHE_VHOSTS_KNOWN_NAME /citrix/nfuse/default/login.asp|R|APACHE_VHOSTS_KNOWN_NAME /clanlite/service/index_pri.php|R|APACHE_VHOSTS_KNOWN_NAME /claroline/claroline/install/index.php|R|APACHE_VHOSTS_KNOWN_NAME /class/|R|APACHE_VHOSTS_KNOWN_NAME /classes/|R|APACHE_VHOSTS_KNOWN_NAME /classified/adverts.php|R|APACHE_VHOSTS_KNOWN_NAME /classifieds/Site_Admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /ClearBudget/db/budget.sqlite|R|APACHE_VHOSTS_KNOWN_NAME /clearsite/about.php|R|APACHE_VHOSTS_KNOWN_NAME /clicknetcms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /clicknet/index.php|R|APACHE_VHOSTS_KNOWN_NAME /client/|R|APACHE_VHOSTS_KNOWN_NAME /cliente/|R|APACHE_VHOSTS_KNOWN_NAME /clientes/|R|APACHE_VHOSTS_KNOWN_NAME /cm/|R|APACHE_VHOSTS_KNOWN_NAME /cmp/|R|APACHE_VHOSTS_KNOWN_NAME /cms/|R|APACHE_VHOSTS_KNOWN_NAME /cms/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/admin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /cmsample/|R|APACHE_VHOSTS_KNOWN_NAME /cms/cms/|R|APACHE_VHOSTS_KNOWN_NAME /cms/cms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/cms/website.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/content/dynpage_load.php|R|APACHE_VHOSTS_KNOWN_NAME /cmscout/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cmscout/tiny_mce/plugins/ibrowser/ibrowser.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/data/nanoadmin.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/e107_admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/engine/inc/version.info|R|APACHE_VHOSTS_KNOWN_NAME /cms/.htaccess|R|APACHE_VHOSTS_KNOWN_NAME /cms/htaccess.txt|R|APACHE_VHOSTS_KNOWN_NAME /cms/includes/js/mambojavascript.js|R|APACHE_VHOSTS_KNOWN_NAME /cms/includes/window_top.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/inc/smarty/libs/init.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/indeks.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/login/|R|APACHE_VHOSTS_KNOWN_NAME /cms/login.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/manager/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/module/forum/main.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/module.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/modules.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/modules/plain/adminpart/addplain.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/oldnews_reader.php|R|APACHE_VHOSTS_KNOWN_NAME /cmsqlite10/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cmsqlite/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/README|R|APACHE_VHOSTS_KNOWN_NAME /cms/README.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/ru/|R|APACHE_VHOSTS_KNOWN_NAME /cms/search.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/search.php3|R|APACHE_VHOSTS_KNOWN_NAME /cms/sitemap.xml|R|APACHE_VHOSTS_KNOWN_NAME /cms/skins/default.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/smarty.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/system/rss.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/Templates/default/index_logged.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/templates/system/css/editor.css|R|APACHE_VHOSTS_KNOWN_NAME /cms/themes/admin/default/modules/show.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/tiny_mce/plugins/ibrowser/ibrowser.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/update.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/view.php|R|APACHE_VHOSTS_KNOWN_NAME /cms/website.php|R|APACHE_VHOSTS_KNOWN_NAME /.cobalt/|R|APACHE_VHOSTS_KNOWN_NAME /cobalt-images/|R|APACHE_VHOSTS_KNOWN_NAME /code/|R|APACHE_VHOSTS_KNOWN_NAME /collabtive/index.php|R|APACHE_VHOSTS_KNOWN_NAME /comic/news.php|R|APACHE_VHOSTS_KNOWN_NAME /comment.php|R|APACHE_VHOSTS_KNOWN_NAME /comments/|R|APACHE_VHOSTS_KNOWN_NAME /comments.php|R|APACHE_VHOSTS_KNOWN_NAME /common/|R|APACHE_VHOSTS_KNOWN_NAME /commoncgi/servlet/CCGIServlet|R|APACHE_VHOSTS_KNOWN_NAME /common/login.php|R|APACHE_VHOSTS_KNOWN_NAME /communicator/|R|APACHE_VHOSTS_KNOWN_NAME /community/index.php|R|APACHE_VHOSTS_KNOWN_NAME /community/upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /company/|R|APACHE_VHOSTS_KNOWN_NAME /compare/product.comparision.php|R|APACHE_VHOSTS_KNOWN_NAME /comparisonengine/product.comparision.php|R|APACHE_VHOSTS_KNOWN_NAME /compra/|R|APACHE_VHOSTS_KNOWN_NAME /compras/|R|APACHE_VHOSTS_KNOWN_NAME /compressed/|R|APACHE_VHOSTS_KNOWN_NAME /conecta/|R|APACHE_VHOSTS_KNOWN_NAME /conf/|R|APACHE_VHOSTS_KNOWN_NAME /conference/roschedule.php|R|APACHE_VHOSTS_KNOWN_NAME /config/|R|APACHE_VHOSTS_KNOWN_NAME /connect/|R|APACHE_VHOSTS_KNOWN_NAME /console/|R|APACHE_VHOSTS_KNOWN_NAME /ConsoleHelp/default.jsp|R|APACHE_VHOSTS_KNOWN_NAME /content/|R|APACHE_VHOSTS_KNOWN_NAME /content/dynpage_load.php|R|APACHE_VHOSTS_KNOWN_NAME /content.php|R|APACHE_VHOSTS_KNOWN_NAME /ControlManager/default.htm|R|APACHE_VHOSTS_KNOWN_NAME /controlpanel/|R|APACHE_VHOSTS_KNOWN_NAME /coppermine/index.php|R|APACHE_VHOSTS_KNOWN_NAME /core/|R|APACHE_VHOSTS_KNOWN_NAME /core/includes/gfw_smarty.php|R|APACHE_VHOSTS_KNOWN_NAME /corp/|R|APACHE_VHOSTS_KNOWN_NAME /Corporate/|R|APACHE_VHOSTS_KNOWN_NAME /correo/|R|APACHE_VHOSTS_KNOWN_NAME /Count.cgi|R|APACHE_VHOSTS_KNOWN_NAME /counter/|R|APACHE_VHOSTS_KNOWN_NAME /counter.exe|R|APACHE_VHOSTS_KNOWN_NAME /counter/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cPcreator/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cp/index.php|R|APACHE_VHOSTS_KNOWN_NAME /creasito/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Creasito/index.php|R|APACHE_VHOSTS_KNOWN_NAME /credit/|R|APACHE_VHOSTS_KNOWN_NAME /cron/|R|APACHE_VHOSTS_KNOWN_NAME /crons/|R|APACHE_VHOSTS_KNOWN_NAME /CruxCMS300/manager/login.php|R|APACHE_VHOSTS_KNOWN_NAME /CruxCMS/login.php|R|APACHE_VHOSTS_KNOWN_NAME /CruxPA200/../Docs/ChangeLog.txt|R|APACHE_VHOSTS_KNOWN_NAME /CruxPA200/Docs/ChangeLog.txt|R|APACHE_VHOSTS_KNOWN_NAME /CruxPA200/../Docs/ReadMe.txt|R|APACHE_VHOSTS_KNOWN_NAME /CruxPA200/Docs/ReadMe.txt|R|APACHE_VHOSTS_KNOWN_NAME /CruxPA200/login.php|R|APACHE_VHOSTS_KNOWN_NAME /CruxPA200/Manager/../Docs/ChangeLog.txt|R|APACHE_VHOSTS_KNOWN_NAME /CruxPA200/Manager/Docs/ChangeLog.txt|R|APACHE_VHOSTS_KNOWN_NAME /CruxPA200/Manager/../Docs/ReadMe.txt|R|APACHE_VHOSTS_KNOWN_NAME /CruxPA200/Manager/Docs/ReadMe.txt|R|APACHE_VHOSTS_KNOWN_NAME /CruxPA200/Manager/login.php|R|APACHE_VHOSTS_KNOWN_NAME /crypt/cryptographp.inc.php|R|APACHE_VHOSTS_KNOWN_NAME /crypto/|R|APACHE_VHOSTS_KNOWN_NAME /CS/|R|APACHE_VHOSTS_KNOWN_NAME /cscart/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cs-dns/index.php|R|APACHE_VHOSTS_KNOWN_NAME /csr/|R|APACHE_VHOSTS_KNOWN_NAME /css/|R|APACHE_VHOSTS_KNOWN_NAME /cs-whois/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cube/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /cubecart/upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /cuenta/|R|APACHE_VHOSTS_KNOWN_NAME /cuentas/|R|APACHE_VHOSTS_KNOWN_NAME /currency/|R|APACHE_VHOSTS_KNOWN_NAME /customers/|R|APACHE_VHOSTS_KNOWN_NAME /cutenews/index.php|R|APACHE_VHOSTS_KNOWN_NAME /CVS/|R|APACHE_VHOSTS_KNOWN_NAME /CVS/Entries|R|APACHE_VHOSTS_KNOWN_NAME /cvs.php|R|APACHE_VHOSTS_KNOWN_NAME /cvstrac/index|R|APACHE_VHOSTS_KNOWN_NAME /cvsweb/|R|APACHE_VHOSTS_KNOWN_NAME /cvsweb.cgi/|R|APACHE_VHOSTS_KNOWN_NAME /c/winnt/system32/cmd.exe|R|APACHE_VHOSTS_KNOWN_NAME /cwmail.exe|R|APACHE_VHOSTS_KNOWN_NAME /cybercash/|R|APACHE_VHOSTS_KNOWN_NAME /d/|R|APACHE_VHOSTS_KNOWN_NAME /dagger/skins/default.php|R|APACHE_VHOSTS_KNOWN_NAME /darkportal/|R|APACHE_VHOSTS_KNOWN_NAME /dat/|R|APACHE_VHOSTS_KNOWN_NAME /data/|R|APACHE_VHOSTS_KNOWN_NAME /data/adminusers.csv|R|APACHE_VHOSTS_KNOWN_NAME /database/|R|APACHE_VHOSTS_KNOWN_NAME /database/admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/database-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/databaseadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/database/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/databasemanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/databaseweb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.2.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.2.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.5.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.5.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.5.5/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.5.5-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.5.5-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.5.5-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.5.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.5.6-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.5.6-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.5.7/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.5.7-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.0-alpha2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.0-alpha/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.0-beta2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.0-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.0-rc3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.1-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.1-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.1-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.1-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.2-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.2-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.2-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.3-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.3-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.4-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.4-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.4-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.4-pl4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.6.4-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.7.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.7.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.7.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.7.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.7.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.8.0.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.8.0.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.8.0.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.8.0.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.8.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.8.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.8.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.8.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.8.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.8.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2.8.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpmyadmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin-2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/php-my-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/php-myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpmy-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpmyadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/phpMyAdmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/pma2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/pMA2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/pma2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/pMA2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/p/m/a/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/pMA/main.php|R|APACHE_VHOSTS_KNOWN_NAME /databases/|R|APACHE_VHOSTS_KNOWN_NAME /database/_sessions/|R|APACHE_VHOSTS_KNOWN_NAME /database/webadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/webdb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/web/main.php|R|APACHE_VHOSTS_KNOWN_NAME /database/websql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /datafiles/|R|APACHE_VHOSTS_KNOWN_NAME /data/nanoadmin.php|R|APACHE_VHOSTS_KNOWN_NAME /dato/|R|APACHE_VHOSTS_KNOWN_NAME /datos/|R|APACHE_VHOSTS_KNOWN_NAME /db/|R|APACHE_VHOSTS_KNOWN_NAME /DB4Web/|R|APACHE_VHOSTS_KNOWN_NAME /DB4Web/Red:23/foo|R|APACHE_VHOSTS_KNOWN_NAME /dba/|R|APACHE_VHOSTS_KNOWN_NAME /dbadmin/|R|APACHE_VHOSTS_KNOWN_NAME /db/admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /dbadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /dbadmin/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /dbase/|R|APACHE_VHOSTS_KNOWN_NAME /dbase/aeNovo1.mdb|R|APACHE_VHOSTS_KNOWN_NAME /db/budget.sqlite|R|APACHE_VHOSTS_KNOWN_NAME /db/db-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/dbadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/db/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/dbmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/dbweb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpmyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin/|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.2.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.2.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.5.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.5.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.5.5/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.5.5-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.5.5-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.5.5-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.5.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.5.6-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.5.6-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.5.7/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.5.7-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.0-alpha2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.0-alpha/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.0-beta2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.0-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.0-rc3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.1-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.1-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.1-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.1-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.2-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.2-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.2-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.3-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.3-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.4-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.4-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.4-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.4-pl4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.6.4-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.7.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.7.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.7.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.7.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.7.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.8.0.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.8.0.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.8.0.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.8.0.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.8.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.8.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.8.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.8.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.8.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.8.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2.8.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpmyadmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin-2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/php-my-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/php-myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpmy-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpmyadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/phpMyAdmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/pma2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/pMA2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/pma2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/pMA2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/p/m/a/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/pMA/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /db/users.dat|R|APACHE_VHOSTS_KNOWN_NAME /db/webadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/webdb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/web/main.php|R|APACHE_VHOSTS_KNOWN_NAME /db/websql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /dcforum/|R|APACHE_VHOSTS_KNOWN_NAME /dcshop.cgi|R|APACHE_VHOSTS_KNOWN_NAME /dcshop/dcshop.cgi|R|APACHE_VHOSTS_KNOWN_NAME /DCshop/dcshop.cgi|R|APACHE_VHOSTS_KNOWN_NAME /dcshop/dcshop.pl|R|APACHE_VHOSTS_KNOWN_NAME /DCshop/dcshop.pl|R|APACHE_VHOSTS_KNOWN_NAME /dcshop.pl|R|APACHE_VHOSTS_KNOWN_NAME /ddreport/|R|APACHE_VHOSTS_KNOWN_NAME /ddrint/|R|APACHE_VHOSTS_KNOWN_NAME /default.aspx|R|APACHE_VHOSTS_KNOWN_NAME /default.cfm|R|APACHE_VHOSTS_KNOWN_NAME /default.cfml|R|APACHE_VHOSTS_KNOWN_NAME /deluxebb/index.php|R|APACHE_VHOSTS_KNOWN_NAME /demium/urheber.php|R|APACHE_VHOSTS_KNOWN_NAME /demo/|R|APACHE_VHOSTS_KNOWN_NAME /demoauct/|R|APACHE_VHOSTS_KNOWN_NAME /demo/demo/phpThumb.demo.demo.php|R|APACHE_VHOSTS_KNOWN_NAME /demomall/|R|APACHE_VHOSTS_KNOWN_NAME /demos/|R|APACHE_VHOSTS_KNOWN_NAME /_derived/|R|APACHE_VHOSTS_KNOWN_NAME /design/|R|APACHE_VHOSTS_KNOWN_NAME /desktop.php|R|APACHE_VHOSTS_KNOWN_NAME /detail.asp|R|APACHE_VHOSTS_KNOWN_NAME /dev/|R|APACHE_VHOSTS_KNOWN_NAME /devana/index.php|R|APACHE_VHOSTS_KNOWN_NAME /devel/|R|APACHE_VHOSTS_KNOWN_NAME /development/|R|APACHE_VHOSTS_KNOWN_NAME /diary/default.asp|R|APACHE_VHOSTS_KNOWN_NAME /digitalscribe/stuworkdisplay.php|R|APACHE_VHOSTS_KNOWN_NAME /DigitalScribe/stuworkdisplay.php|R|APACHE_VHOSTS_KNOWN_NAME /dig.php|R|APACHE_VHOSTS_KNOWN_NAME /dir/|R|APACHE_VHOSTS_KNOWN_NAME /dir/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /directory/|R|APACHE_VHOSTS_KNOWN_NAME /directorymanager/|R|APACHE_VHOSTS_KNOWN_NAME /directory.php|R|APACHE_VHOSTS_KNOWN_NAME /discloser/login.php|R|APACHE_VHOSTS_KNOWN_NAME /diycms/diy/index.php|R|APACHE_VHOSTS_KNOWN_NAME /dl/|R|APACHE_VHOSTS_KNOWN_NAME /dll/|R|APACHE_VHOSTS_KNOWN_NAME /dl_stats/download.php|R|APACHE_VHOSTS_KNOWN_NAME /dm/|R|APACHE_VHOSTS_KNOWN_NAME /dmanager/php/login.php|R|APACHE_VHOSTS_KNOWN_NAME /DMC/titleBar.php|R|APACHE_VHOSTS_KNOWN_NAME /dm-filemanager/login.php|R|APACHE_VHOSTS_KNOWN_NAME /dmf/login.php|R|APACHE_VHOSTS_KNOWN_NAME /DMR/|R|APACHE_VHOSTS_KNOWN_NAME /dms/|R|APACHE_VHOSTS_KNOWN_NAME /dms0/|R|APACHE_VHOSTS_KNOWN_NAME /dmsdump/|R|APACHE_VHOSTS_KNOWN_NAME /dms/login.php|R|APACHE_VHOSTS_KNOWN_NAME /dms/slideshow.kspx|R|APACHE_VHOSTS_KNOWN_NAME /dnet/team.rc5-72.php|R|APACHE_VHOSTS_KNOWN_NAME /dn/library/lib.menu.php|R|APACHE_VHOSTS_KNOWN_NAME /dns_tools/dig.php|R|APACHE_VHOSTS_KNOWN_NAME /doc/|R|APACHE_VHOSTS_KNOWN_NAME /doc1/|R|APACHE_VHOSTS_KNOWN_NAME /docbuilder/top.php|R|APACHE_VHOSTS_KNOWN_NAME /doc/catalogue.html|R|APACHE_VHOSTS_KNOWN_NAME /doc-html/|R|APACHE_VHOSTS_KNOWN_NAME /docman/index.php|R|APACHE_VHOSTS_KNOWN_NAME /docs/|R|APACHE_VHOSTS_KNOWN_NAME /docs1/|R|APACHE_VHOSTS_KNOWN_NAME /Docs/ChangeLog.txt|R|APACHE_VHOSTS_KNOWN_NAME /docs/CHANGES|R|APACHE_VHOSTS_KNOWN_NAME /docs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Docs/ReadMe.txt|R|APACHE_VHOSTS_KNOWN_NAME /docs/servlets/index.html|R|APACHE_VHOSTS_KNOWN_NAME /DocuColor/|R|APACHE_VHOSTS_KNOWN_NAME /document/|R|APACHE_VHOSTS_KNOWN_NAME /documents/|R|APACHE_VHOSTS_KNOWN_NAME /dokeos/index.php|R|APACHE_VHOSTS_KNOWN_NAME /dokuwiki/VERSION|R|APACHE_VHOSTS_KNOWN_NAME /dolphin/gzip_loader.php|R|APACHE_VHOSTS_KNOWN_NAME /domaine/port/utilisateur|R|APACHE_VHOSTS_KNOWN_NAME /DotNetNuke|R|APACHE_VHOSTS_KNOWN_NAME /DotNetNuke/default.aspx|R|APACHE_VHOSTS_KNOWN_NAME /dotproject/index.php|R|APACHE_VHOSTS_KNOWN_NAME /dotProject/index.php|R|APACHE_VHOSTS_KNOWN_NAME /down/|R|APACHE_VHOSTS_KNOWN_NAME /download/|R|APACHE_VHOSTS_KNOWN_NAME /download.php|R|APACHE_VHOSTS_KNOWN_NAME /downloads/|R|APACHE_VHOSTS_KNOWN_NAME /down.php|R|APACHE_VHOSTS_KNOWN_NAME /dpi11f/index.php|R|APACHE_VHOSTS_KNOWN_NAME /DPI11F/index.php|R|APACHE_VHOSTS_KNOWN_NAME /dpi/index.php|R|APACHE_VHOSTS_KNOWN_NAME /drupal/CHANGELOG.txt|R|APACHE_VHOSTS_KNOWN_NAME /drupal/update.php|R|APACHE_VHOSTS_KNOWN_NAME /dspam/|R|APACHE_VHOSTS_KNOWN_NAME /.DS_Store|R|APACHE_VHOSTS_KNOWN_NAME /dump/|R|APACHE_VHOSTS_KNOWN_NAME /durep/|R|APACHE_VHOSTS_KNOWN_NAME /dynpage/content/dynpage_load.php|R|APACHE_VHOSTS_KNOWN_NAME /e/|R|APACHE_VHOSTS_KNOWN_NAME /e107_admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /e107/e107_admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /e107/e107_plugins/easyshop/easyshop.php|R|APACHE_VHOSTS_KNOWN_NAME /e107/news.php|R|APACHE_VHOSTS_KNOWN_NAME /easylog/|R|APACHE_VHOSTS_KNOWN_NAME /easymsgb.pl|R|APACHE_VHOSTS_KNOWN_NAME /easyshop.php|R|APACHE_VHOSTS_KNOWN_NAME /ecms/|R|APACHE_VHOSTS_KNOWN_NAME /edit_image.php|R|APACHE_VHOSTS_KNOWN_NAME /editor/assetmanager/assetmanager.asp|R|APACHE_VHOSTS_KNOWN_NAME /edlink.php|R|APACHE_VHOSTS_KNOWN_NAME /eforum/|R|APACHE_VHOSTS_KNOWN_NAME /eFront/www/index.php|R|APACHE_VHOSTS_KNOWN_NAME /egroupware/login.php|R|APACHE_VHOSTS_KNOWN_NAME /eid-med|R|APACHE_VHOSTS_KNOWN_NAME /ejemplo/|R|APACHE_VHOSTS_KNOWN_NAME /ejemplos/|R|APACHE_VHOSTS_KNOWN_NAME /elite/admin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /email/|R|APACHE_VHOSTS_KNOWN_NAME /emailclass/|R|APACHE_VHOSTS_KNOWN_NAME /email/default.aspx|R|APACHE_VHOSTS_KNOWN_NAME /email/index.php|R|APACHE_VHOSTS_KNOWN_NAME /eManager/|R|APACHE_VHOSTS_KNOWN_NAME /employees/|R|APACHE_VHOSTS_KNOWN_NAME /empoyees/|R|APACHE_VHOSTS_KNOWN_NAME /empris/|R|APACHE_VHOSTS_KNOWN_NAME /en/|R|APACHE_VHOSTS_KNOWN_NAME /energine/|R|APACHE_VHOSTS_KNOWN_NAME /energine/htdocs/|R|APACHE_VHOSTS_KNOWN_NAME /engine/inc/version.info|R|APACHE_VHOSTS_KNOWN_NAME /en-US/|R|APACHE_VHOSTS_KNOWN_NAME /envia/|R|APACHE_VHOSTS_KNOWN_NAME /enviamail/|R|APACHE_VHOSTS_KNOWN_NAME /eocms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cautoexec.bat|R|APACHE_VHOSTS_KNOWN_NAME /error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cautoexec.bat2113503350|R|APACHE_VHOSTS_KNOWN_NAME /error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini|R|APACHE_VHOSTS_KNOWN_NAME /error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini416555602|R|APACHE_VHOSTS_KNOWN_NAME /error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini|R|APACHE_VHOSTS_KNOWN_NAME /error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini2067079208|R|APACHE_VHOSTS_KNOWN_NAME /error/NonExistent.html|R|APACHE_VHOSTS_KNOWN_NAME /error.php|R|APACHE_VHOSTS_KNOWN_NAME /_errors/|R|APACHE_VHOSTS_KNOWN_NAME /errors/|R|APACHE_VHOSTS_KNOWN_NAME /es/|R|APACHE_VHOSTS_KNOWN_NAME /EsBaseAdmin/default/login.php|R|APACHE_VHOSTS_KNOWN_NAME /EsContacts/login.php|R|APACHE_VHOSTS_KNOWN_NAME /eshop/index.php|R|APACHE_VHOSTS_KNOWN_NAME /eshop.pl/seite=;cat%20eshop.|R|APACHE_VHOSTS_KNOWN_NAME /EsNews/admin/news/modifier.php|R|APACHE_VHOSTS_KNOWN_NAME /EsPartenaires/login.php|R|APACHE_VHOSTS_KNOWN_NAME /estmt/|R|APACHE_VHOSTS_KNOWN_NAME /etc/|R|APACHE_VHOSTS_KNOWN_NAME /eTicket/license.txt|R|APACHE_VHOSTS_KNOWN_NAME /evalsmsi/evalsmsi.php|R|APACHE_VHOSTS_KNOWN_NAME /evalsmsi.php|R|APACHE_VHOSTS_KNOWN_NAME /eventh/index.php|R|APACHE_VHOSTS_KNOWN_NAME /eventhorizon/index.php|R|APACHE_VHOSTS_KNOWN_NAME /evision/modules/plain/adminpart/addplain.php|R|APACHE_VHOSTS_KNOWN_NAME /example/|R|APACHE_VHOSTS_KNOWN_NAME /examples/|R|APACHE_VHOSTS_KNOWN_NAME /examples/jsp/source.jsp|R|APACHE_VHOSTS_KNOWN_NAME /examples/servlet/TroubleShooter|R|APACHE_VHOSTS_KNOWN_NAME /exc/|R|APACHE_VHOSTS_KNOWN_NAME /excel/|R|APACHE_VHOSTS_KNOWN_NAME /exchange/|R|APACHE_VHOSTS_KNOWN_NAME /exchweb/bin/auth/owalogon.asp|R|APACHE_VHOSTS_KNOWN_NAME /exe/|R|APACHE_VHOSTS_KNOWN_NAME /exec/|R|APACHE_VHOSTS_KNOWN_NAME /explorer/index.php|R|APACHE_VHOSTS_KNOWN_NAME /exponent/index.php|R|APACHE_VHOSTS_KNOWN_NAME /export/|R|APACHE_VHOSTS_KNOWN_NAME /external/|R|APACHE_VHOSTS_KNOWN_NAME /extras/curltest.php|R|APACHE_VHOSTS_KNOWN_NAME /ezblog/public/view.php|R|APACHE_VHOSTS_KNOWN_NAME /ez/showcategory.php|R|APACHE_VHOSTS_KNOWN_NAME /f/|R|APACHE_VHOSTS_KNOWN_NAME /F3Site/index.php|R|APACHE_VHOSTS_KNOWN_NAME /F3Site/SYSTEM/index.php|R|APACHE_VHOSTS_KNOWN_NAME /facil-cms/modules.php|R|APACHE_VHOSTS_KNOWN_NAME /faq/|R|APACHE_VHOSTS_KNOWN_NAME /faq/index.php|R|APACHE_VHOSTS_KNOWN_NAME /.FBCIndex|R|APACHE_VHOSTS_KNOWN_NAME /fbsd/|R|APACHE_VHOSTS_KNOWN_NAME /fcgi-bin/|R|APACHE_VHOSTS_KNOWN_NAME /fcgi-bin/echo|R|APACHE_VHOSTS_KNOWN_NAME /fcms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /FCMS/index.php|R|APACHE_VHOSTS_KNOWN_NAME /file/|R|APACHE_VHOSTS_KNOWN_NAME /fileexplorer/index.php|R|APACHE_VHOSTS_KNOWN_NAME /filemanager/|R|APACHE_VHOSTS_KNOWN_NAME /filemanager/content.php|R|APACHE_VHOSTS_KNOWN_NAME /filemanager/index.php|R|APACHE_VHOSTS_KNOWN_NAME /files/|R|APACHE_VHOSTS_KNOWN_NAME /fileserver/index.php|R|APACHE_VHOSTS_KNOWN_NAME /filter.php|R|APACHE_VHOSTS_KNOWN_NAME /firestats/tools.php|R|APACHE_VHOSTS_KNOWN_NAME /firstvisit.php|R|APACHE_VHOSTS_KNOWN_NAME /flashcard/index.php|R|APACHE_VHOSTS_KNOWN_NAME /FlashCard/index.php|R|APACHE_VHOSTS_KNOWN_NAME /FlashChat/index.php|R|APACHE_VHOSTS_KNOWN_NAME /flashlight/README.txt|R|APACHE_VHOSTS_KNOWN_NAME /flash/README.txt|R|APACHE_VHOSTS_KNOWN_NAME /flatchat/index.php|R|APACHE_VHOSTS_KNOWN_NAME /flatpress/index.php|R|APACHE_VHOSTS_KNOWN_NAME /flexcube@/|R|APACHE_VHOSTS_KNOWN_NAME /flexcubeat/|R|APACHE_VHOSTS_KNOWN_NAME /foldergallery/index.php|R|APACHE_VHOSTS_KNOWN_NAME /foldoc/|R|APACHE_VHOSTS_KNOWN_NAME /foo.cfm|R|APACHE_VHOSTS_KNOWN_NAME /foo.jsp|R|APACHE_VHOSTS_KNOWN_NAME /foo.php|R|APACHE_VHOSTS_KNOWN_NAME /foo.shtml|R|APACHE_VHOSTS_KNOWN_NAME /foo.thtml|R|APACHE_VHOSTS_KNOWN_NAME /form/|R|APACHE_VHOSTS_KNOWN_NAME /formmail/formmail.pl|R|APACHE_VHOSTS_KNOWN_NAME /formmail/FormMail.pl|R|APACHE_VHOSTS_KNOWN_NAME /formmail.pl|R|APACHE_VHOSTS_KNOWN_NAME /FormMail.pl|R|APACHE_VHOSTS_KNOWN_NAME /forms/|R|APACHE_VHOSTS_KNOWN_NAME /formsmgr/|R|APACHE_VHOSTS_KNOWN_NAME /form-totaller/|R|APACHE_VHOSTS_KNOWN_NAME /forum/|R|APACHE_VHOSTS_KNOWN_NAME /forum/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /forum_answer.php|R|APACHE_VHOSTS_KNOWN_NAME /forum/Database/EZsiteForum.mdb|R|APACHE_VHOSTS_KNOWN_NAME /forum/index.php|R|APACHE_VHOSTS_KNOWN_NAME /forum/login.php|R|APACHE_VHOSTS_KNOWN_NAME /forum.php|R|APACHE_VHOSTS_KNOWN_NAME /forums/|R|APACHE_VHOSTS_KNOWN_NAME /forum/showtheme.php|R|APACHE_VHOSTS_KNOWN_NAME /forums/index.php|R|APACHE_VHOSTS_KNOWN_NAME /forum/upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /forum/viewforum.php|R|APACHE_VHOSTS_KNOWN_NAME /forum/wcf/acp/dereferrer.php|R|APACHE_VHOSTS_KNOWN_NAME /foswiki/bin/view/foswiki/WebHome|R|APACHE_VHOSTS_KNOWN_NAME /foto/|R|APACHE_VHOSTS_KNOWN_NAME /fotos/|R|APACHE_VHOSTS_KNOWN_NAME /fpadmin/|R|APACHE_VHOSTS_KNOWN_NAME /_fpclass/|R|APACHE_VHOSTS_KNOWN_NAME /fpdb/|R|APACHE_VHOSTS_KNOWN_NAME /fpsample/|R|APACHE_VHOSTS_KNOWN_NAME /fpws/index.php|R|APACHE_VHOSTS_KNOWN_NAME /FPWS/index.php|R|APACHE_VHOSTS_KNOWN_NAME /fr/|R|APACHE_VHOSTS_KNOWN_NAME /frameset/|R|APACHE_VHOSTS_KNOWN_NAME /framesets/|R|APACHE_VHOSTS_KNOWN_NAME /FreeDirectory/index.php|R|APACHE_VHOSTS_KNOWN_NAME /fretsweb/charts.php|R|APACHE_VHOSTS_KNOWN_NAME /frontaccount/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ftp/|R|APACHE_VHOSTS_KNOWN_NAME /ftp/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ftproot/|R|APACHE_VHOSTS_KNOWN_NAME /fuzzylime/_cms303/docs/readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /fuzzylime/index.php|R|APACHE_VHOSTS_KNOWN_NAME /g/|R|APACHE_VHOSTS_KNOWN_NAME /gallery/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /gallery/gallery.php|R|APACHE_VHOSTS_KNOWN_NAME /gallery/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Gallery/index.php|R|APACHE_VHOSTS_KNOWN_NAME /gallery.php|R|APACHE_VHOSTS_KNOWN_NAME /gallery/search.php|R|APACHE_VHOSTS_KNOWN_NAME /gallo/core/includes/gfw_smarty.php|R|APACHE_VHOSTS_KNOWN_NAME /ganglia/|R|APACHE_VHOSTS_KNOWN_NAME /gdl42/download.php|R|APACHE_VHOSTS_KNOWN_NAME /gdl/download.php|R|APACHE_VHOSTS_KNOWN_NAME /geccBB/index.php|R|APACHE_VHOSTS_KNOWN_NAME /geccBBlite/index.php|R|APACHE_VHOSTS_KNOWN_NAME /geneald/Index2.php|R|APACHE_VHOSTS_KNOWN_NAME /genealogie/Index2.php|R|APACHE_VHOSTS_KNOWN_NAME /genealogie_sql/Index2.php|R|APACHE_VHOSTS_KNOWN_NAME /genericshop/index.php|R|APACHE_VHOSTS_KNOWN_NAME /gen/obj/collectivite.class.php|R|APACHE_VHOSTS_KNOWN_NAME /GetSimple_2.01/index.php|R|APACHE_VHOSTS_KNOWN_NAME /getsimple/index.php|R|APACHE_VHOSTS_KNOWN_NAME /GetSimple/index.php|R|APACHE_VHOSTS_KNOWN_NAME /gfx/|R|APACHE_VHOSTS_KNOWN_NAME /Gigs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /gimtel/html/affich.php|R|APACHE_VHOSTS_KNOWN_NAME /glFusion/index.php|R|APACHE_VHOSTS_KNOWN_NAME /glfusion/public_html/index.php|R|APACHE_VHOSTS_KNOWN_NAME /global/|R|APACHE_VHOSTS_KNOWN_NAME /global.asa|R|APACHE_VHOSTS_KNOWN_NAME /global.asa\|R|APACHE_VHOSTS_KNOWN_NAME /gnat/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /gnat-tgp/gnat/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Gnat-TGP/gnat/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /go/about.php|R|APACHE_VHOSTS_KNOWN_NAME /golabi/Templates/default/index_logged.php|R|APACHE_VHOSTS_KNOWN_NAME /grades/index.php|R|APACHE_VHOSTS_KNOWN_NAME /gravity/index.php|R|APACHE_VHOSTS_KNOWN_NAME /grocery/|R|APACHE_VHOSTS_KNOWN_NAME /group-office/about.php|R|APACHE_VHOSTS_KNOWN_NAME /groupware/about.php|R|APACHE_VHOSTS_KNOWN_NAME /groupware/login.php|R|APACHE_VHOSTS_KNOWN_NAME /guest/|R|APACHE_VHOSTS_KNOWN_NAME /guestbook/|R|APACHE_VHOSTS_KNOWN_NAME /guestbook/ang/index.php|R|APACHE_VHOSTS_KNOWN_NAME /guestbook/guestbook.php|R|APACHE_VHOSTS_KNOWN_NAME /guestbook/index.php|R|APACHE_VHOSTS_KNOWN_NAME /guestbook.php|R|APACHE_VHOSTS_KNOWN_NAME /guests/|R|APACHE_VHOSTS_KNOWN_NAME /GW5/GWWEB.EXE|R|APACHE_VHOSTS_KNOWN_NAME /GWWEB.EXE|R|APACHE_VHOSTS_KNOWN_NAME /GXApp/|R|APACHE_VHOSTS_KNOWN_NAME /gzip_loader.php|R|APACHE_VHOSTS_KNOWN_NAME /handlers/getpage.php|R|APACHE_VHOSTS_KNOWN_NAME /HB/|R|APACHE_VHOSTS_KNOWN_NAME /HBTemplates/|R|APACHE_VHOSTS_KNOWN_NAME /help/|R|APACHE_VHOSTS_KNOWN_NAME /help/contents.htm|R|APACHE_VHOSTS_KNOWN_NAME /helpdesk/|R|APACHE_VHOSTS_KNOWN_NAME /helpdesk/common/login.php|R|APACHE_VHOSTS_KNOWN_NAME /hidden/|R|APACHE_VHOSTS_KNOWN_NAME /hide/|R|APACHE_VHOSTS_KNOWN_NAME /hints.pl|R|APACHE_VHOSTS_KNOWN_NAME /hitmatic/|R|APACHE_VHOSTS_KNOWN_NAME /hit_tracker/|R|APACHE_VHOSTS_KNOWN_NAME /hlstats/|R|APACHE_VHOSTS_KNOWN_NAME /home|R|APACHE_VHOSTS_KNOWN_NAME /home/|R|APACHE_VHOSTS_KNOWN_NAME /home.asp|R|APACHE_VHOSTS_KNOWN_NAME /home.cfm|R|APACHE_VHOSTS_KNOWN_NAME /home.cfml|R|APACHE_VHOSTS_KNOWN_NAME /horde/chora/cvs.php|R|APACHE_VHOSTS_KNOWN_NAME /horde/chora/horde/services/help/|R|APACHE_VHOSTS_KNOWN_NAME /horde/chora/README|R|APACHE_VHOSTS_KNOWN_NAME /horde/docs/CHANGES|R|APACHE_VHOSTS_KNOWN_NAME /horde/imp/|R|APACHE_VHOSTS_KNOWN_NAME /horde/lib/version.phps|R|APACHE_VHOSTS_KNOWN_NAME /horde/README|R|APACHE_VHOSTS_KNOWN_NAME /horde/services/help/|R|APACHE_VHOSTS_KNOWN_NAME /horde/status.php3|R|APACHE_VHOSTS_KNOWN_NAME /horde/test.php|R|APACHE_VHOSTS_KNOWN_NAME /hostingcontroller/|R|APACHE_VHOSTS_KNOWN_NAME /howto/|R|APACHE_VHOSTS_KNOWN_NAME /ht/|R|APACHE_VHOSTS_KNOWN_NAME /htaccess.txt|R|APACHE_VHOSTS_KNOWN_NAME /htbin/|R|APACHE_VHOSTS_KNOWN_NAME /htdocs/|R|APACHE_VHOSTS_KNOWN_NAME /htdocs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /htdocs/login.php|R|APACHE_VHOSTS_KNOWN_NAME /htdocs/user.php|R|APACHE_VHOSTS_KNOWN_NAME /html/|R|APACHE_VHOSTS_KNOWN_NAME /html/%3f.jsp|R|APACHE_VHOSTS_KNOWN_NAME /html/affich.php|R|APACHE_VHOSTS_KNOWN_NAME /html/index.php|R|APACHE_VHOSTS_KNOWN_NAME /html/phpmyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /html/phpMyAdmin/|R|APACHE_VHOSTS_KNOWN_NAME /htsearch|R|APACHE_VHOSTS_KNOWN_NAME http:/login.yahoo.com/status|R|APACHE_VHOSTS_KNOWN_NAME /hyperstat/|R|APACHE_VHOSTS_KNOWN_NAME /ibank/|R|APACHE_VHOSTS_KNOWN_NAME /ibill/|R|APACHE_VHOSTS_KNOWN_NAME /IBMWebAS/|R|APACHE_VHOSTS_KNOWN_NAME /idb/index.php|R|APACHE_VHOSTS_KNOWN_NAME /idea/|R|APACHE_VHOSTS_KNOWN_NAME /ideas/|R|APACHE_VHOSTS_KNOWN_NAME /iisadmin/|R|APACHE_VHOSTS_KNOWN_NAME /iisprotect/|R|APACHE_VHOSTS_KNOWN_NAME /iissamples/|R|APACHE_VHOSTS_KNOWN_NAME /ilohamail/|R|APACHE_VHOSTS_KNOWN_NAME /IlohaMail/|R|APACHE_VHOSTS_KNOWN_NAME /image/|R|APACHE_VHOSTS_KNOWN_NAME /image/index.php|R|APACHE_VHOSTS_KNOWN_NAME /imagenes/|R|APACHE_VHOSTS_KNOWN_NAME /imagery/|R|APACHE_VHOSTS_KNOWN_NAME /images/|R|APACHE_VHOSTS_KNOWN_NAME /images/%3f.jsp|R|APACHE_VHOSTS_KNOWN_NAME /images/gallery.php|R|APACHE_VHOSTS_KNOWN_NAME /i-mall.cgi|R|APACHE_VHOSTS_KNOWN_NAME /img/|R|APACHE_VHOSTS_KNOWN_NAME /imp/|R|APACHE_VHOSTS_KNOWN_NAME /import/|R|APACHE_VHOSTS_KNOWN_NAME /impreso/|R|APACHE_VHOSTS_KNOWN_NAME /inc/|R|APACHE_VHOSTS_KNOWN_NAME /include/|R|APACHE_VHOSTS_KNOWN_NAME /includes/|R|APACHE_VHOSTS_KNOWN_NAME /includes/esqueletos/skel_null.php|R|APACHE_VHOSTS_KNOWN_NAME /includes/include.php|R|APACHE_VHOSTS_KNOWN_NAME /includes/initsystem.php|R|APACHE_VHOSTS_KNOWN_NAME /includes/js/mambojavascript.js|R|APACHE_VHOSTS_KNOWN_NAME /includes/window_top.php|R|APACHE_VHOSTS_KNOWN_NAME /incoming/|R|APACHE_VHOSTS_KNOWN_NAME /inc/smarty/libs/init.php|R|APACHE_VHOSTS_KNOWN_NAME /indeks.php|R|APACHE_VHOSTS_KNOWN_NAME /index|R|APACHE_VHOSTS_KNOWN_NAME /index2.php|R|APACHE_VHOSTS_KNOWN_NAME /Index2.php|R|APACHE_VHOSTS_KNOWN_NAME /index.asp|R|APACHE_VHOSTS_KNOWN_NAME /index.cfm|R|APACHE_VHOSTS_KNOWN_NAME /index.cfml|R|APACHE_VHOSTS_KNOWN_NAME /index.cgi|R|APACHE_VHOSTS_KNOWN_NAME /index.hsp|R|APACHE_VHOSTS_KNOWN_NAME /index.htm.|R|APACHE_VHOSTS_KNOWN_NAME /index.js%70|R|APACHE_VHOSTS_KNOWN_NAME /index.php3|R|APACHE_VHOSTS_KNOWN_NAME /index.php4|R|APACHE_VHOSTS_KNOWN_NAME /index.php/Special/Main/Templates|R|APACHE_VHOSTS_KNOWN_NAME /index.php/Special:Version|R|APACHE_VHOSTS_KNOWN_NAME /index.pl|R|APACHE_VHOSTS_KNOWN_NAME /index.pl/homels|R|APACHE_VHOSTS_KNOWN_NAME /index.rb|R|APACHE_VHOSTS_KNOWN_NAME /info/|R|APACHE_VHOSTS_KNOWN_NAME /info.php|R|APACHE_VHOSTS_KNOWN_NAME /information/|R|APACHE_VHOSTS_KNOWN_NAME /infusions/book_panel/books.php|R|APACHE_VHOSTS_KNOWN_NAME /ingresa/|R|APACHE_VHOSTS_KNOWN_NAME /ingreso/|R|APACHE_VHOSTS_KNOWN_NAME /inserter.cgi|R|APACHE_VHOSTS_KNOWN_NAME /install/|R|APACHE_VHOSTS_KNOWN_NAME /Install/|R|APACHE_VHOSTS_KNOWN_NAME /install/index.php|R|APACHE_VHOSTS_KNOWN_NAME /internal/|R|APACHE_VHOSTS_KNOWN_NAME /interscan/cgi-bin/FtpSave.dll|R|APACHE_VHOSTS_KNOWN_NAME /intl/|R|APACHE_VHOSTS_KNOWN_NAME /intranet/|R|APACHE_VHOSTS_KNOWN_NAME /intruvert/jsp/admin/Login.jsp|R|APACHE_VHOSTS_KNOWN_NAME /inventory/|R|APACHE_VHOSTS_KNOWN_NAME /invitado/|R|APACHE_VHOSTS_KNOWN_NAME /invohost/site.php|R|APACHE_VHOSTS_KNOWN_NAME /INVOHOST/site.php|R|APACHE_VHOSTS_KNOWN_NAME /io/newfile.txt|R|APACHE_VHOSTS_KNOWN_NAME /ion-p.exe|R|APACHE_VHOSTS_KNOWN_NAME /ipb/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ipb/upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /irokez/ru/|R|APACHE_VHOSTS_KNOWN_NAME /isapi/|R|APACHE_VHOSTS_KNOWN_NAME /ispcp/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ispworker/module/biz/index.php|R|APACHE_VHOSTS_KNOWN_NAME /jaf/module/forum/main.php|R|APACHE_VHOSTS_KNOWN_NAME /jag/guestbook.php|R|APACHE_VHOSTS_KNOWN_NAME /JAG/guestbook.php|R|APACHE_VHOSTS_KNOWN_NAME /japidoc/|R|APACHE_VHOSTS_KNOWN_NAME /java/|R|APACHE_VHOSTS_KNOWN_NAME /javascript/|R|APACHE_VHOSTS_KNOWN_NAME /javasdk/|R|APACHE_VHOSTS_KNOWN_NAME /javatest/|R|APACHE_VHOSTS_KNOWN_NAME /jave/|R|APACHE_VHOSTS_KNOWN_NAME /jaxcms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /JaxCMS/index.php|R|APACHE_VHOSTS_KNOWN_NAME /JBookIt/|R|APACHE_VHOSTS_KNOWN_NAME /jdbc/|R|APACHE_VHOSTS_KNOWN_NAME /jgs_portal_statistik.php|R|APACHE_VHOSTS_KNOWN_NAME /job/|R|APACHE_VHOSTS_KNOWN_NAME /jobs/browse.php|R|APACHE_VHOSTS_KNOWN_NAME /Joomla150/index.php|R|APACHE_VHOSTS_KNOWN_NAME /joomla/.htaccess|R|APACHE_VHOSTS_KNOWN_NAME /joomla/includes/js/mambojavascript.js|R|APACHE_VHOSTS_KNOWN_NAME /joomla/index.php|R|APACHE_VHOSTS_KNOWN_NAME /joomla/templates/system/css/editor.css|R|APACHE_VHOSTS_KNOWN_NAME /jpgraph/docportal/index.html|R|APACHE_VHOSTS_KNOWN_NAME /jpgraph/index.html|R|APACHE_VHOSTS_KNOWN_NAME /jrun/|R|APACHE_VHOSTS_KNOWN_NAME /js/|R|APACHE_VHOSTS_KNOWN_NAME /jserv/|R|APACHE_VHOSTS_KNOWN_NAME /jslib/|R|APACHE_VHOSTS_KNOWN_NAME /jsp/|R|APACHE_VHOSTS_KNOWN_NAME /jsp/index.html|R|APACHE_VHOSTS_KNOWN_NAME /junk/|R|APACHE_VHOSTS_KNOWN_NAME /jv/www/index.php|R|APACHE_VHOSTS_KNOWN_NAME /kb/index.php|R|APACHE_VHOSTS_KNOWN_NAME /keyserver/|R|APACHE_VHOSTS_KNOWN_NAME /kiva/|R|APACHE_VHOSTS_KNOWN_NAME /kleinanzeigen/index.php3|R|APACHE_VHOSTS_KNOWN_NAME /kleinanzeigen/index.php4|R|APACHE_VHOSTS_KNOWN_NAME /kos2/changelog.txt|R|APACHE_VHOSTS_KNOWN_NAME /koschtit2/changelog.txt|R|APACHE_VHOSTS_KNOWN_NAME /koschtit/changelog.txt|R|APACHE_VHOSTS_KNOWN_NAME /labs/|R|APACHE_VHOSTS_KNOWN_NAME /lamp/phpmyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /lcgi|R|APACHE_VHOSTS_KNOWN_NAME /lcgi/|R|APACHE_VHOSTS_KNOWN_NAME /LCGI|R|APACHE_VHOSTS_KNOWN_NAME /lcgi-bin|R|APACHE_VHOSTS_KNOWN_NAME /lcgi/sewse.nlm|R|APACHE_VHOSTS_KNOWN_NAME /ldapadmin/htdocs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ldap/htdocs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /leap/|R|APACHE_VHOSTS_KNOWN_NAME /ledger/login.pl|R|APACHE_VHOSTS_KNOWN_NAME /left.php|R|APACHE_VHOSTS_KNOWN_NAME /legal/|R|APACHE_VHOSTS_KNOWN_NAME /lib/|R|APACHE_VHOSTS_KNOWN_NAME /libraries/|R|APACHE_VHOSTS_KNOWN_NAME /library/|R|APACHE_VHOSTS_KNOWN_NAME /library/lib.menu.php|R|APACHE_VHOSTS_KNOWN_NAME /libro/|R|APACHE_VHOSTS_KNOWN_NAME /lib/version.phps|R|APACHE_VHOSTS_KNOWN_NAME /license.php|R|APACHE_VHOSTS_KNOWN_NAME /lightneasy/LightNEasy.php|R|APACHE_VHOSTS_KNOWN_NAME /LightNEasy.php|R|APACHE_VHOSTS_KNOWN_NAME /limesurvey/admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /limny/index.php|R|APACHE_VHOSTS_KNOWN_NAME /limny/upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /links/|R|APACHE_VHOSTS_KNOWN_NAME /linkSpheric/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /linkSpheric/CHANGELOG|R|APACHE_VHOSTS_KNOWN_NAME /linpha/index.php|R|APACHE_VHOSTS_KNOWN_NAME /linux/|R|APACHE_VHOSTS_KNOWN_NAME /Lisez%20moi.txt|R|APACHE_VHOSTS_KNOWN_NAME /listinfo|R|APACHE_VHOSTS_KNOWN_NAME /listrec.pl|R|APACHE_VHOSTS_KNOWN_NAME /LiveZilla/index.php|R|APACHE_VHOSTS_KNOWN_NAME /lm_starmail_paidmail/index.php|R|APACHE_VHOSTS_KNOWN_NAME /loader/|R|APACHE_VHOSTS_KNOWN_NAME /localclassifieds/classifieds/Site_Admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /~log/|R|APACHE_VHOSTS_KNOWN_NAME /log/|R|APACHE_VHOSTS_KNOWN_NAME /Log/|R|APACHE_VHOSTS_KNOWN_NAME /logfile/|R|APACHE_VHOSTS_KNOWN_NAME /logfiles/|R|APACHE_VHOSTS_KNOWN_NAME /logg/|R|APACHE_VHOSTS_KNOWN_NAME /logger/|R|APACHE_VHOSTS_KNOWN_NAME /logging/|R|APACHE_VHOSTS_KNOWN_NAME /login/|R|APACHE_VHOSTS_KNOWN_NAME /login.cgi|R|APACHE_VHOSTS_KNOWN_NAME /login.htm|R|APACHE_VHOSTS_KNOWN_NAME /login_page.php|R|APACHE_VHOSTS_KNOWN_NAME /login.php|R|APACHE_VHOSTS_KNOWN_NAME /Login.php|R|APACHE_VHOSTS_KNOWN_NAME /login.pl|R|APACHE_VHOSTS_KNOWN_NAME /logon/|R|APACHE_VHOSTS_KNOWN_NAME /logs/|R|APACHE_VHOSTS_KNOWN_NAME /logs/awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /lost+found/|R|APACHE_VHOSTS_KNOWN_NAME /mahara/htdocs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /mail/|R|APACHE_VHOSTS_KNOWN_NAME /Mail/|R|APACHE_VHOSTS_KNOWN_NAME /mail2/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /mail/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /mail/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /mail.cgi|R|APACHE_VHOSTS_KNOWN_NAME /mail/default.aspx|R|APACHE_VHOSTS_KNOWN_NAME /mail/index.php|R|APACHE_VHOSTS_KNOWN_NAME /mail_log_files/|R|APACHE_VHOSTS_KNOWN_NAME /mail/login.php|R|APACHE_VHOSTS_KNOWN_NAME /mailman/|R|APACHE_VHOSTS_KNOWN_NAME /mailman/listinfo|R|APACHE_VHOSTS_KNOWN_NAME /mailroot/|R|APACHE_VHOSTS_KNOWN_NAME /main.cgi|R|APACHE_VHOSTS_KNOWN_NAME /main_login.asp|R|APACHE_VHOSTS_KNOWN_NAME /main.php|R|APACHE_VHOSTS_KNOWN_NAME /makefile/|R|APACHE_VHOSTS_KNOWN_NAME /mall_log_files/|R|APACHE_VHOSTS_KNOWN_NAME /mambo/htaccess.txt|R|APACHE_VHOSTS_KNOWN_NAME /mambo/includes/js/mambojavascript.js|R|APACHE_VHOSTS_KNOWN_NAME /mambo/index.php|R|APACHE_VHOSTS_KNOWN_NAME /mambo/README.php|R|APACHE_VHOSTS_KNOWN_NAME /manage/|R|APACHE_VHOSTS_KNOWN_NAME /manager/index.php|R|APACHE_VHOSTS_KNOWN_NAME /manpage/index.php|R|APACHE_VHOSTS_KNOWN_NAME /mantisbt/login_page.php|R|APACHE_VHOSTS_KNOWN_NAME /mantis/login_page.php|R|APACHE_VHOSTS_KNOWN_NAME /manual/|R|APACHE_VHOSTS_KNOWN_NAME /manual/ag/contents.htm|R|APACHE_VHOSTS_KNOWN_NAME /map/admin/updatelist.php|R|APACHE_VHOSTS_KNOWN_NAME /marketing/|R|APACHE_VHOSTS_KNOWN_NAME /md/index.php|R|APACHE_VHOSTS_KNOWN_NAME /mdpro/index.php|R|APACHE_VHOSTS_KNOWN_NAME /mediawiki/index.php/Special:Version|R|APACHE_VHOSTS_KNOWN_NAME /member/|R|APACHE_VHOSTS_KNOWN_NAME /members/|R|APACHE_VHOSTS_KNOWN_NAME /_mem_bin/|R|APACHE_VHOSTS_KNOWN_NAME /mercuryboard/|R|APACHE_VHOSTS_KNOWN_NAME /mercuryboard/index.php|R|APACHE_VHOSTS_KNOWN_NAME /message/|R|APACHE_VHOSTS_KNOWN_NAME /messaging/|R|APACHE_VHOSTS_KNOWN_NAME /MessagingManager/|R|APACHE_VHOSTS_KNOWN_NAME /metacart/|R|APACHE_VHOSTS_KNOWN_NAME /metadot/index.pl|R|APACHE_VHOSTS_KNOWN_NAME /microcms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /misc/|R|APACHE_VHOSTS_KNOWN_NAME /mkstats/|R|APACHE_VHOSTS_KNOWN_NAME /mlog.html|R|APACHE_VHOSTS_KNOWN_NAME /module/biz/index.php|R|APACHE_VHOSTS_KNOWN_NAME /module/forum/main.php|R|APACHE_VHOSTS_KNOWN_NAME /module.php|R|APACHE_VHOSTS_KNOWN_NAME /modules/module_db.php|R|APACHE_VHOSTS_KNOWN_NAME /modules/news/index.php|R|APACHE_VHOSTS_KNOWN_NAME /modules.php|R|APACHE_VHOSTS_KNOWN_NAME /modules/plain/adminpart/addplain.php|R|APACHE_VHOSTS_KNOWN_NAME /modx/manager/index.php|R|APACHE_VHOSTS_KNOWN_NAME /modx/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php|R|APACHE_VHOSTS_KNOWN_NAME /moin/SystemInfo|R|APACHE_VHOSTS_KNOWN_NAME /mollify/backend/plugin/Registration/index.php|R|APACHE_VHOSTS_KNOWN_NAME /monitoring/index.php|R|APACHE_VHOSTS_KNOWN_NAME /monitoring/main.php|R|APACHE_VHOSTS_KNOWN_NAME /moodle/index.php|R|APACHE_VHOSTS_KNOWN_NAME /movimientos/|R|APACHE_VHOSTS_KNOWN_NAME /moziloCMS/index.php|R|APACHE_VHOSTS_KNOWN_NAME /mp3/|R|APACHE_VHOSTS_KNOWN_NAME /mp3s/|R|APACHE_VHOSTS_KNOWN_NAME /mqseries/|R|APACHE_VHOSTS_KNOWN_NAME /mrbs1261/web/help.php|R|APACHE_VHOSTS_KNOWN_NAME /mrtg.cgi|R|APACHE_VHOSTS_KNOWN_NAME /msql/|R|APACHE_VHOSTS_KNOWN_NAME /mss2/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /Msword/|R|APACHE_VHOSTS_KNOWN_NAME /MSWSMTP/Common/Authentication/Logon.aspx|R|APACHE_VHOSTS_KNOWN_NAME /mt.cgi|R|APACHE_VHOSTS_KNOWN_NAME /mt/mt.cgi|R|APACHE_VHOSTS_KNOWN_NAME /mundimail/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /myaccount/|R|APACHE_VHOSTS_KNOWN_NAME /myadmin/|R|APACHE_VHOSTS_KNOWN_NAME /MyAdmin/|R|APACHE_VHOSTS_KNOWN_NAME /myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /myadmin/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /mybackup/down.php|R|APACHE_VHOSTS_KNOWN_NAME /mydatabase/|R|APACHE_VHOSTS_KNOWN_NAME /mydb/|R|APACHE_VHOSTS_KNOWN_NAME /mylog.html|R|APACHE_VHOSTS_KNOWN_NAME /mymsg/Login.php|R|APACHE_VHOSTS_KNOWN_NAME /myphp/|R|APACHE_VHOSTS_KNOWN_NAME /mysql/|R|APACHE_VHOSTS_KNOWN_NAME /mysql_admin/|R|APACHE_VHOSTS_KNOWN_NAME /mysql-admin/|R|APACHE_VHOSTS_KNOWN_NAME /mysql/admin/|R|APACHE_VHOSTS_KNOWN_NAME /mysqladmin/|R|APACHE_VHOSTS_KNOWN_NAME /mysql-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysqladmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysqladmin/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/dbadmin/|R|APACHE_VHOSTS_KNOWN_NAME /mysql/dbadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/db/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysqlmanager/|R|APACHE_VHOSTS_KNOWN_NAME /mysqlmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/mysql-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/mysqladmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/mysql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/mysqlmanager/|R|APACHE_VHOSTS_KNOWN_NAME /mysql/mysqlmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.2.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.2.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.5.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.5.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.5.5/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.5.5-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.5.5-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.5.5-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.5.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.5.6-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.5.6-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.5.7/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.5.7-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.0-alpha2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.0-alpha/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.0-beta2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.0-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.0-rc3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.1-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.1-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.1-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.1-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.2-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.2-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.2-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.3-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.3-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.4-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.4-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.4-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.4-pl4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.6.4-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.7.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.7.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.7.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.7.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.7.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.8.0.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.8.0.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.8.0.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.8.0.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.8.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.8.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.8.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.8.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.8.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.8.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2.8.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpmyadmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin-2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/php-my-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/php-myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpmy-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpmyadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/phpMyAdmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/pma2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/pMA2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/pma2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/pMA2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/p/m/a/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/pMA/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/scripts/setup.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/sqlmanager/|R|APACHE_VHOSTS_KNOWN_NAME /mysql/sqlmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/sqlweb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/webadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/webdb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/web/main.php|R|APACHE_VHOSTS_KNOWN_NAME /mysql/websql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /nagios/login.php|R|APACHE_VHOSTS_KNOWN_NAME /nagios/main.php|R|APACHE_VHOSTS_KNOWN_NAME /nagiosxi/login.php|R|APACHE_VHOSTS_KNOWN_NAME /nakid/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Nakid/index.php|R|APACHE_VHOSTS_KNOWN_NAME /nanocms/data/nanoadmin.php|R|APACHE_VHOSTS_KNOWN_NAME /napro4/index.php|R|APACHE_VHOSTS_KNOWN_NAME /natterchat/home.asp|R|APACHE_VHOSTS_KNOWN_NAME /ncadmin/|R|APACHE_VHOSTS_KNOWN_NAME /nchelp/|R|APACHE_VHOSTS_KNOWN_NAME /ncsample/|R|APACHE_VHOSTS_KNOWN_NAME /net2ftp/index.php|R|APACHE_VHOSTS_KNOWN_NAME /netautor/napro4/index.php|R|APACHE_VHOSTS_KNOWN_NAME /netbasic/|R|APACHE_VHOSTS_KNOWN_NAME /netbasic/websinfo.bas|R|APACHE_VHOSTS_KNOWN_NAME /netcat/|R|APACHE_VHOSTS_KNOWN_NAME /NetDynamic/|R|APACHE_VHOSTS_KNOWN_NAME /NetDynamics/|R|APACHE_VHOSTS_KNOWN_NAME /netmagstats/|R|APACHE_VHOSTS_KNOWN_NAME /netpet/index.php|R|APACHE_VHOSTS_KNOWN_NAME /netpet/netpet/index.php|R|APACHE_VHOSTS_KNOWN_NAME /netrisk/index.php|R|APACHE_VHOSTS_KNOWN_NAME /netscape/|R|APACHE_VHOSTS_KNOWN_NAME /netshare/|R|APACHE_VHOSTS_KNOWN_NAME /nettracker/|R|APACHE_VHOSTS_KNOWN_NAME /new/|R|APACHE_VHOSTS_KNOWN_NAME /news/|R|APACHE_VHOSTS_KNOWN_NAME /News/|R|APACHE_VHOSTS_KNOWN_NAME /news/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /news/index.php|R|APACHE_VHOSTS_KNOWN_NAME /news.php|R|APACHE_VHOSTS_KNOWN_NAME /newuser|R|APACHE_VHOSTS_KNOWN_NAME /nextgeneration/|R|APACHE_VHOSTS_KNOWN_NAME /nforum/showtheme.php|R|APACHE_VHOSTS_KNOWN_NAME /niet1096998378.cfm|R|APACHE_VHOSTS_KNOWN_NAME /niet136504155/|R|APACHE_VHOSTS_KNOWN_NAME /niet1594099998.php3|R|APACHE_VHOSTS_KNOWN_NAME /niet1761114381.jsp|R|APACHE_VHOSTS_KNOWN_NAME /niet1789598389.asp|R|APACHE_VHOSTS_KNOWN_NAME /niet1962778067.html|R|APACHE_VHOSTS_KNOWN_NAME /niet2043658978.|R|APACHE_VHOSTS_KNOWN_NAME /niet2049461050.shtm|R|APACHE_VHOSTS_KNOWN_NAME /niet205402687.php|R|APACHE_VHOSTS_KNOWN_NAME /niet361032821.shtml|R|APACHE_VHOSTS_KNOWN_NAME /niet536604911.htm|R|APACHE_VHOSTS_KNOWN_NAME /niet773357216.php4|R|APACHE_VHOSTS_KNOWN_NAME /nl/|R|APACHE_VHOSTS_KNOWN_NAME /nodatabase/LightNEasy.php|R|APACHE_VHOSTS_KNOWN_NAME /Nodesforum/erase_user_data.php|R|APACHE_VHOSTS_KNOWN_NAME /nodesforum/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Nodesforum/index.php|R|APACHE_VHOSTS_KNOWN_NAME /NonExistant539180969/|R|APACHE_VHOSTS_KNOWN_NAME /nonexistent_please_dont_exist|R|APACHE_VHOSTS_KNOWN_NAME /nosuchfile-10303-10310.php3|R|APACHE_VHOSTS_KNOWN_NAME /_notes/|R|APACHE_VHOSTS_KNOWN_NAME /notftp/index.php|R|APACHE_VHOSTS_KNOWN_NAME /noticias/|R|APACHE_VHOSTS_KNOWN_NAME /novaboard/index.php|R|APACHE_VHOSTS_KNOWN_NAME /nph-mr.cgi|R|APACHE_VHOSTS_KNOWN_NAME /nqt/nqt.php|R|APACHE_VHOSTS_KNOWN_NAME /NSearch/|R|APACHE_VHOSTS_KNOWN_NAME /nsn/..%5Cutil/chkvol.bas|R|APACHE_VHOSTS_KNOWN_NAME /nsn/..%5Cutil/dir.bas|R|APACHE_VHOSTS_KNOWN_NAME /nsn/..%5Cutil/glist.bas|R|APACHE_VHOSTS_KNOWN_NAME /nsn/..%5Cutil/lancard.bas|R|APACHE_VHOSTS_KNOWN_NAME /nsn/..%5Cutil/set.bas|R|APACHE_VHOSTS_KNOWN_NAME /nsn/..%5Cutil/userlist.bas|R|APACHE_VHOSTS_KNOWN_NAME /nsn/..%5Cwebdemo/fdir.bas|R|APACHE_VHOSTS_KNOWN_NAME /nsn/..%5Cweb/env.bas|R|APACHE_VHOSTS_KNOWN_NAME /nsn/env.bas|R|APACHE_VHOSTS_KNOWN_NAME /nsn/fdir.bas|R|APACHE_VHOSTS_KNOWN_NAME /nubuilder/productionnu2/fileuploader.php|R|APACHE_VHOSTS_KNOWN_NAME /nubuilder/productionnu2/report.php|R|APACHE_VHOSTS_KNOWN_NAME /NULL.ida|R|APACHE_VHOSTS_KNOWN_NAME /NULL.printer|R|APACHE_VHOSTS_KNOWN_NAME /obj/|R|APACHE_VHOSTS_KNOWN_NAME /_objects/|R|APACHE_VHOSTS_KNOWN_NAME /objects/|R|APACHE_VHOSTS_KNOWN_NAME /ocsreports/index.php|R|APACHE_VHOSTS_KNOWN_NAME /odbc/|R|APACHE_VHOSTS_KNOWN_NAME /offers/|R|APACHE_VHOSTS_KNOWN_NAME /oi/index.php|R|APACHE_VHOSTS_KNOWN_NAME /_old/|R|APACHE_VHOSTS_KNOWN_NAME /old/|R|APACHE_VHOSTS_KNOWN_NAME /old_files/|R|APACHE_VHOSTS_KNOWN_NAME /oldfiles/|R|APACHE_VHOSTS_KNOWN_NAME /oldnews_reader.php|R|APACHE_VHOSTS_KNOWN_NAME /onlinegrades/index.php|R|APACHE_VHOSTS_KNOWN_NAME /oozv1657/common/login.php|R|APACHE_VHOSTS_KNOWN_NAME /open_audit/index.php|R|APACHE_VHOSTS_KNOWN_NAME /open-audit/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openaudit/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openbb/board.php|R|APACHE_VHOSTS_KNOWN_NAME /opencart/index.php|R|APACHE_VHOSTS_KNOWN_NAME /opendb/login.php|R|APACHE_VHOSTS_KNOWN_NAME /opendocman/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openengine/cms/website.php|R|APACHE_VHOSTS_KNOWN_NAME /openforum/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openmairie_annuaire/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Openmairie_Annuaire/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openmairie_catalogue/doc/catalogue.html|R|APACHE_VHOSTS_KNOWN_NAME /Openmairie_Catalogue/doc/catalogue.html|R|APACHE_VHOSTS_KNOWN_NAME /openmairie_cimetiere/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Openmairie_Cimetiere/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openmairie_cominterne/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Openmairie_Cominterne/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openmairie_courrier/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Openmairie_Courrier/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openmairie_foncier/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Openmairie_Foncier/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openmairie_planning/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Openmairie_Planning/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openmairie_presse/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Openmairie_Presse/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openmairie_registreCIL/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Openmairie_RegistreCIL/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openmairie_stock/scr/soustab.php|R|APACHE_VHOSTS_KNOWN_NAME /openmairie_Tel/scr/soustab.php|R|APACHE_VHOSTS_KNOWN_NAME /openpro/login.php|R|APACHE_VHOSTS_KNOWN_NAME /openstock/scr/soustab.php|R|APACHE_VHOSTS_KNOWN_NAME /opentel/scr/soustab.php|R|APACHE_VHOSTS_KNOWN_NAME /openurgence_vaccin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openurgencevaccin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /openwebmail-cgi/openwebmail.pl|R|APACHE_VHOSTS_KNOWN_NAME /openwebmail.pl|R|APACHE_VHOSTS_KNOWN_NAME /openx/www/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /opnfrm/index.php|R|APACHE_VHOSTS_KNOWN_NAME /oprocmgr-service/|R|APACHE_VHOSTS_KNOWN_NAME /oprocmgr-status/|R|APACHE_VHOSTS_KNOWN_NAME /OPT127MAX/opt/index.php|R|APACHE_VHOSTS_KNOWN_NAME /opt/index.php|R|APACHE_VHOSTS_KNOWN_NAME /oracle/|R|APACHE_VHOSTS_KNOWN_NAME /oradata/|R|APACHE_VHOSTS_KNOWN_NAME /orangehrm/login.php|R|APACHE_VHOSTS_KNOWN_NAME /orbis/admin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /Orbis/admin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /order/|R|APACHE_VHOSTS_KNOWN_NAME /order.php|R|APACHE_VHOSTS_KNOWN_NAME /orders/|R|APACHE_VHOSTS_KNOWN_NAME /organizer/view.php|R|APACHE_VHOSTS_KNOWN_NAME /ortro/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ortro/www/index.php|R|APACHE_VHOSTS_KNOWN_NAME /osc/admin/includes/applications/services/pages/uninstall.php|R|APACHE_VHOSTS_KNOWN_NAME /osc/index.php|R|APACHE_VHOSTS_KNOWN_NAME /oscommerce/index.php|R|APACHE_VHOSTS_KNOWN_NAME /osCSS/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ossim/session/login.php|R|APACHE_VHOSTS_KNOWN_NAME /otrs/index.pl|R|APACHE_VHOSTS_KNOWN_NAME /OTRS/index.pl|R|APACHE_VHOSTS_KNOWN_NAME /ou/gen/obj/collectivite.class.php|R|APACHE_VHOSTS_KNOWN_NAME /outgoing/|R|APACHE_VHOSTS_KNOWN_NAME /owls/glossaries/index.php|R|APACHE_VHOSTS_KNOWN_NAME /owners/|R|APACHE_VHOSTS_KNOWN_NAME /ows-bin/perlidlc.bat|R|APACHE_VHOSTS_KNOWN_NAME /oxid-eshop/index.php|R|APACHE_VHOSTS_KNOWN_NAME /oxid/index.php|R|APACHE_VHOSTS_KNOWN_NAME /_pages/|R|APACHE_VHOSTS_KNOWN_NAME /pages/|R|APACHE_VHOSTS_KNOWN_NAME /pages.php|R|APACHE_VHOSTS_KNOWN_NAME /pandora_console/index.php|R|APACHE_VHOSTS_KNOWN_NAME /parser/parser.php|R|APACHE_VHOSTS_KNOWN_NAME /passman/index.php|R|APACHE_VHOSTS_KNOWN_NAME /passport/|R|APACHE_VHOSTS_KNOWN_NAME /passwiki/index.php|R|APACHE_VHOSTS_KNOWN_NAME /passwiki/passwiki.php|R|APACHE_VHOSTS_KNOWN_NAME /passwiki.php|R|APACHE_VHOSTS_KNOWN_NAME /password/|R|APACHE_VHOSTS_KNOWN_NAME /_passwords/|R|APACHE_VHOSTS_KNOWN_NAME /passwords/|R|APACHE_VHOSTS_KNOWN_NAME /payment/|R|APACHE_VHOSTS_KNOWN_NAME /payments/|R|APACHE_VHOSTS_KNOWN_NAME /pb/index.php|R|APACHE_VHOSTS_KNOWN_NAME /pccsmysqladm/|R|APACHE_VHOSTS_KNOWN_NAME /PDG_Cart/|R|APACHE_VHOSTS_KNOWN_NAME /pds/index.php|R|APACHE_VHOSTS_KNOWN_NAME /pecio-2.0.5/index.php|R|APACHE_VHOSTS_KNOWN_NAME /pecio_cms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /pecio-cms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /pecio/index.php|R|APACHE_VHOSTS_KNOWN_NAME /perl/|R|APACHE_VHOSTS_KNOWN_NAME /perl5/|R|APACHE_VHOSTS_KNOWN_NAME /perl/samples/env.pl|R|APACHE_VHOSTS_KNOWN_NAME /perl/samples/lancgi.pl|R|APACHE_VHOSTS_KNOWN_NAME /perl/samples/ndslogin.pl|R|APACHE_VHOSTS_KNOWN_NAME /perl/samples/volscgi.pl|R|APACHE_VHOSTS_KNOWN_NAME /personal/|R|APACHE_VHOSTS_KNOWN_NAME /personal_pages/|R|APACHE_VHOSTS_KNOWN_NAME /petition/signing_system-admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /pforum/|R|APACHE_VHOSTS_KNOWN_NAME /phorum/|R|APACHE_VHOSTS_KNOWN_NAME /phorum/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /photo/index.php|R|APACHE_VHOSTS_KNOWN_NAME /photopost/index.php|R|APACHE_VHOSTS_KNOWN_NAME /photos/index.php|R|APACHE_VHOSTS_KNOWN_NAME /photos/search.php|R|APACHE_VHOSTS_KNOWN_NAME /php/|R|APACHE_VHOSTS_KNOWN_NAME /phpaaCMS/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpadm/|R|APACHE_VHOSTS_KNOWN_NAME /phpadmin/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpalbum/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpBazar/index.php|R|APACHE_VHOSTS_KNOWN_NAME /PHPBazar/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpBB/|R|APACHE_VHOSTS_KNOWN_NAME /phpBB307-pl1/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpbb/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpBB/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpbiblesearch/bible.php|R|APACHE_VHOSTS_KNOWN_NAME /phpbt/index.php|R|APACHE_VHOSTS_KNOWN_NAME /php-calendar/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpcdb/firstvisit.php|R|APACHE_VHOSTS_KNOWN_NAME /php_classes/|R|APACHE_VHOSTS_KNOWN_NAME /phpclassifieds/|R|APACHE_VHOSTS_KNOWN_NAME /phpCoin165/license.php|R|APACHE_VHOSTS_KNOWN_NAME /phpcoin/license.php|R|APACHE_VHOSTS_KNOWN_NAME /phpcom/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpDatingClub/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpfinance/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpfootball/filter.php|R|APACHE_VHOSTS_KNOWN_NAME /phpforum/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpgroupware/login.php|R|APACHE_VHOSTS_KNOWN_NAME /phpgw/login.php|R|APACHE_VHOSTS_KNOWN_NAME /phpicalendar/print.php|R|APACHE_VHOSTS_KNOWN_NAME /phpimageview/|R|APACHE_VHOSTS_KNOWN_NAME /phpinfo.php|R|APACHE_VHOSTS_KNOWN_NAME /phpkick/index.php|R|APACHE_VHOSTS_KNOWN_NAME /PHPKick/index.php|R|APACHE_VHOSTS_KNOWN_NAME /php/kleinanzeigen/index.php3|R|APACHE_VHOSTS_KNOWN_NAME /php/kleinanzeigen/index.php4|R|APACHE_VHOSTS_KNOWN_NAME /phpldapadmin/htdocs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phplinkadmin/edlink.php|R|APACHE_VHOSTS_KNOWN_NAME /phplive/index.php|R|APACHE_VHOSTS_KNOWN_NAME /php/login/|R|APACHE_VHOSTS_KNOWN_NAME /php/login.php|R|APACHE_VHOSTS_KNOWN_NAME /phpma/|R|APACHE_VHOSTS_KNOWN_NAME /PHPMA/|R|APACHE_VHOSTS_KNOWN_NAME /phpmanager/|R|APACHE_VHOSTS_KNOWN_NAME /phpmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /php/mlog.html|R|APACHE_VHOSTS_KNOWN_NAME /phpmv2/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpmy/|R|APACHE_VHOSTS_KNOWN_NAME /php-my-admin/|R|APACHE_VHOSTS_KNOWN_NAME /php-myadmin/|R|APACHE_VHOSTS_KNOWN_NAME /phpmy-admin/|R|APACHE_VHOSTS_KNOWN_NAME /phpmyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /phpmyAdmin/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin/|R|APACHE_VHOSTS_KNOWN_NAME /phpmyadmin1/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpmyadmin2/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin2/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.11.5.1-all-languages/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.11.6-all-languages/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.11.7.1-all-languages/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.11.7.1-all-languages-utf-8-only/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.2.3/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.2.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.2.3/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.2.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.2.7-pl1/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.5/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.5-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.5-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.5-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.6-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.6-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.6/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.7/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.7-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.5.7-pl1/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0-alpha2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0-alpha/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0-beta2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0-pl1/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0-pl3/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0-rc3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.0/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.1-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.1-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.1-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.1-pl3/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.1-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.2-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.2-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.2-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.3/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.3-pl1/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.3-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.3-pl1/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.3-rc1/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.3-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4-pl1/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4-pl2/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4-pl3/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4-pl4/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4-pl4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4-rc1/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.6.4/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.7.0/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.7.0-beta1/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.7.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.7.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.7.0-pl1/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.7.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.7.0-pl2/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.7.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.7.0-rc1/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.7.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0.1/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0.2/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0.3/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0.4/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0-beta1/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.1/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.1-rc1/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.2/|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2.8.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpmyadmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin-2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpmyadmin2/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpmyadmin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /php-my-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /php-myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpmy-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpmyadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /phpmyadmin/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /phpmyadmin/scripts/setup.php|R|APACHE_VHOSTS_KNOWN_NAME /phpMyAdmin/scripts/setup.php|R|APACHE_VHOSTS_KNOWN_NAME /phpmyfaq/index.php|R|APACHE_VHOSTS_KNOWN_NAME /php/mylog.html|R|APACHE_VHOSTS_KNOWN_NAME /php/mytutos.php|R|APACHE_VHOSTS_KNOWN_NAME /phpmyvisites/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpnagios/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpNagios/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpnuke/|R|APACHE_VHOSTS_KNOWN_NAME /php-nuke/html/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpnuke/html/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpPhotoAlbum/|R|APACHE_VHOSTS_KNOWN_NAME /php/php.exe|R|APACHE_VHOSTS_KNOWN_NAME /php-ping.php|R|APACHE_VHOSTS_KNOWN_NAME /phppma/|R|APACHE_VHOSTS_KNOWN_NAME /phpprojekt/|R|APACHE_VHOSTS_KNOWN_NAME /phpqa/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpqa/phpqa/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phprainchecks/settings.php|R|APACHE_VHOSTS_KNOWN_NAME /phprecipebook/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phprocketaddin/|R|APACHE_VHOSTS_KNOWN_NAME /phpSecurePages/|R|APACHE_VHOSTS_KNOWN_NAME /phpshop/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpsurveyor/admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /phpsysinfo/inc/hook_admin.inc.php|R|APACHE_VHOSTS_KNOWN_NAME /phpThumb.demo.demo.php|R|APACHE_VHOSTS_KNOWN_NAME /phpThumb/demo/phpThumb.demo.demo.php|R|APACHE_VHOSTS_KNOWN_NAME /phpticket/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phptraverser/assets/plugins/mp3_id/mp3_id.php|R|APACHE_VHOSTS_KNOWN_NAME /phpttcket/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phptt/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpunity.newsmanager/tmpl/news_main.htm|R|APACHE_VHOSTS_KNOWN_NAME /Phpunity_Newsmanager/tmpl/news_main.htm|R|APACHE_VHOSTS_KNOWN_NAME /phpvidz_0.9.5/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpvidz/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpwebgallery/category.php|R|APACHE_VHOSTS_KNOWN_NAME /phpwebthings/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phpx/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phreebooks/index.php|R|APACHE_VHOSTS_KNOWN_NAME /phreeBooks/index.php|R|APACHE_VHOSTS_KNOWN_NAME /piranha/|R|APACHE_VHOSTS_KNOWN_NAME /PithCMS/oldnews_reader.php|R|APACHE_VHOSTS_KNOWN_NAME /pivot/index.php|R|APACHE_VHOSTS_KNOWN_NAME /pivot/modules/module_db.php|R|APACHE_VHOSTS_KNOWN_NAME /pivot/pivot/index.php|R|APACHE_VHOSTS_KNOWN_NAME /pligg/index.php|R|APACHE_VHOSTS_KNOWN_NAME /pls/|R|APACHE_VHOSTS_KNOWN_NAME /plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/tinybrowser.php|R|APACHE_VHOSTS_KNOWN_NAME /p/m/a/|R|APACHE_VHOSTS_KNOWN_NAME /pma/|R|APACHE_VHOSTS_KNOWN_NAME /pma2005/|R|APACHE_VHOSTS_KNOWN_NAME /PMA2005/|R|APACHE_VHOSTS_KNOWN_NAME /pma2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /PMA2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /pma2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /PMA2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /pma2009/|R|APACHE_VHOSTS_KNOWN_NAME /PMA2009/|R|APACHE_VHOSTS_KNOWN_NAME /pmaadmin/|R|APACHE_VHOSTS_KNOWN_NAME /pmadmin/|R|APACHE_VHOSTS_KNOWN_NAME /pma/index.php|R|APACHE_VHOSTS_KNOWN_NAME /p/m/a/main.php|R|APACHE_VHOSTS_KNOWN_NAME /PMA/main.php|R|APACHE_VHOSTS_KNOWN_NAME /PMA/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /pma/scripts/setup.php|R|APACHE_VHOSTS_KNOWN_NAME /pmwiki.php|R|APACHE_VHOSTS_KNOWN_NAME /pmwiki/pmwiki.php|R|APACHE_VHOSTS_KNOWN_NAME /podcast/index.php|R|APACHE_VHOSTS_KNOWN_NAME /poll/|R|APACHE_VHOSTS_KNOWN_NAME /poll/admin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /poll/admin/lost-pass.php|R|APACHE_VHOSTS_KNOWN_NAME /pollit/Poll_It_SSI_v2.0.cgi|R|APACHE_VHOSTS_KNOWN_NAME /polls/|R|APACHE_VHOSTS_KNOWN_NAME /portal/ajaxp_backend.php|R|APACHE_VHOSTS_KNOWN_NAME /portal/includes/esqueletos/skel_null.php|R|APACHE_VHOSTS_KNOWN_NAME /portal/index.php|R|APACHE_VHOSTS_KNOWN_NAME /portal/install/index.php|R|APACHE_VHOSTS_KNOWN_NAME /portfolio_genre.php|R|APACHE_VHOSTS_KNOWN_NAME /postgres/|R|APACHE_VHOSTS_KNOWN_NAME /postnuke/index.php|R|APACHE_VHOSTS_KNOWN_NAME /pphlogger/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ppim/Readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /ppwb/|R|APACHE_VHOSTS_KNOWN_NAME /printers/|R|APACHE_VHOSTS_KNOWN_NAME /print.php|R|APACHE_VHOSTS_KNOWN_NAME /priv/|R|APACHE_VHOSTS_KNOWN_NAME /privado/|R|APACHE_VHOSTS_KNOWN_NAME /_private/|R|APACHE_VHOSTS_KNOWN_NAME /private/|R|APACHE_VHOSTS_KNOWN_NAME /prod/|R|APACHE_VHOSTS_KNOWN_NAME /product.comparision.php|R|APACHE_VHOSTS_KNOWN_NAME /productionnu2/fileuploader.php|R|APACHE_VHOSTS_KNOWN_NAME /productionnu2/report.php|R|APACHE_VHOSTS_KNOWN_NAME /products/boat-webdesign/www/detail.asp|R|APACHE_VHOSTS_KNOWN_NAME /products/boat-webdesign/wwwprintdetail.asp|R|APACHE_VHOSTS_KNOWN_NAME /projects/TotalCalendar/index.php|R|APACHE_VHOSTS_KNOWN_NAME /proquiz/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /protected/|R|APACHE_VHOSTS_KNOWN_NAME /prueba/|R|APACHE_VHOSTS_KNOWN_NAME /pruebas/|R|APACHE_VHOSTS_KNOWN_NAME /prv/|R|APACHE_VHOSTS_KNOWN_NAME /pub/|R|APACHE_VHOSTS_KNOWN_NAME /public/|R|APACHE_VHOSTS_KNOWN_NAME /publica/|R|APACHE_VHOSTS_KNOWN_NAME /publicar/|R|APACHE_VHOSTS_KNOWN_NAME /public/code/cp_dpage.php|R|APACHE_VHOSTS_KNOWN_NAME /public/code/index.php|R|APACHE_VHOSTS_KNOWN_NAME /publico/|R|APACHE_VHOSTS_KNOWN_NAME /public/view.php|R|APACHE_VHOSTS_KNOWN_NAME /publish/|R|APACHE_VHOSTS_KNOWN_NAME /publisher/|R|APACHE_VHOSTS_KNOWN_NAME /pulsecms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /pulse/index.php|R|APACHE_VHOSTS_KNOWN_NAME /purchase/|R|APACHE_VHOSTS_KNOWN_NAME /purchases/|R|APACHE_VHOSTS_KNOWN_NAME /puttest1.html|R|APACHE_VHOSTS_KNOWN_NAME /pw/|R|APACHE_VHOSTS_KNOWN_NAME /qql/|R|APACHE_VHOSTS_KNOWN_NAME /quixplore/index.php|R|APACHE_VHOSTS_KNOWN_NAME /quixplorer_2_3/index.php|R|APACHE_VHOSTS_KNOWN_NAME /quixplorer/index.php|R|APACHE_VHOSTS_KNOWN_NAME /qwerty/index.php|R|APACHE_VHOSTS_KNOWN_NAME /rainchecks/settings.php|R|APACHE_VHOSTS_KNOWN_NAME /random_banner/|R|APACHE_VHOSTS_KNOWN_NAME /rc/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /r.cgi|R|APACHE_VHOSTS_KNOWN_NAME /rdp/|R|APACHE_VHOSTS_KNOWN_NAME /Readme/|R|APACHE_VHOSTS_KNOWN_NAME /README|R|APACHE_VHOSTS_KNOWN_NAME /README/|R|APACHE_VHOSTS_KNOWN_NAME /README.php|R|APACHE_VHOSTS_KNOWN_NAME /readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /Readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /README.txt|R|APACHE_VHOSTS_KNOWN_NAME /recipebook/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ref/|R|APACHE_VHOSTS_KNOWN_NAME /register/|R|APACHE_VHOSTS_KNOWN_NAME /registered/|R|APACHE_VHOSTS_KNOWN_NAME /register.php|R|APACHE_VHOSTS_KNOWN_NAME /rem/|R|APACHE_VHOSTS_KNOWN_NAME /Remote/|R|APACHE_VHOSTS_KNOWN_NAME /report/|R|APACHE_VHOSTS_KNOWN_NAME /reports/|R|APACHE_VHOSTS_KNOWN_NAME /reseller/|R|APACHE_VHOSTS_KNOWN_NAME /restricted/|R|APACHE_VHOSTS_KNOWN_NAME /results.php|R|APACHE_VHOSTS_KNOWN_NAME /retail/|R|APACHE_VHOSTS_KNOWN_NAME /revert.php|R|APACHE_VHOSTS_KNOWN_NAME /reviews/|R|APACHE_VHOSTS_KNOWN_NAME /revsense/index.php|R|APACHE_VHOSTS_KNOWN_NAME /rezervi/left.php|R|APACHE_VHOSTS_KNOWN_NAME /ritsblog/blogAdmin/jobs.php|R|APACHE_VHOSTS_KNOWN_NAME /RitsBlog/blogAdmin/jobs.php|R|APACHE_VHOSTS_KNOWN_NAME /rms/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /ROADS/|R|APACHE_VHOSTS_KNOWN_NAME /robot.txt|R|APACHE_VHOSTS_KNOWN_NAME /~root|R|APACHE_VHOSTS_KNOWN_NAME /~root/|R|APACHE_VHOSTS_KNOWN_NAME /root/|R|APACHE_VHOSTS_KNOWN_NAME /roschedule.php|R|APACHE_VHOSTS_KNOWN_NAME /round/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /roundcube-0.1/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /roundcube-0.2/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /roundcube/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /roundcubemail-0.1/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /roundcubemail-0.2/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /roundcubemail/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /rsrc/|R|APACHE_VHOSTS_KNOWN_NAME /rt/index.html|R|APACHE_VHOSTS_KNOWN_NAME /rtm.log|R|APACHE_VHOSTS_KNOWN_NAME /rtwebalbum/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /ru/|R|APACHE_VHOSTS_KNOWN_NAME /sahana/index.php|R|APACHE_VHOSTS_KNOWN_NAME /sales/|R|APACHE_VHOSTS_KNOWN_NAME /sample/|R|APACHE_VHOSTS_KNOWN_NAME /samples/|R|APACHE_VHOSTS_KNOWN_NAME /Samsara/modules/news/index.php|R|APACHE_VHOSTS_KNOWN_NAME /sandbox/index.php|R|APACHE_VHOSTS_KNOWN_NAME /save/|R|APACHE_VHOSTS_KNOWN_NAME /schedule/roschedule.php|R|APACHE_VHOSTS_KNOWN_NAME /scm/viewvc/|R|APACHE_VHOSTS_KNOWN_NAME /scm/viewvc.cgi/|R|APACHE_VHOSTS_KNOWN_NAME /script/|R|APACHE_VHOSTS_KNOWN_NAME /|R|APACHE_VHOSTS_KNOWN_NAME /|R|APACHE_VHOSTS_KNOWN_NAME /script/index.php|R|APACHE_VHOSTS_KNOWN_NAME /_ScriptLibrary/|R|APACHE_VHOSTS_KNOWN_NAME /_scripts/|R|APACHE_VHOSTS_KNOWN_NAME /scripts/|R|APACHE_VHOSTS_KNOWN_NAME /scripts/%3f.jsp|R|APACHE_VHOSTS_KNOWN_NAME /scripts/about.html|R|APACHE_VHOSTS_KNOWN_NAME /scripts/about.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/about-show.do|R|APACHE_VHOSTS_KNOWN_NAME /scripts/add_url.htm|R|APACHE_VHOSTS_KNOWN_NAME /scripts/adframe.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/admin/config.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/admin/login.html|R|APACHE_VHOSTS_KNOWN_NAME /scripts/admin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /scriptsadmin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/admin/lost-pass.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/admin/setup.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/admin/updatelist.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/af.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/agenda.php3|R|APACHE_VHOSTS_KNOWN_NAME /scripts/ajaxp_backend.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/alerts.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/alienform.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/ang/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/ans/ans.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/ans.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/apexec.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/artmedic_links5/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/assets/plugins/mp3_id/mp3_id.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/athenareg.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/authentication_index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/backend/plugin/Registration/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/base_main.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/basilix.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/bible.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/bin/view/foswiki/WebHome|R|APACHE_VHOSTS_KNOWN_NAME /scripts/bin/view/TWiki/WebHome|R|APACHE_VHOSTS_KNOWN_NAME /scripts/blob.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/blogAdmin/jobs.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/book_panel/books.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/breakcal/calendar.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/browse.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/catalog.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/cgicso|R|APACHE_VHOSTS_KNOWN_NAME /scripts/cgi/tseekdir.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/changelog.txt|R|APACHE_VHOSTS_KNOWN_NAME /scripts/charts.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/chat/send.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/classifieds/Site_Admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/cms/|R|APACHE_VHOSTS_KNOWN_NAME /scripts/cms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/cms/website.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/comment.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/comments.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/common/login.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/content/dynpage_load.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/content.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/core/includes/gfw_smarty.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/Count.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/counter.exe|R|APACHE_VHOSTS_KNOWN_NAME /scripts/cvs.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/cvsweb.cgi/|R|APACHE_VHOSTS_KNOWN_NAME /scripts/cwmail.exe|R|APACHE_VHOSTS_KNOWN_NAME /scripts/data/adminusers.csv|R|APACHE_VHOSTS_KNOWN_NAME /scripts/data/nanoadmin.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/db/budget.sqlite|R|APACHE_VHOSTS_KNOWN_NAME /scripts/dbman/db.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/db/users.dat|R|APACHE_VHOSTS_KNOWN_NAME /scripts/dcshop.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/dcshop.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/default.aspx|R|APACHE_VHOSTS_KNOWN_NAME /scripts/desktop.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/detail.asp|R|APACHE_VHOSTS_KNOWN_NAME /scripts/dig.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/directory.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/docbuilder/top.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/doc/catalogue.html|R|APACHE_VHOSTS_KNOWN_NAME /scripts/../Docs/ChangeLog.txt|R|APACHE_VHOSTS_KNOWN_NAME /scripts/Docs/ChangeLog.txt|R|APACHE_VHOSTS_KNOWN_NAME /scripts/docs/CHANGES|R|APACHE_VHOSTS_KNOWN_NAME /scripts/../Docs/ReadMe.txt|R|APACHE_VHOSTS_KNOWN_NAME /scripts/Docs/ReadMe.txt|R|APACHE_VHOSTS_KNOWN_NAME /scripts/download.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/down.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/e107_admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/easymsgb.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/easyshop.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/edit_image.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/editor/assetmanager/assetmanager.asp|R|APACHE_VHOSTS_KNOWN_NAME /scripts/edlink.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/engine/inc/version.info|R|APACHE_VHOSTS_KNOWN_NAME /scripts/error.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/eshop.pl/seite=;cat%20eshop.|R|APACHE_VHOSTS_KNOWN_NAME /scripts/evalsmsi.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/extras/curltest.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/filter.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/firstvisit.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/FormMail.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/formmail.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/FormMail.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/formmail.pl.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/forum_answer.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/forum/Database/EZsiteForum.mdb|R|APACHE_VHOSTS_KNOWN_NAME /scripts/gallery.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/gen/obj/collectivite.class.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/gnat/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/guestbook.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/GW5/GWWEB.EXE|R|APACHE_VHOSTS_KNOWN_NAME /scripts/GWWEB.EXE|R|APACHE_VHOSTS_KNOWN_NAME /scripts/gzip_loader.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/handlers/getpage.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/hints.pl|R|APACHE_VHOSTS_KNOWN_NAME /scriptshome|R|APACHE_VHOSTS_KNOWN_NAME /scripts/home|R|APACHE_VHOSTS_KNOWN_NAME /scripts/home.asp|R|APACHE_VHOSTS_KNOWN_NAME /scripts/horde/services/help/|R|APACHE_VHOSTS_KNOWN_NAME /scripts/.htaccess|R|APACHE_VHOSTS_KNOWN_NAME /scripts/htaccess.txt|R|APACHE_VHOSTS_KNOWN_NAME /scripts/htdocs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/htdocs/login.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/html/affich.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/html/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/htsearch|R|APACHE_VHOSTS_KNOWN_NAME /scripts/i-mall.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/includes/esqueletos/skel_null.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/includes/include.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/includes/initsystem.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/includes/js/mambojavascript.js|R|APACHE_VHOSTS_KNOWN_NAME /scripts/includes/window_top.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/inc/smarty/libs/init.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/indeks.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index2.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/Index2.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index.asp|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index.html|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index.js%70|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scriptsindex.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index.php3|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index.php4|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index.php/Special/Main/Templates|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index.php/Special:Version|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index.pl/homels|R|APACHE_VHOSTS_KNOWN_NAME /scripts/index.rb|R|APACHE_VHOSTS_KNOWN_NAME /scripts/inserter.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/install/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/ion-p.exe|R|APACHE_VHOSTS_KNOWN_NAME /scripts/jgs_portal_statistik.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/left.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/library/lib.menu.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/lib/version.phps|R|APACHE_VHOSTS_KNOWN_NAME /scripts/license.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/LightNEasy.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/Lisez%20moi.txt|R|APACHE_VHOSTS_KNOWN_NAME /scripts/listinfo|R|APACHE_VHOSTS_KNOWN_NAME /scripts/listrec.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/login/|R|APACHE_VHOSTS_KNOWN_NAME /scripts/login.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/login_page.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/login.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/Login.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/login.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/mail.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/main_login.asp|R|APACHE_VHOSTS_KNOWN_NAME /scripts/main.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/manager/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/manpage/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/metadot/index.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/mlog.html|R|APACHE_VHOSTS_KNOWN_NAME /scripts/module/biz/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/module/forum/main.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/module.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/modules/module_db.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/modules/news/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/modules.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/modules/plain/adminpart/addplain.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/mrtg.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/mt.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/mylog.html|R|APACHE_VHOSTS_KNOWN_NAME /scripts/napro4/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/news/|R|APACHE_VHOSTS_KNOWN_NAME /scripts/news/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/news.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/nph-mr.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/oldnews_reader.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/openwebmail.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/order.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/owls/glossaries/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/pages.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/passwiki.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/php/login.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/php/mytutos.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/php-ping.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/phpsysinfo/inc/hook_admin.inc.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/phpThumb.demo.demo.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/pivot/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/pmwiki.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/pollit/Poll_It_SSI_v2.0.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/portfolio_genre.php|R|APACHE_VHOSTS_KNOWN_NAME /scriptsprintdetail.asp|R|APACHE_VHOSTS_KNOWN_NAME /scripts/print.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/product.comparision.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/productionnu2/fileuploader.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/productionnu2/report.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/public/code/cp_dpage.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/public/code/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/public/view.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/quixplorer_2_3/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/r.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/README|R|APACHE_VHOSTS_KNOWN_NAME /scripts/README.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /scripts/Readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /scripts/README.txt|R|APACHE_VHOSTS_KNOWN_NAME /scripts/register.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/results.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/revert.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/root.exe|R|APACHE_VHOSTS_KNOWN_NAME /scripts/roschedule.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/rtm.log|R|APACHE_VHOSTS_KNOWN_NAME /scripts/ru/|R|APACHE_VHOSTS_KNOWN_NAME /scripts/scripts.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/scr/soustab.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/sdbsearch.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/search|R|APACHE_VHOSTS_KNOWN_NAME /scripts/search.html|R|APACHE_VHOSTS_KNOWN_NAME /scripts/search.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/search.php3|R|APACHE_VHOSTS_KNOWN_NAME /scripts/search/show.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/services/help/|R|APACHE_VHOSTS_KNOWN_NAME /scripts/session/login.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/settings.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/setup.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/s_form.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/sgdynamo.exe|R|APACHE_VHOSTS_KNOWN_NAME /scripts/shopper.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/shop.pl/page=;cat%20shop.|R|APACHE_VHOSTS_KNOWN_NAME /scripts/shopplus.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/shouts.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/showcategory.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/showcat.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/showproduct.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/showtheme.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/signing_system-admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/site/login.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/sitemap.xml|R|APACHE_VHOSTS_KNOWN_NAME /scripts/site.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/skins/default.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/smarty.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/software-description.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/src/main.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/start.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/status.php3|R|APACHE_VHOSTS_KNOWN_NAME /scripts/story.pl|R|APACHE_VHOSTS_KNOWN_NAME /scripts/stuworkdisplay.php|R|APACHE_VHOSTS_KNOWN_NAME /scriptssymphony/|R|APACHE_VHOSTS_KNOWN_NAME /scripts/SystemInfo|R|APACHE_VHOSTS_KNOWN_NAME /scripts/system/rss.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/team.rc5-72.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/Templates/default/index_logged.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/templates/system/css/editor.css|R|APACHE_VHOSTS_KNOWN_NAME /scripts/test.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/themes/admin/default/modules/show.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/thread.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/tiki-index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/tiki-orphan_pages.php/>">|R|APACHE_VHOSTS_KNOWN_NAME /scripts/tiny_mce/plugins/ibrowser/ibrowser.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/titleBar.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/tmpl/news_main.htm|R|APACHE_VHOSTS_KNOWN_NAME /scripts/tools.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/topic.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/update.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/upload/account-login.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/user.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/users/login.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/VERSION|R|APACHE_VHOSTS_KNOWN_NAME /scripts/viart_shop.xml|R|APACHE_VHOSTS_KNOWN_NAME /scripts/vicidial.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/viewforum.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/view_item|R|APACHE_VHOSTS_KNOWN_NAME /scripts/view.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/viewvc/|R|APACHE_VHOSTS_KNOWN_NAME /scripts/viewvc.cgi/|R|APACHE_VHOSTS_KNOWN_NAME /scripts/w3who.dll|R|APACHE_VHOSTS_KNOWN_NAME /scripts/WackoWiki|R|APACHE_VHOSTS_KNOWN_NAME /scripts/wcf/acp/dereferrer.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/webadmin.php|R|APACHE_VHOSTS_KNOWN_NAME /scriptswebcart.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/web/help.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/webplus|R|APACHE_VHOSTS_KNOWN_NAME /scripts/webplus.exe|R|APACHE_VHOSTS_KNOWN_NAME /scripts/Web_Store/web_store.cgi|R|APACHE_VHOSTS_KNOWN_NAME /scripts/wiki/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/www/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scripts/www/default.asp|R|APACHE_VHOSTS_KNOWN_NAME /scripts/www/index.php|R|APACHE_VHOSTS_KNOWN_NAME /scr/soustab.php|R|APACHE_VHOSTS_KNOWN_NAME /sdbsearch.cgi|R|APACHE_VHOSTS_KNOWN_NAME /Seagull/index.php|R|APACHE_VHOSTS_KNOWN_NAME /seagull/www/index.php|R|APACHE_VHOSTS_KNOWN_NAME /search|R|APACHE_VHOSTS_KNOWN_NAME /search/|R|APACHE_VHOSTS_KNOWN_NAME /search97/|R|APACHE_VHOSTS_KNOWN_NAME /search.html|R|APACHE_VHOSTS_KNOWN_NAME /search.php|R|APACHE_VHOSTS_KNOWN_NAME /search.php3|R|APACHE_VHOSTS_KNOWN_NAME /search/results.stm|R|APACHE_VHOSTS_KNOWN_NAME /search/search.html|R|APACHE_VHOSTS_KNOWN_NAME /search/show.pl|R|APACHE_VHOSTS_KNOWN_NAME /search-ui/|R|APACHE_VHOSTS_KNOWN_NAME /secret/|R|APACHE_VHOSTS_KNOWN_NAME /secure/|R|APACHE_VHOSTS_KNOWN_NAME /secured/|R|APACHE_VHOSTS_KNOWN_NAME /sell/|R|APACHE_VHOSTS_KNOWN_NAME /sendeditfile|R|APACHE_VHOSTS_KNOWN_NAME /seportal/index.php|R|APACHE_VHOSTS_KNOWN_NAME /serendipity/index.php|R|APACHE_VHOSTS_KNOWN_NAME /serve/|R|APACHE_VHOSTS_KNOWN_NAME /server-info|R|APACHE_VHOSTS_KNOWN_NAME /server-info/|R|APACHE_VHOSTS_KNOWN_NAME /server.ini|R|APACHE_VHOSTS_KNOWN_NAME /servers/|R|APACHE_VHOSTS_KNOWN_NAME /server_stats/|R|APACHE_VHOSTS_KNOWN_NAME /serverstats/|R|APACHE_VHOSTS_KNOWN_NAME /server-status|R|APACHE_VHOSTS_KNOWN_NAME /server-status/|R|APACHE_VHOSTS_KNOWN_NAME /service/|R|APACHE_VHOSTS_KNOWN_NAME /services/|R|APACHE_VHOSTS_KNOWN_NAME /services/help/|R|APACHE_VHOSTS_KNOWN_NAME /servicio/|R|APACHE_VHOSTS_KNOWN_NAME /servicios/|R|APACHE_VHOSTS_KNOWN_NAME /servlet/|R|APACHE_VHOSTS_KNOWN_NAME /servlet/com.newatlanta.servletexec.JSP10Servlet|R|APACHE_VHOSTS_KNOWN_NAME /servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa|R|APACHE_VHOSTS_KNOWN_NAME /servlet/org.apache.catalina.servlets.DefaultServlet/index.jsp|R|APACHE_VHOSTS_KNOWN_NAME /servlets/|R|APACHE_VHOSTS_KNOWN_NAME /servlet/webacc|R|APACHE_VHOSTS_KNOWN_NAME /session/|R|APACHE_VHOSTS_KNOWN_NAME /session/login.php|R|APACHE_VHOSTS_KNOWN_NAME /settings.php|R|APACHE_VHOSTS_KNOWN_NAME /setup/|R|APACHE_VHOSTS_KNOWN_NAME /s_form.cgi|R|APACHE_VHOSTS_KNOWN_NAME /sgdynamo.exe|R|APACHE_VHOSTS_KNOWN_NAME /share/|R|APACHE_VHOSTS_KNOWN_NAME /shared/|R|APACHE_VHOSTS_KNOWN_NAME /_sharedtemplates/|R|APACHE_VHOSTS_KNOWN_NAME /shell-cgi/|R|APACHE_VHOSTS_KNOWN_NAME /shipping/|R|APACHE_VHOSTS_KNOWN_NAME /shop/|R|APACHE_VHOSTS_KNOWN_NAME /shop/admin/login.html|R|APACHE_VHOSTS_KNOWN_NAME /shop/includes/initsystem.php|R|APACHE_VHOSTS_KNOWN_NAME /shop/index.php|R|APACHE_VHOSTS_KNOWN_NAME /shopper/|R|APACHE_VHOSTS_KNOWN_NAME /shopper.cgi|R|APACHE_VHOSTS_KNOWN_NAME /shopping/|R|APACHE_VHOSTS_KNOWN_NAME /shop.pl/page=;cat%20shop.|R|APACHE_VHOSTS_KNOWN_NAME /shopplus.cgi|R|APACHE_VHOSTS_KNOWN_NAME /shouts.php|R|APACHE_VHOSTS_KNOWN_NAME /showcategory.php|R|APACHE_VHOSTS_KNOWN_NAME /showcat.php|R|APACHE_VHOSTS_KNOWN_NAME /showproduct.php|R|APACHE_VHOSTS_KNOWN_NAME /showtheme.php|R|APACHE_VHOSTS_KNOWN_NAME /siestta/|R|APACHE_VHOSTS_KNOWN_NAME /Siestta/|R|APACHE_VHOSTS_KNOWN_NAME /signing_system-admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /SilverStream|R|APACHE_VHOSTS_KNOWN_NAME /SilverStream/|R|APACHE_VHOSTS_KNOWN_NAME /SilverStream/Meta/Tables/|R|APACHE_VHOSTS_KNOWN_NAME /simpleid/www/index.php|R|APACHE_VHOSTS_KNOWN_NAME /SimpleID/www/index.php|R|APACHE_VHOSTS_KNOWN_NAME /simpnew248/news.php|R|APACHE_VHOSTS_KNOWN_NAME /SimpNews/news.php|R|APACHE_VHOSTS_KNOWN_NAME /sinecms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /sine/index.php|R|APACHE_VHOSTS_KNOWN_NAME /site/|R|APACHE_VHOSTS_KNOWN_NAME /siteadmin/|R|APACHE_VHOSTS_KNOWN_NAME /sitebuildercontent/|R|APACHE_VHOSTS_KNOWN_NAME /sitebuilderfiles/|R|APACHE_VHOSTS_KNOWN_NAME /sitebuilderpictures/|R|APACHE_VHOSTS_KNOWN_NAME /site/login.php|R|APACHE_VHOSTS_KNOWN_NAME /sitemap.xml|R|APACHE_VHOSTS_KNOWN_NAME /sitemgr/|R|APACHE_VHOSTS_KNOWN_NAME /siteminder/|R|APACHE_VHOSTS_KNOWN_NAME /siteminderagent/|R|APACHE_VHOSTS_KNOWN_NAME /site.php|R|APACHE_VHOSTS_KNOWN_NAME /sites/|R|APACHE_VHOSTS_KNOWN_NAME /siteserver/|R|APACHE_VHOSTS_KNOWN_NAME /sitestats/|R|APACHE_VHOSTS_KNOWN_NAME /siteupdate/|R|APACHE_VHOSTS_KNOWN_NAME /sitex/login.php|R|APACHE_VHOSTS_KNOWN_NAME /skalinks/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /skins/default.php|R|APACHE_VHOSTS_KNOWN_NAME /slide/|R|APACHE_VHOSTS_KNOWN_NAME /smadmr5.nsf|R|APACHE_VHOSTS_KNOWN_NAME /smarty.php|R|APACHE_VHOSTS_KNOWN_NAME /smbind/src/main.php|R|APACHE_VHOSTS_KNOWN_NAME /smconf.nsf|R|APACHE_VHOSTS_KNOWN_NAME /smency.nsf|R|APACHE_VHOSTS_KNOWN_NAME /smf/index.php|R|APACHE_VHOSTS_KNOWN_NAME /sm_forum/index.php|R|APACHE_VHOSTS_KNOWN_NAME /smftypes.nsf|R|APACHE_VHOSTS_KNOWN_NAME /smhelp.nsf|R|APACHE_VHOSTS_KNOWN_NAME /smmsg.nsf|R|APACHE_VHOSTS_KNOWN_NAME /smquar.nsf|R|APACHE_VHOSTS_KNOWN_NAME /smreports/|R|APACHE_VHOSTS_KNOWN_NAME /smreportsviewer/|R|APACHE_VHOSTS_KNOWN_NAME /sms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /SMS/index.php|R|APACHE_VHOSTS_KNOWN_NAME /smsmvlog.nsf|R|APACHE_VHOSTS_KNOWN_NAME /smtime.nsf|R|APACHE_VHOSTS_KNOWN_NAME /snews/index.php|R|APACHE_VHOSTS_KNOWN_NAME /sNews/index.php|R|APACHE_VHOSTS_KNOWN_NAME /snews/readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /sNews/readme.txt|R|APACHE_VHOSTS_KNOWN_NAME /snipegallery/index.php|R|APACHE_VHOSTS_KNOWN_NAME /snort/alerts.php|R|APACHE_VHOSTS_KNOWN_NAME /snort/base/base_main.php|R|APACHE_VHOSTS_KNOWN_NAME /snortreport-1.3.1/alerts.php|R|APACHE_VHOSTS_KNOWN_NAME /snortreport/alerts.php|R|APACHE_VHOSTS_KNOWN_NAME /soap/|R|APACHE_VHOSTS_KNOWN_NAME /soapdocs/|R|APACHE_VHOSTS_KNOWN_NAME /software/|R|APACHE_VHOSTS_KNOWN_NAME /software-description.php|R|APACHE_VHOSTS_KNOWN_NAME /software/software-description.php|R|APACHE_VHOSTS_KNOWN_NAME /solaris/|R|APACHE_VHOSTS_KNOWN_NAME /solutions/|R|APACHE_VHOSTS_KNOWN_NAME /source/|R|APACHE_VHOSTS_KNOWN_NAME /Spheric/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /sphider/changelog|R|APACHE_VHOSTS_KNOWN_NAME /spipe/pkg|R|APACHE_VHOSTS_KNOWN_NAME /sql/|R|APACHE_VHOSTS_KNOWN_NAME /sqladmin/|R|APACHE_VHOSTS_KNOWN_NAME /sql/admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sqldatabase/|R|APACHE_VHOSTS_KNOWN_NAME /sql/dbadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/db/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sqlite/LightNEasy.php|R|APACHE_VHOSTS_KNOWN_NAME /SQLiteManager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql-ledger/login.pl|R|APACHE_VHOSTS_KNOWN_NAME /sql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sqlmanager/|R|APACHE_VHOSTS_KNOWN_NAME /sqlmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.2.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.2.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.5.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.5.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.5.5/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.5.5-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.5.5-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.5.5-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.5.6/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.5.6-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.5.6-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.5.7/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.5.7-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.0-alpha2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.0-alpha/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.0-beta2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.0-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.0-rc3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.1-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.1-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.1-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.1-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.2-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.2-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.2-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.3-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.3-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.4-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.4-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.4-pl3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.4-pl4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.6.4-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.7.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.7.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.7.0-pl1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.7.0-pl2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.7.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.8.0.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.8.0.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.8.0.3/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.8.0.4/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.8.0-beta1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.8.0/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.8.0-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.8.0-rc2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.8.1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.8.1-rc1/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2.8.2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpmyadmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin-2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin2/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/php-my-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/php-myadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpmy-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpmyadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/phpMyAdmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/pma2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/pMA2005/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/pma2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/pMA2006/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/p/m/a/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/pMA/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/sql-admin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/sqladmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/sql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/sqlmanager/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/sqlweb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sqlweb/|R|APACHE_VHOSTS_KNOWN_NAME /sql/webadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/webdb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/web/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sqlweb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /sql/websql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /squid/|R|APACHE_VHOSTS_KNOWN_NAME /squirrelmail/|R|APACHE_VHOSTS_KNOWN_NAME /squirrelmail/src/login.php|R|APACHE_VHOSTS_KNOWN_NAME /src/|R|APACHE_VHOSTS_KNOWN_NAME /srchadm/|R|APACHE_VHOSTS_KNOWN_NAME /src/main.php|R|APACHE_VHOSTS_KNOWN_NAME /ssi/|R|APACHE_VHOSTS_KNOWN_NAME /ssl/|R|APACHE_VHOSTS_KNOWN_NAME /sslkeys/|R|APACHE_VHOSTS_KNOWN_NAME /staff/|R|APACHE_VHOSTS_KNOWN_NAME /start.php|R|APACHE_VHOSTS_KNOWN_NAME /stat/|R|APACHE_VHOSTS_KNOWN_NAME /stat/awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /statistic/|R|APACHE_VHOSTS_KNOWN_NAME /statistics/|R|APACHE_VHOSTS_KNOWN_NAME /statistics/awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /statistik/cgi-bin/awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /~stats/|R|APACHE_VHOSTS_KNOWN_NAME /stats/|R|APACHE_VHOSTS_KNOWN_NAME /Stats/|R|APACHE_VHOSTS_KNOWN_NAME /stats/awstats.pl|R|APACHE_VHOSTS_KNOWN_NAME /stats-bin-p/|R|APACHE_VHOSTS_KNOWN_NAME /stats/index.php|R|APACHE_VHOSTS_KNOWN_NAME /stats_old/|R|APACHE_VHOSTS_KNOWN_NAME /stats/tools.php|R|APACHE_VHOSTS_KNOWN_NAME /status|R|APACHE_VHOSTS_KNOWN_NAME /status/|R|APACHE_VHOSTS_KNOWN_NAME /status.php3|R|APACHE_VHOSTS_KNOWN_NAME /storage/|R|APACHE_VHOSTS_KNOWN_NAME /store/|R|APACHE_VHOSTS_KNOWN_NAME /store/agora.cgi|R|APACHE_VHOSTS_KNOWN_NAME /StoreDB/|R|APACHE_VHOSTS_KNOWN_NAME /store/index.php|R|APACHE_VHOSTS_KNOWN_NAME /storemgr/|R|APACHE_VHOSTS_KNOWN_NAME /story.pl|R|APACHE_VHOSTS_KNOWN_NAME /stronghold-info|R|APACHE_VHOSTS_KNOWN_NAME /stronghold-info/|R|APACHE_VHOSTS_KNOWN_NAME /stronghold-status|R|APACHE_VHOSTS_KNOWN_NAME /stronghold-status/|R|APACHE_VHOSTS_KNOWN_NAME /stuff/|R|APACHE_VHOSTS_KNOWN_NAME /stuworkdisplay.php|R|APACHE_VHOSTS_KNOWN_NAME /style/|R|APACHE_VHOSTS_KNOWN_NAME /styles/|R|APACHE_VHOSTS_KNOWN_NAME /stylesheet/|R|APACHE_VHOSTS_KNOWN_NAME /stylesheets/|R|APACHE_VHOSTS_KNOWN_NAME /subir/|R|APACHE_VHOSTS_KNOWN_NAME /sun/|R|APACHE_VHOSTS_KNOWN_NAME /super_stats/|R|APACHE_VHOSTS_KNOWN_NAME /support/|R|APACHE_VHOSTS_KNOWN_NAME /supporter/|R|APACHE_VHOSTS_KNOWN_NAME /support/index.php|R|APACHE_VHOSTS_KNOWN_NAME /survey/admin/admin.php|R|APACHE_VHOSTS_KNOWN_NAME /svn/viewvc/|R|APACHE_VHOSTS_KNOWN_NAME /svn/viewvc.cgi/|R|APACHE_VHOSTS_KNOWN_NAME /sympa/|R|APACHE_VHOSTS_KNOWN_NAME /symphony/|R|APACHE_VHOSTS_KNOWN_NAME /symphony/symphony/|R|APACHE_VHOSTS_KNOWN_NAME /sys/|R|APACHE_VHOSTS_KNOWN_NAME /sysadmin/|R|APACHE_VHOSTS_KNOWN_NAME /sysbackup/|R|APACHE_VHOSTS_KNOWN_NAME /system/|R|APACHE_VHOSTS_KNOWN_NAME /SystemInfo|R|APACHE_VHOSTS_KNOWN_NAME /system/rss.php|R|APACHE_VHOSTS_KNOWN_NAME /tangocms/README|R|APACHE_VHOSTS_KNOWN_NAME /tar/|R|APACHE_VHOSTS_KNOWN_NAME /tarantella/|R|APACHE_VHOSTS_KNOWN_NAME /tarjetas/|R|APACHE_VHOSTS_KNOWN_NAME /taskfreak/login.php|R|APACHE_VHOSTS_KNOWN_NAME /Taskfreak/login.php|R|APACHE_VHOSTS_KNOWN_NAME /tcexam/public/code/index.php|R|APACHE_VHOSTS_KNOWN_NAME /TCExam/public/code/index.php|R|APACHE_VHOSTS_KNOWN_NAME /tcpdb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /tcwphpalbum/index.php|R|APACHE_VHOSTS_KNOWN_NAME /tdbin/|R|APACHE_VHOSTS_KNOWN_NAME /tdiary/index.rb|R|APACHE_VHOSTS_KNOWN_NAME /team.rc5-72.php|R|APACHE_VHOSTS_KNOWN_NAME /tech/|R|APACHE_VHOSTS_KNOWN_NAME /technote/|R|APACHE_VHOSTS_KNOWN_NAME /te_html/|R|APACHE_VHOSTS_KNOWN_NAME /teleparkwiki/index.php|R|APACHE_VHOSTS_KNOWN_NAME /tematres/index.php|R|APACHE_VHOSTS_KNOWN_NAME /tembria/index.asp|R|APACHE_VHOSTS_KNOWN_NAME /temp/|R|APACHE_VHOSTS_KNOWN_NAME /template/|R|APACHE_VHOSTS_KNOWN_NAME /templates/|R|APACHE_VHOSTS_KNOWN_NAME /Templates/|R|APACHE_VHOSTS_KNOWN_NAME /Templates/default/index_logged.php|R|APACHE_VHOSTS_KNOWN_NAME /templates/system/css/editor.css|R|APACHE_VHOSTS_KNOWN_NAME /temporal/|R|APACHE_VHOSTS_KNOWN_NAME /test/|R|APACHE_VHOSTS_KNOWN_NAME /test-cgi/|R|APACHE_VHOSTS_KNOWN_NAME /testing/|R|APACHE_VHOSTS_KNOWN_NAME /testlink/login.php|R|APACHE_VHOSTS_KNOWN_NAME /test.php|R|APACHE_VHOSTS_KNOWN_NAME /_tests/|R|APACHE_VHOSTS_KNOWN_NAME /tests/|R|APACHE_VHOSTS_KNOWN_NAME /testweb/|R|APACHE_VHOSTS_KNOWN_NAME /textpattern/index.php|R|APACHE_VHOSTS_KNOWN_NAME /_themes/|R|APACHE_VHOSTS_KNOWN_NAME /themes/admin/default/modules/show.php|R|APACHE_VHOSTS_KNOWN_NAME /this_page_should_not_exist.htm|R|APACHE_VHOSTS_KNOWN_NAME /thread.php|R|APACHE_VHOSTS_KNOWN_NAME /ticket/|R|APACHE_VHOSTS_KNOWN_NAME /ticket/index.php|R|APACHE_VHOSTS_KNOWN_NAME /tickets/|R|APACHE_VHOSTS_KNOWN_NAME /tiki-index.php|R|APACHE_VHOSTS_KNOWN_NAME /tiki-orphan_pages.php/>">|R|APACHE_VHOSTS_KNOWN_NAME /tiki/tiki-index.php|R|APACHE_VHOSTS_KNOWN_NAME /tikiwiki/README|R|APACHE_VHOSTS_KNOWN_NAME /tikiwiki/tiki-index.php|R|APACHE_VHOSTS_KNOWN_NAME /tikiwiki/tiki-orphan_pages.php/>">|R|APACHE_VHOSTS_KNOWN_NAME /timesheet/about-show.do|R|APACHE_VHOSTS_KNOWN_NAME /tinxcms/system/rss.php|R|APACHE_VHOSTS_KNOWN_NAME /tiny_mce/plugins/ibrowser/ibrowser.php|R|APACHE_VHOSTS_KNOWN_NAME /tinywebgallery/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /titleBar.php|R|APACHE_VHOSTS_KNOWN_NAME /tjobs/jobdetails.php|R|APACHE_VHOSTS_KNOWN_NAME /tmp/|R|APACHE_VHOSTS_KNOWN_NAME /tmpl/news_main.htm|R|APACHE_VHOSTS_KNOWN_NAME /ToDo/|R|APACHE_VHOSTS_KNOWN_NAME /tools/|R|APACHE_VHOSTS_KNOWN_NAME /tools.php|R|APACHE_VHOSTS_KNOWN_NAME /topic.php|R|APACHE_VHOSTS_KNOWN_NAME /torrent/index.php|R|APACHE_VHOSTS_KNOWN_NAME /torrent/site/login.php|R|APACHE_VHOSTS_KNOWN_NAME /torrenttrader/upload/account-login.php|R|APACHE_VHOSTS_KNOWN_NAME /torrent/upload/account-login.php|R|APACHE_VHOSTS_KNOWN_NAME /torrentvolve/site/login.php|R|APACHE_VHOSTS_KNOWN_NAME /TotalCalendar/index.php|R|APACHE_VHOSTS_KNOWN_NAME /tpv/|R|APACHE_VHOSTS_KNOWN_NAME /trabajo/|R|APACHE_VHOSTS_KNOWN_NAME /trace.axd|R|APACHE_VHOSTS_KNOWN_NAME /track/|R|APACHE_VHOSTS_KNOWN_NAME /tracker/index.html|R|APACHE_VHOSTS_KNOWN_NAME /tracker/index.php|R|APACHE_VHOSTS_KNOWN_NAME /tracking/|R|APACHE_VHOSTS_KNOWN_NAME /trade.php|R|APACHE_VHOSTS_KNOWN_NAME /transito/|R|APACHE_VHOSTS_KNOWN_NAME /transpolar/|R|APACHE_VHOSTS_KNOWN_NAME /tree/|R|APACHE_VHOSTS_KNOWN_NAME /trees/|R|APACHE_VHOSTS_KNOWN_NAME /tribisur/scripts.php|R|APACHE_VHOSTS_KNOWN_NAME /Tribisur/scripts.php|R|APACHE_VHOSTS_KNOWN_NAME /truc/login.php|R|APACHE_VHOSTS_KNOWN_NAME /Truc/login.php|R|APACHE_VHOSTS_KNOWN_NAME /ttc/upload/account-login.php|R|APACHE_VHOSTS_KNOWN_NAME /ttwm/tt/index.php|R|APACHE_VHOSTS_KNOWN_NAME /twg/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /twiki/bin/view/TWiki/WebHome|R|APACHE_VHOSTS_KNOWN_NAME /twiki/index.php|R|APACHE_VHOSTS_KNOWN_NAME /typo3/phpmyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /typo3/phpmyadmin/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /uebimiau/index.php|R|APACHE_VHOSTS_KNOWN_NAME /upb/db/users.dat|R|APACHE_VHOSTS_KNOWN_NAME /update.php|R|APACHE_VHOSTS_KNOWN_NAME /updates/|R|APACHE_VHOSTS_KNOWN_NAME /upload/|R|APACHE_VHOSTS_KNOWN_NAME /upload/account-login.php|R|APACHE_VHOSTS_KNOWN_NAME /upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /uploads/|R|APACHE_VHOSTS_KNOWN_NAME /urchin/|R|APACHE_VHOSTS_KNOWN_NAME /urchin3/|R|APACHE_VHOSTS_KNOWN_NAME /urchin5/|R|APACHE_VHOSTS_KNOWN_NAME /us/|R|APACHE_VHOSTS_KNOWN_NAME /usage/|R|APACHE_VHOSTS_KNOWN_NAME /UseBB/index.php|R|APACHE_VHOSTS_KNOWN_NAME /user/|R|APACHE_VHOSTS_KNOWN_NAME /userdb/|R|APACHE_VHOSTS_KNOWN_NAME /user.php|R|APACHE_VHOSTS_KNOWN_NAME /users/|R|APACHE_VHOSTS_KNOWN_NAME /users/login.php|R|APACHE_VHOSTS_KNOWN_NAME /usr/|R|APACHE_VHOSTS_KNOWN_NAME /ustats/|R|APACHE_VHOSTS_KNOWN_NAME /usuario/|R|APACHE_VHOSTS_KNOWN_NAME /usuarios/|R|APACHE_VHOSTS_KNOWN_NAME /utf-8/index.php|R|APACHE_VHOSTS_KNOWN_NAME /util/|R|APACHE_VHOSTS_KNOWN_NAME /utils/|R|APACHE_VHOSTS_KNOWN_NAME /v4/|R|APACHE_VHOSTS_KNOWN_NAME /Vanilla113rc1/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Vanilla117/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Vanilla118/index.php|R|APACHE_VHOSTS_KNOWN_NAME /VERSION|R|APACHE_VHOSTS_KNOWN_NAME /vfs/|R|APACHE_VHOSTS_KNOWN_NAME /viart_cms/viart_shop.xml|R|APACHE_VHOSTS_KNOWN_NAME /viart_shop/viart_shop.xml|R|APACHE_VHOSTS_KNOWN_NAME /viart_shop.xml|R|APACHE_VHOSTS_KNOWN_NAME /vicidial.php|R|APACHE_VHOSTS_KNOWN_NAME /vicidial/vicidial.php|R|APACHE_VHOSTS_KNOWN_NAME /viewforum.php|R|APACHE_VHOSTS_KNOWN_NAME /view_item|R|APACHE_VHOSTS_KNOWN_NAME /view.php|R|APACHE_VHOSTS_KNOWN_NAME /viewvc/|R|APACHE_VHOSTS_KNOWN_NAME /viewvc.cgi/|R|APACHE_VHOSTS_KNOWN_NAME /volve/site/login.php|R|APACHE_VHOSTS_KNOWN_NAME /_vti_bin/|R|APACHE_VHOSTS_KNOWN_NAME /_vti_bin/_vti_aut/fp30reg.dll|R|APACHE_VHOSTS_KNOWN_NAME /_vti_bot/|R|APACHE_VHOSTS_KNOWN_NAME /vtigercrm/index.php|R|APACHE_VHOSTS_KNOWN_NAME /_vti_log/|R|APACHE_VHOSTS_KNOWN_NAME /_vti_pvt/|R|APACHE_VHOSTS_KNOWN_NAME /_vti_shm/|R|APACHE_VHOSTS_KNOWN_NAME /_vti_txt/|R|APACHE_VHOSTS_KNOWN_NAME /vu2qQDc3jsqe.asp|R|APACHE_VHOSTS_KNOWN_NAME /vu2qQDc3jsqe.cfm|R|APACHE_VHOSTS_KNOWN_NAME /vu2qQDc3jsqe.cgi|R|APACHE_VHOSTS_KNOWN_NAME /vu2qQDc3jsqe.html|R|APACHE_VHOSTS_KNOWN_NAME /vu2qQDc3jsqe.inc|R|APACHE_VHOSTS_KNOWN_NAME /vu2qQDc3jsqe.php|R|APACHE_VHOSTS_KNOWN_NAME /vu2qQDc3jsqe.php3|R|APACHE_VHOSTS_KNOWN_NAME /vu2qQDc3jsqe.pl|R|APACHE_VHOSTS_KNOWN_NAME /vu2qQDc3jsqe.sh|R|APACHE_VHOSTS_KNOWN_NAME /vu2qQDc3jsqe.shtml|R|APACHE_VHOSTS_KNOWN_NAME /v-webmail/htdocs/login.php|R|APACHE_VHOSTS_KNOWN_NAME /w3perl/|R|APACHE_VHOSTS_KNOWN_NAME /WackoWiki|R|APACHE_VHOSTS_KNOWN_NAME /w-agora/|R|APACHE_VHOSTS_KNOWN_NAME /w-agora/search.php|R|APACHE_VHOSTS_KNOWN_NAME /w-agora/search.php3|R|APACHE_VHOSTS_KNOWN_NAME /wavemaster.internal/|R|APACHE_VHOSTS_KNOWN_NAME /way-board/|R|APACHE_VHOSTS_KNOWN_NAME /wbb/upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /wcf/acp/dereferrer.php|R|APACHE_VHOSTS_KNOWN_NAME /web/|R|APACHE_VHOSTS_KNOWN_NAME /web800fo/|R|APACHE_VHOSTS_KNOWN_NAME /webaccess/|R|APACHE_VHOSTS_KNOWN_NAME /webadmin/|R|APACHE_VHOSTS_KNOWN_NAME /webadmin/main.php|R|APACHE_VHOSTS_KNOWN_NAME /webadmin.php|R|APACHE_VHOSTS_KNOWN_NAME /webalizer/|R|APACHE_VHOSTS_KNOWN_NAME /webapps/|R|APACHE_VHOSTS_KNOWN_NAME /WebBank/|R|APACHE_VHOSTS_KNOWN_NAME /webboard/|R|APACHE_VHOSTS_KNOWN_NAME /WebCalendar/|R|APACHE_VHOSTS_KNOWN_NAME /webcalendar/login.php|R|APACHE_VHOSTS_KNOWN_NAME /webcart/|R|APACHE_VHOSTS_KNOWN_NAME /webcart-lite/|R|APACHE_VHOSTS_KNOWN_NAME /webdata/|R|APACHE_VHOSTS_KNOWN_NAME /webdav/|R|APACHE_VHOSTS_KNOWN_NAME /webdav/test|R|APACHE_VHOSTS_KNOWN_NAME /webdb/|R|APACHE_VHOSTS_KNOWN_NAME /WebDB/|R|APACHE_VHOSTS_KNOWN_NAME /webdb/main.php|R|APACHE_VHOSTS_KNOWN_NAME /webEdition/index.php|R|APACHE_VHOSTS_KNOWN_NAME /webftp/index.php|R|APACHE_VHOSTS_KNOWN_NAME /web/help.php|R|APACHE_VHOSTS_KNOWN_NAME /WebID/IISWebAgentIF.dll|R|APACHE_VHOSTS_KNOWN_NAME /webid/index.php|R|APACHE_VHOSTS_KNOWN_NAME /webimages/|R|APACHE_VHOSTS_KNOWN_NAME /webimages2/|R|APACHE_VHOSTS_KNOWN_NAME /web/index.php|R|APACHE_VHOSTS_KNOWN_NAME /WEB-INF./web.xml|R|APACHE_VHOSTS_KNOWN_NAME /webl/index.html|R|APACHE_VHOSTS_KNOWN_NAME /weblog/|R|APACHE_VHOSTS_KNOWN_NAME /weblogger/index.php|R|APACHE_VHOSTS_KNOWN_NAME /weblogs/|R|APACHE_VHOSTS_KNOWN_NAME /webmail/|R|APACHE_VHOSTS_KNOWN_NAME /webmail2/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /webmail/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /webmail/default.aspx|R|APACHE_VHOSTS_KNOWN_NAME /webmail/htdocs/login.php|R|APACHE_VHOSTS_KNOWN_NAME /webmail/index.php|R|APACHE_VHOSTS_KNOWN_NAME /webmail/login.php|R|APACHE_VHOSTS_KNOWN_NAME /web/main.php|R|APACHE_VHOSTS_KNOWN_NAME /webmaster/|R|APACHE_VHOSTS_KNOWN_NAME /webmaster_logs/|R|APACHE_VHOSTS_KNOWN_NAME /webMathematica/|R|APACHE_VHOSTS_KNOWN_NAME /webmatic/index.php|R|APACHE_VHOSTS_KNOWN_NAME /web/phpMyAdmin/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /webplus|R|APACHE_VHOSTS_KNOWN_NAME /webplus.exe|R|APACHE_VHOSTS_KNOWN_NAME /webpub/|R|APACHE_VHOSTS_KNOWN_NAME /webpub-ui/|R|APACHE_VHOSTS_KNOWN_NAME /webreports/|R|APACHE_VHOSTS_KNOWN_NAME /webreps/|R|APACHE_VHOSTS_KNOWN_NAME /webshare/|R|APACHE_VHOSTS_KNOWN_NAME /WebShop/|R|APACHE_VHOSTS_KNOWN_NAME /website/|R|APACHE_VHOSTS_KNOWN_NAME /websiteadmin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /WebSiteAdmin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /websql/|R|APACHE_VHOSTS_KNOWN_NAME /websql/main.php|R|APACHE_VHOSTS_KNOWN_NAME /webstat/|R|APACHE_VHOSTS_KNOWN_NAME /~webstats/|R|APACHE_VHOSTS_KNOWN_NAME /webstats/|R|APACHE_VHOSTS_KNOWN_NAME /Web_store/|R|APACHE_VHOSTS_KNOWN_NAME /Web_Store/web_store.cgi|R|APACHE_VHOSTS_KNOWN_NAME /webtrace/|R|APACHE_VHOSTS_KNOWN_NAME /WebTrend/|R|APACHE_VHOSTS_KNOWN_NAME /webtrends/|R|APACHE_VHOSTS_KNOWN_NAME /web_usage/|R|APACHE_VHOSTS_KNOWN_NAME /whizzy/index.php|R|APACHE_VHOSTS_KNOWN_NAME /whois/dig.php|R|APACHE_VHOSTS_KNOWN_NAME /whois/index.php|R|APACHE_VHOSTS_KNOWN_NAME /wikihelp/handlers/getpage.php|R|APACHE_VHOSTS_KNOWN_NAME /wikihelp/index.html|R|APACHE_VHOSTS_KNOWN_NAME /wikihelp/index.php|R|APACHE_VHOSTS_KNOWN_NAME /wikihelp/revert.php|R|APACHE_VHOSTS_KNOWN_NAME /wiki/index.php|R|APACHE_VHOSTS_KNOWN_NAME /wiki/index.php/Special:Version|R|APACHE_VHOSTS_KNOWN_NAME /wiki/pmwiki.php|R|APACHE_VHOSTS_KNOWN_NAME /wiki/SystemInfo|R|APACHE_VHOSTS_KNOWN_NAME /wiki/tiki-index.php|R|APACHE_VHOSTS_KNOWN_NAME /wiki/tiki-orphan_pages.php/>">|R|APACHE_VHOSTS_KNOWN_NAME /Wiky/index.php/Special/Main/Templates|R|APACHE_VHOSTS_KNOWN_NAME /windows/|R|APACHE_VHOSTS_KNOWN_NAME /wmail/login.php|R|APACHE_VHOSTS_KNOWN_NAME /wm/bin/msgimport|R|APACHE_VHOSTS_KNOWN_NAME /wme/index.php|R|APACHE_VHOSTS_KNOWN_NAME /wondercms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /word/|R|APACHE_VHOSTS_KNOWN_NAME /wordpress/|R|APACHE_VHOSTS_KNOWN_NAME /wordpress/index.php|R|APACHE_VHOSTS_KNOWN_NAME /wordpress-mu/|R|APACHE_VHOSTS_KNOWN_NAME /wordpress-mu/index.php|R|APACHE_VHOSTS_KNOWN_NAME /work/|R|APACHE_VHOSTS_KNOWN_NAME /wp-content/plugins/phpMyAdmin/|R|APACHE_VHOSTS_KNOWN_NAME /wp-content/plugins/wp-phpmyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /wp_quiz/upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /wpQuiz/upload/index.php|R|APACHE_VHOSTS_KNOWN_NAME /wrm/index.php|R|APACHE_VHOSTS_KNOWN_NAME /~wsdocs/|R|APACHE_VHOSTS_KNOWN_NAME /wsdocs/|R|APACHE_VHOSTS_KNOWN_NAME /WSsamples/|R|APACHE_VHOSTS_KNOWN_NAME /wstats/|R|APACHE_VHOSTS_KNOWN_NAME /wusage/|R|APACHE_VHOSTS_KNOWN_NAME /wwb/index.php|R|APACHE_VHOSTS_KNOWN_NAME /wwh/handlers/getpage.php|R|APACHE_VHOSTS_KNOWN_NAME /wwh/index.html|R|APACHE_VHOSTS_KNOWN_NAME /wwh/index.php|R|APACHE_VHOSTS_KNOWN_NAME /wwh/revert.php|R|APACHE_VHOSTS_KNOWN_NAME /wws/|R|APACHE_VHOSTS_KNOWN_NAME /wws/home|R|APACHE_VHOSTS_KNOWN_NAME /wwsympa/home|R|APACHE_VHOSTS_KNOWN_NAME /www/|R|APACHE_VHOSTS_KNOWN_NAME /www/admin/index.php|R|APACHE_VHOSTS_KNOWN_NAME /www/agc/vicidial.php|R|APACHE_VHOSTS_KNOWN_NAME /www/default.asp|R|APACHE_VHOSTS_KNOWN_NAME /www/index.php|R|APACHE_VHOSTS_KNOWN_NAME /wwwjoin/|R|APACHE_VHOSTS_KNOWN_NAME /wwwlog/|R|APACHE_VHOSTS_KNOWN_NAME /www-sql/|R|APACHE_VHOSTS_KNOWN_NAME /wwwstat/|R|APACHE_VHOSTS_KNOWN_NAME /wwwstats/|R|APACHE_VHOSTS_KNOWN_NAME /xampp/dotproject_2_1_2/dotproject/index.php|R|APACHE_VHOSTS_KNOWN_NAME /xampp/phpmyadmin/|R|APACHE_VHOSTS_KNOWN_NAME /xampp/phpmyadmin/read_dump.phpmain.php|R|APACHE_VHOSTS_KNOWN_NAME /xampp/start.php|R|APACHE_VHOSTS_KNOWN_NAME /xGB/|R|APACHE_VHOSTS_KNOWN_NAME /xml/|R|APACHE_VHOSTS_KNOWN_NAME /xoops-2014rc1/htdocs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /xoops-2014rc1/htdocs/user.php|R|APACHE_VHOSTS_KNOWN_NAME /xoops-230/htdocs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /xoops-230/htdocs/user.php|R|APACHE_VHOSTS_KNOWN_NAME /xoopscelepar/index.php|R|APACHE_VHOSTS_KNOWN_NAME /xoops/htdocs/index.php|R|APACHE_VHOSTS_KNOWN_NAME /xoops/htdocs/install/index.php|R|APACHE_VHOSTS_KNOWN_NAME /xoops/htdocs/user.php|R|APACHE_VHOSTS_KNOWN_NAME /XSL/|R|APACHE_VHOSTS_KNOWN_NAME /xsql/demo/adhocsql/query.xsql|R|APACHE_VHOSTS_KNOWN_NAME /xsql/demo/airport/airport.xsql|R|APACHE_VHOSTS_KNOWN_NAME /xtemp/|R|APACHE_VHOSTS_KNOWN_NAME /XTvWc7Rw.ini|R|APACHE_VHOSTS_KNOWN_NAME /yap/comments.php|R|APACHE_VHOSTS_KNOWN_NAME /yap/index.php|R|APACHE_VHOSTS_KNOWN_NAME /zabbix/index.php|R|APACHE_VHOSTS_KNOWN_NAME /zb41/|R|APACHE_VHOSTS_KNOWN_NAME /zencart/admin/login.php|R|APACHE_VHOSTS_KNOWN_NAME /zen-cart/extras/curltest.php|R|APACHE_VHOSTS_KNOWN_NAME /zencart/extras/curltest.php|R|APACHE_VHOSTS_KNOWN_NAME /zen-cart/includes/initsystem.php|R|APACHE_VHOSTS_KNOWN_NAME /zen-cart/index.php|R|APACHE_VHOSTS_KNOWN_NAME /zentimetracking/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ZenTimeTracking/index.php|R|APACHE_VHOSTS_KNOWN_NAME /zeuscart/index.php|R|APACHE_VHOSTS_KNOWN_NAME /Zeuscart/index.php|R|APACHE_VHOSTS_KNOWN_NAME /zeuscms/index.php|R|APACHE_VHOSTS_KNOWN_NAME /ZeusCMS/index.php|R|APACHE_VHOSTS_KNOWN_NAME /zipfiles/|R|APACHE_VHOSTS_KNOWN_NAME yasat/plugins/system_rights_bsd.data0000640000175000017500000000312612457227301020502 0ustar montjoiemontjoie# PATH DROITS USER GROUP OPTIONS( N R ) /boot|750|root|root|R /root|700|root|root|N /etc/xinetd.conf|640|root|root /etc/xinetd.d|750|root|root|R /etc/inetd.d|750|root|root|R /etc/syslog-ng|750|root|root /etc/syslog-ng/syslog-ng.conf|640|root|root /etc/sudoers|440|root|root /etc/passwd|644|root|root|N /etc/vsftpd.conf|640|root|root /var/log/wtmp|664|root|wheel|N #wtmp is 664 root wheel under freebsd (TODO check under netbsd and openbsd) /var/log/btmp|600|root|utmp /var/log/lastlog|644|root|root|N|Gentoo /var/log/lastlog|644|root|utmp|N|Debian /var/log/faillog|600|root|root /etc/cron.d|750|root|root|R /var/log/openvpn|750|root|root /var/log/munin|750|munin|munin /var/log/mysql|750|mysql|mysql /var/log/ldap_old|750|root|root /var/log/ulogd|750|root|root /var/log/ulogd_arch|750|root|root /var/log/mail_old|750|root|root /var/log/amavis_old|750|root|root /etc/lilo.conf|600|root|root /etc/apache2|750|root|root|R /var/lib/mysql|750|mysql|mysql|R||gw /etc/vsftpd|750|root|root|R /etc/snmp|750|root|root|R /etc/mysql|750|root|root|R /etc/mysql/my.cnf|640|root|root /etc/mysql/debian.cnf|640|root|root /etc/postfix|750|root|root|R /etc/nagios|750|root|nagios /etc/nagios/nagios.cfg|640|root|nagios /etc/nagios/cgi.cfg|640|root|nagios /etc/nagios/ndo2db.cfg|640|root|nagios /etc/nagios/ndomod.cfg|640|root|nagios /etc/nagios/resource.cfg|640|root|nagios /etc/nagios/objects|750|root|nagios|R /etc/saslauthd.conf|640|root|saslauth /etc/ulogd.conf|640|root|root /etc/sysctl.conf|640|root|root /etc/rsyncd.conf|640|root|root /etc/logrotate.conf|640|root|root /etc/freshclam.conf|640|root|root /etc/clamd.conf|640|root|root yasat/plugins/ssl.test0000640000175000017500000001125212457227301015614 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ #Red Hat have PKI under /etc/pki SSL_REP="`echo ${SCAN_ROOT}/etc/ssl | sed 's,//*,/,g'`" #TODO check value of default_bits for < 2048 #TODO default_md Title "Check SSL" if [ ! -e "$SCAN_ROOT/$SSL_REP" ] ; then if [ -e "$SCAN_ROOT/etc/pki" ] ; then SSL_REP="`echo $SCAN_ROOT/etc/pki | sed 's,//*,/,g'`" fi fi if [ -e "$SSL_REP" ];then Display --indent 2 --text "$SSL_REP" --result FOUND --color BLUE RESULTAT=`find $SSL_REP ! -user root -exec ls {} \;` if [ ! -z "$RESULTAT" ] ; then Display --indent 2 --text "owner of $SSL_REP " --result WARNING --color RED echo " $RESULTAT" else Display --indent 2 --text "owner of $SSL_REP " --result OK --color GREEN fi if [ -d $SSL_REP/private ] ; then TMP_RESULT="${TEMPYASATDIR}/ssl_private.tmp" check_directory_others "$SSL_REP/private" "$TMP_RESULT" 2 SSL_BAD_PRIVATE_RIGHT fi fi POSSIBLE_JAVA_DIR="" KEYSTORE_PASSWORD='changeit' TMP_RESULT="${TEMPYASATDIR}/java.out" KEYSTORE='/usr/lib/jvm/sun-jdk-1.6/jre/lib/security/cacerts' #TODO find -L /usr/lib/jvm/ TMP_LIST="${TEMPYASATDIR}/list.out" TMP_CERT="${TEMPYASATDIR}/tmp_cert.out" STAT_NB=0 STAT_TOTAL=0 CERT_INVALID_LIST="${TEMPYASATDIR}/clist.out" echo "" > $CERT_INVALID_LIST Check_tool_presence certutil LOCAL if [ $? -eq 0 ] ; then Display --indent 2 --text "certutil tool" --result FOUND --color BLUE my_getent cut -d\: -f6 ${MY_PASSWD} | sort | uniq | while read homedir do #TODO location of .evolution ? if [ -e "$homedir/.mozilla/firefox/profiles.ini" ] ; then for profile in `grep '^Path=' "${homedir}/.mozilla/firefox/profiles.ini" | sed 's/^Path=//'` do Display --indent 2 --text "Check certificate in ${homedir}/.mozilla/firefox/$profile" --result INFO --color BLUE check_nss_certificate 4 "${homedir}/.mozilla/firefox/$profile" done fi if [ -e "$homedir/.thunderbird/profiles.ini" ] ; then for profile in `grep '^Path=' "${homedir}/.thunderbird/profiles.ini" | sed 's/^Path=//'` do Display --indent 2 --text "Check certificate in ${homedir}/.thunderbird/$profile" --result INFO --color BLUE check_nss_certificate 4 "${homedir}/.thunderbird/$profile" done fi done else Display --indent 2 --text "certutil tool" --result NOTFOUND --color BLUE fi if [ -e "$TMP_CERT" ];then rm $TMP_CERT fi if [ -e "$SSL_REP/certs" ] ; then Display --indent 2 --text "Check certificate in $SSL_REP/certs" --result INFO --color BLUE find $SSL_REP/certs ! -type d | grep -v README > $TMP_LIST while read line do if [ -e "$line" -a ! -d "$line" ] ;then check_certificate "$line" 2 if [ $RESULTAT = 'BAD' ] ; then STAT_NB=$(($STAT_NB+1)) echo "$line" >> $CERT_INVALID_LIST fi STAT_TOTAL=$(($STAT_TOTAL+1)) fi done < $TMP_LIST #echo $STAT_NB $STAT_TOTAL fi STAT_NB=0 STAT_TOTAL=0 Check_tool_presence keytool LOCAL if [ $? -eq 0 ] ; then Display --indent 2 --text "keytool tool" --result FOUND --color BLUE #TODO detect other path of keystore # /etc/java-6-sun/security/cacerts # /usr/lib/jvm/java-6-sun:jre/lib/security/cacerts if [ -e $KEYSTORE ] ; then echo "$KEYSTORE_PASSWORD" | keytool -keystore $KEYSTORE -list 2> /dev/null | grep trustedCertEntry |cut -d\, -f1 > $TMP_LIST #TODO check return code of keytool while read calias do # Display --indent 2 --text "Cert $calias" --result FOUND --color BLUE echo "$KEYSTORE_PASSWORD" | keytool -keystore $KEYSTORE -exportcert -alias $calias -rfc > $TMP_RESULT 2> /dev/null #TODO check return code of keytool check_certificate $TMP_RESULT 4 "$calias" if [ $RESULTAT = 'BAD' ] ; then STAT_NB=$(($STAT_NB+1)) fi STAT_TOTAL=$(($STAT_TOTAL+1)) rm $TMP_RESULT done < $TMP_LIST echo $STAT_NB $STAT_TOTAL fi fi return 0; yasat/plugins/accounting.advice0000640000175000017500000000351412457227301017423 0ustar montjoiemontjoieEN,ACCOUNTING_NOT_ENABLED=Enable the accounting with accton See https://savannah.gnu.org/projects/acct/ ADVICEEND EN,ACCOUNTING_BSD_NOT_ENABLED=Enable the accounting in rc.conf with accounting_enable=YES See http://www.freebsd.org/doc/en/books/handbook/security-accounting.html ADVICEEND EN,ACCOUNTING_MISSING_FILE=This file is missing, touch it /var/log/wtmp, /var/log/btmp, /var/log/faillog, /var/log/lastlog are used for recording logins. It is not normal that it doesn't exists ADVICEEND EN,ACCOUNTING_BTMP=Create this file for the lastb command Lastb is the same as last command, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts. See man lastb for more informations.
touch /var/log/btmp && chmod 600 /var/log/btmp
The permissions can be different for some Operating systems (Debian Etch use 660). ADVICEEND EN,ACCOUNTING_FAILLOG=Create this file for the faillog command faillog displays the contents of the failure log database (/var/log/faillog). It can also set the failure counters and limits See man faillog for more informations
touch /var/log/faillog && chmod 600 /var/log/faillog
ADVICEEND EN,INSTALL_AUDITD=Install the auditd daemon auditd is a usefull daemon. TODO add more infos ADVICEEND EN,DO_NOT_USE_DES=DES is considered broken DES should be considered cryptographically broken and so not to be used for hashing password. Use a better algorithm like sha256/sha512. ADVICEEND EN,DO_NOT_USE_MD5=MD5 is considered broken MD5 should be considered cryptographically broken and so not to be used for hashing password. Use a better algorithm like sha256/sha512. ADVICEEND yasat/plugins/binaries.advice0000640000175000017500000000316412457227301017066 0ustar montjoiemontjoieEN,BINARIES_UNKNOWN=This binary is not in yasat's SetUID db It is probably a legitimate binary that I do not know of. Please send it's name to me. ADVICEEND EN,BINARIES_BAD_RIGHT=THIS CHECK IS IN DEVELOPMENT EN,BINARIES_NO_AIDE=Install AIDE integrity checker AIDE is a file integrity checker, it makes a database of checksums of your files for later comparison. See http://aide.sourceforge.net ADVICEEND EN,BINARIES_NO_TRIPWIRE=Install TRIPWIRE integrity checker ADVICEEND EN,BINARIES_NO_CHKROOTKIT=Install chkrootkit See http://www.chkrootkit.org/ ADVICEEND EN,BINARIES_REMOVE_SETUID=Limit the number of set-uid binary Some set-uid binaries might be unnecessary. If your system is used only by root for example, you can remove set-uid from ping, mount, and umount ADVICEEND EN,BINARIES_NO_POSIXCAPSTOOLS=I cannot test POSIX CAPS for your setuid binaries Install either libcap or libcap-ng for testing the usuability of POSIX CAPS for your setuid binaries ADVICEEND EN,BINARIES_CAN_HAVE_POSIX_CAPS=You can set POSIX CAPS You can set POSIX CAPS with setcap (or filecap) setcap cap_net_raw+ep /bin/ping See https://wiki.archlinux.org/index.php/Using_File_Capabilities_Instead_Of_Setuid See http://www.friedhoff.org/posixfilecaps.html ADVICEEND EN,BINARIES_NO_SAMHAIN=Install SamHain See http://la-samhna.de/samhain/index.html ADVICEEND yasat/plugins/system_user.firefox0000640000175000017500000000057712457227301020070 0ustar montjoiemontjoiesecurity.warn_viewing_mixed,SYSTEM_USER_FIREFOX_MIXED_HTTPS app.update.auto,SYSTEM_USER_FIREFOX_NO_AUTO_UPDATE security.warn_entering_weak,TODO xpinstall.whitelist.required,TODO browser.safebrowsing.malware.enabled,TODO browser.safebrowsing.enabled,TODO security.OCSP.enabled,TODO browser.cache.disk_cache_ssl,TODO network.http.sendSecureXSiteReferrer,TODO security.enable_ssl2,TODO yasat/plugins/mysql.test0000640000175000017500000001524012457227301016161 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ #TODO check mysql_history #TODO check ~/.my.cnf #TODO check if DATADIR is a separate partition #TODO SSL #TODO check test databases (hint to remove it) #TODO check test/guest user #TODO check empty password and password length #TODO skip-networking #TODO check socket = ???? #TODO set-variable=local-infile=0 in [mysqld] http://dev.mysql.com/doc/refman/5.1/en/load-data-local.html #TODO innodb_support_xa sync_binlog #TODO set-variable=local-infile=0 MYSQL_CONF="/etc/mysql/my.cnf" for LOCATION in ${POSSIBLE_MYSQL_CONF_REP} do if [ -e "${LOCATION}/" ] then MYSQL_CONF="${LOCATION}" fi done Title "Check mysql" if [ ! -e "$MYSQL_CONF" ] then return 1; fi #TODO check includedir FindValueOfEqual $MYSQL_CONF '!includedir' JUSTTEST if [ ! -z "$RESULTAT" ] ; then Display --indent 2 --text "includedir" --result $RESULTAT --color BLUE fi FindValueOfEqual $MYSQL_CONF user JUSTTEST if [ ! -z "$RESULTAT" ] ; then if [ "$RESULTAT" = "root" ] ; then Display --indent 2 --text "user" --result $RESULTAT --color RED --advice MYSQL_RUN_AS_ROOT else Display --indent 2 --text "user" --result $RESULTAT --color GREEN #I dont use getent because I think that mysql will be never on LDAP or such MYSQLSHELL=`grep "$RESULTAT" /etc/passwd | cut -d\: -f7` if [ `echo $MYSQLSHELL |grep 'sh' ` ] then Display --indent 2 --text "Shell de mysql $MYSQLSHELL Incorrect " --result WARNING --color RED --advice MYSQL_USER_HAVE_SHELL else Display --indent 2 --text "Shell de mysql $MYSQLSHELL Correct " --result OK --color GREEN fi fi else Display --indent 2 --text "user" --result NOTFOUND --color RED fi #my.cnf is used by other client app than mysqld, so perhaps 644 is needed #MYSQL_CONF_RIGHT="`stat $STAT_RIGHT $MYSQL_CONF`" #if [ "$MYSQL_CONF_RIGHT" -ge 640 ] #then # Display --indent 2 --text "Rights of $MYSQL_CONF" --result "$MYSQL_CONF_RIGHT" --color RED --advice GLOBAL_FILE_CHMOD640 #else # Display --indent 2 --text "Rights of $MYSQL_CONF" --result OK --color GREEN #fi if [ -e /etc/mysql/debian.cnf ] then MYSQL_CONF_RIGHT="`stat $STAT_RIGHT /etc/mysql/debian.cnf`" if [ "$MYSQL_CONF_RIGHT" -gt 600 ] then Display --indent 2 --text "Rights of /etc/mysql/debian.cnf" --result "$MYSQL_CONF_RIGHT" --color RED --advice GLOBAL_FILE_CHMOD600 else Display --indent 2 --text "Rights of /etc/mysql/debian.cnf" --result OK --color GREEN fi fi #log is full log of requests, FindValueOfEqual $MYSQL_CONF log JUSTTEST if [ ! -z "$RESULTAT" ] ; then Display --indent 2 --text "log" --result FOUND --color RED --advice MYSQL_LOG else Display --indent 2 --text "log" --result NOTFOUND --color GREEN fi CheckPresenceOf $MYSQL_CONF innodb_file_per_table JUSTTEST if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "innodb_file_per_table" --result OK --color GREEN else Display --indent 2 --text "No innodb_file_per_table" --result ADVICE --color ORANGE fi FindValueOfEqual $MYSQL_CONF bind-address JUSTTEST if [ ! -z "$RESULTAT" ] then if [ "$RESULTAT" = "127.0.0.1" ] then Display --indent 2 --text "bind-address" --result $RESULTAT --color GREEN else Display --indent 2 --text "bind-address" --result $RESULTAT --color ORANGE fi else Display --indent 2 --text "bind-address" --result NOTFOUND --color RED --advice MYSQL_CONF_BIND fi #log_slow_queries = /var/log/mysql/mysql-slow.log #long_query_time = 2 #log-queries-not-using-indexes #if log-bin presence then there must be expire_logs_days FindValueOfEqual $MYSQL_CONF log-bin JUSTTEST if [ ! -z "`cat $MYSQL_CONF | grep '^log-bin$' `" ] then RESULTAT='on' fi if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "log-bin" --result $RESULTAT --color BLUE --advice MYSQL_CONF_BINLOGS if [ -z "`cat $MYSQL_CONF | grep '^expire_logs_days' `" ] then Display --indent 4 --text "log-bin without expire_logs_days" --result NOTFOUND --color RED --advice MYSQL_CONF_NO_EXPIRELOGSDAYS else Display --indent 4 --text "expire_logs_days" --result FOUND --color GREEN fi fi FindValueOfEqual $MYSQL_CONF log_slow_queries JUSTTEST if [ ! -z "$RESULTAT" ] ; then Display --indent 2 --text "log_slow_queries" --result $RESULTAT --color GREEN else Display --indent 2 --text "log_slow_queries" --result NOTFOUND --color RED --advice MYSQL_CONF_NO_SLOWQUERY_LOG fi FindValueOfEqual $MYSQL_CONF innodb_support_xa JUSTTEST if [ ! -z "$RESULTAT" ] ; then Display --indent 2 --text "innodb_support_xa" --result $RESULTAT --color BLUE else Display --indent 2 --text "innodb_support_xa" --result NOTFOUND --color BLUE fi FindValueOfEqual $MYSQL_CONF sync_binlog JUSTTEST if [ ! -z "$RESULTAT" ] ; then Display --indent 2 --text "sync_binlog" --result $RESULTAT --color BLUE else Display --indent 2 --text "sync_binlog" --result NOTFOUND --color BLUE fi #Check_auto_start $MYSQLD_PACKAGE_NAME #if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] #then # Display --indent 2 --text "$MYSQLD_PACKAGE_NAME is started at boot" --result UNKNOWN --color BLUE #else # if [ "$RESULTAT" = "yes" ] # then # Display --indent 2 --text "$MYSQLD_PACKAGE_NAME is started at boot" --result YES --color BLUE # else # Display --indent 2 --text "$MYSQLD_PACKAGE_NAME is started at boot" --result NO --color GREEN # fi #fi Is_installed_via_package_manager $MYSQLD_PACKAGE_NAME if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] then Display --indent 2 --text "$MYSQLD_PACKAGE_NAME installation" --result UNKNOWN --color BLUE else if [ "$RESULTAT" = "yes" ] then Display --indent 2 --text "$MYSQLD_PACKAGE_NAME is installed by package" --result GOOD --color GREEN else Display --indent 2 --text "$MYSQLD_PACKAGE_NAME is installed at hand" --result BAD --color ORANGE --advice GLOBAL_PACKAGE_INSTALLED_AT_HAND fi fi return 0; yasat/plugins/binaries.caps0000640000175000017500000000135212457227301016556 0ustar montjoiemontjoie#all POSIX CAPS is at /usr/include/linux/capability.h # # list taken from http://coupleprogramming.eu/blog/?p=103 # https://wiki.archlinux.org/index.php/Using_File_Capabilities_Instead_Of_Setuid # # CAPS listed in upcase or not chage=CAP_DAC_READ_SEARCH chsh=CAP_CHOWN,CAP_DAC_READ_SEARCH,CAP_FSETID,CAP_SETUID chfn=CAP_CHOWN,CAP_DAC_READ_SEARCH,CAP_FSETID,CAP_SETUID dumpcap=net_admin,net_raw #gpasswd=cap_chown cap_dac_override cap_setuid mount=CAP_DAC_OVERRIDE,CAP_SYS_ADMIN #newgrp=cap_dac_override,cap_setgid passwd=CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER ping net_raw traceroute net_raw umount=CAP_DAC_OVERRIDE,CAP_SYS_ADMIN,CAP_CHOWN unix_chkpwd=CAP_DAC_OVERRIDE wireshark=net_raw Xorg=cap_chown,cap_dac_override,cap_sys_rawio,cap_sys_admin yasat/plugins/apache_vhosts.advice0000640000175000017500000000555712457227301020131 0ustar montjoiemontjoieEN,APACHE_VHOSTS_OPTIONS_INDEXES=Disable the directory's content providing See http://httpd.apache.org/docs/2.0/mod/core.html#options ADVICEEND EN,APACHE_VHOSTS_OPTIONS_EXECCGI=Disable the possibility to use CGI scripts See http://httpd.apache.org/docs/2.0/mod/core.html#options And also http://httpd.apache.org/docs/2.2/misc/security_tips.html#cgi ADVICEEND EN,APACHE_VHOSTS_NO_ORDER_CLAUSE=Add an order allow,deny clause to your vhost ADVICEEND EN,APACHE_VHOSTS_DOCROOT_BADGROUP=The docroot's files must be group owned by apache and not user owned It is preferable that apache does not own the files that it serves. ADVICEEND EN,APACHE_VHOSTS_DOCROOT_OTHERRIGHTS=The docroot's files must not be readable by others Only apache and root (or some webadmin user) have to read apache s files. ADVICEEND EN,APACHE_VHOSTS_DOCROOT_GROUPW=The docroot's files must not be writable by apache Generally, apache does not have to write to the files it serves. ADVICEEND EN,APACHE_VHOSTS_KNOWN_NAME=TODO is this location useful? ADVICEEND EN,APACHE_VHOSTS_NO_ROBOTS_TXT=You can put a robots.txt for controlling where the search engine goes For more informations, see http://www.robotstxt.org ADVICEEND EN,APACHE_VHOSTS_NO_ACCESSLOG=Define an accesslog Example:
CustomLog /var/log/apache2/access_log common
See http://httpd.apache.org/docs/2.2/logs.html#accesslog http://httpd.apache.org/docs/2.2/misc/security_tips.html#watchyourlogs ADVICEEND EN,APACHE_VHOSTS_NO_ERRORLOG=Define an errorlog See http://httpd.apache.org/docs/2.2/logs.html#errorlog http://httpd.apache.org/docs/2.2/misc/security_tips.html#watchyourlogs ADVICEEND EN,APACHE_VHOSTS_AUTHFILE_NOTFOUND=You have defined an authfile, but I can't find it Check your configuration http://httpd.apache.org/docs/2.0/mod/mod_auth.html#authuserfile ADVICEEND EN,APACHE_VHOSTS_VAR_WWW=It's preferable to use a docroot like /var/www/servername/ If you want to have many vhosts, it's preferable to arrange it like that. ADVICEEND EN,APACHE_VHOSTS_NO_DOCROOT=Define a documentroot See http://httpd.apache.org/docs/current/mod/core.html#documentroot ADVICEEND #http://httpd.apache.org/docs/2.2/misc/security_tips.html yasat/plugins/logwatch.advice0000640000175000017500000000606112457227301017101 0ustar montjoiemontjoieEN,LOGWATCH_TMPDIR_OTHER_READABLE=The TmpDir used by logwatch should not be readble by others. Letting others read the temporary directory logwatch uses leads to unnecessary information leakage. If /tmp is used, consider moving the TmpDir to another folder with no others permission. ADVICEEND EN,LOGWATCH_SAVE_OTHER_READABLE=The Save directory used by logwatch should no be readable by others. Letting others read the logwatch reports leads to unnecessary information leakage. ADVICEEND EN,LOGWATCH_LOW_DETAIL_SETTING=Low detail setting can lead to loss of important information. EN,LOGWATCH_PROBLEMATIC_RANGE_TODAY=Using the log from today can lead to loss of infornation. Because the day is not over when logwatch is executed there is no way to ensure that all of todays logs are parsed. ADVICEEND EN,LOGWATCH_PROBLEMATIC_RANGE_ALL=Using all logs can be too much. Parsing all logs can yeild too much information, make the logwatch report less useful because the timeline is too long and it can take a very long time depending on how often the logs are rotated. ADVICEEND EN,LOGWATCH_CHECK_ALL_SERVICES=You could be missing important information Because all services are not checked, messages from some services doesn't get included in the logwatch report. ADVICEEND EN,LOGWATCH_DISABLED_SERVICE_CHECK=You should check whether the disabled checks are needed. EN,LOGWATCH_TMPDIR_DEFAULT=The default setting is /var/cache/logwatch. EN,LOGWATCH_NO_SERVICES_FOUND=No Services are checked! There is little use for logwatch if no services are checked. Make sure that at least the most important services are checked. ADVICEEND EN,LOGWATCH_NO_LOGDIR=The LogDir is either a file or doesn't exist. The LogDir directive should point to where your system logs are. There is little use for logwatch if it doesn't parse your logs. ADVICEEND EN,LOGWATCH_LOGDIR_OTHER_WRITABLE=LogDir should not be writable by anyone other than the owner. EN,LOGWATCH_ONLY_ONE_LOGFILE=Checking only one logfile can lead to loss of information. Because not all services log to the system logger and there might be some filters on the file that is checked. At least make sure that all logmessages from the system logger are logged to the checked logfile. ADVICEEND EN,LOGWATCH_NO_LOGS_CHECKED=Could not find any logfiles that are to be checked. There is little use for logwatch if no logs are parsed. ADVICEEND EN,LOGWATCH_DEFAULT_SETTING=Consider setting this directive in the config. EN,LOGWATCH_NO_LOGS_CHECKED=Could not find any logfiles that are to be checked. There is little use for logwatch if no logs are parsed. ADVICEEND EN,LOGWATCH_TMPDIR_NOT_FOUND=Isn't a directory. If you want to save logreports you should either edit the TmpDir directive or make the directory the directive is set to use. ADVICEEND EN,LOGWATCH_ARCHIVES_NOT_CHECKED=Log archives are not parsed. This should be enabled. There is no guarantee that all the logs from a given day are parsed by logwatch, because of logrotation. ADVICEEND EN,LOGWATCH_HOSTLIMIT_NO=Unless this is logserver, HostLimit should be enabled. yasat/plugins/storage.test0000750000175000017500000000714212457227301016464 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check HDD monitoring" for hdd_base in hd sd md do SUFIX='a b c d e f g' if [ $hdd_base = 'md' ] ; then if [ '1' = '0' ];then SUFIX=`seq 0 10` else SUFIX='0 1 2 3 4 5 6 7 8 9 10' fi fi for i in $SUFIX do if [ -e /sys/block/${hdd_base}${i} ] ;then Display --indent 2 --text "Device /dev/${hdd_base}${i}" --result FOUND --color BLUE if [ -e sys/block/${hdd_base}${i}/queue/read_ahead_kb ] ;then READ_AHEAD="`cat /sys/block/${hdd_base}${i}/queue/read_ahead_kb`" #on some server I saw a read_ahead of 4096 that is too high if [ $READ_AHEAD -ge 1025 ] ;then Display --indent 4 --text "Read_ahead of /dev/${hdd_base}${i}" --result "$READ_AHEAD" --color ORANGE --advice HDD_READ_AHEAD_HIGH else Display --indent 4 --text "Read_ahead of /dev/${hdd_base}${i}" --result "$READ_AHEAD" --color GREEN fi fi #http://mirror.linux.org.au/pub/linux.conf.au/2008/slides/130-lca2008-nfs-tuning-secrets-d7.odp #1 is bad if [ -e /sys/block/${hdd_base}${i}/device/queue_depth ] ;then QUEUE_DEPTH="`cat /sys/block/${hdd_base}${i}/device/queue_depth`" Display --indent 4 --text "queue_depth of /dev/${hdd_base}${i}" --result "$QUEUE_DEPTH" --color BLUE fi MAX_SECTOR="`cat /sys/block/${hdd_base}${i}/queue/max_sectors_kb`" Display --indent 4 --text "max_sector_kb of /dev/${hdd_base}${i}" --result "$MAX_SECTOR" --color BLUE if [ -e /sys/block/${hdd_base}${i}/queue/scheduler ] ;then SCHEDULER="`cat /sys/block/${hdd_base}${i}/queue/scheduler`" Display --indent 4 --text "scheduler of /dev/${hdd_base}${i}" --result "$SCHEDULER" --color BLUE fi #TODO https://ata.wiki.kernel.org/index.php/ATA_4_KiB_sector_issues #check physical_block_size and logical_block_size fi done done #TODO use check_tool smartctl --version > /dev/null 2>> ${ERROR_OUTPUT_FILE} if [ $? -eq 127 ] then Display --indent 2 --text "No smartctl binary" --result WARNING --color RED --advice HDD_SMARTCTL return 1; fi Display --indent 2 --text "smartctl binary" --result FOUND --color GREEN #TODO check smartd and raid utils?? #RAID hw can be found with a lspci |grep RAID bus controller #lspci is a prerequis #TODO use checktool lspci > /dev/null 2>> $ERROR_OUTPUT_FILE if [ $? -eq 127 ] ;then Display --indent 2 --text "lspci" --result NOTFOUND --color BLUE --advice TODO else RAIDHW="`lspci | grep 'RAID bus controller'`" if [ -z "$RAIDHW" ] then Display --indent 2 --text "RAID bus controller" --result NOTFOUND --color BLUE --advice TODO else Display --indent 2 --text "RAID bus controller" --result FOUND --color BLUE --advice TODO fi fi return 0; yasat/plugins/java.test0000640000175000017500000000364712457227301015745 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check Java" return 0; POSSIBLE_JAVA_DIR="" KEYSTORE_PASSWORD='changeit' TMP_RESULT="${TEMPYASATDIR}/java.out" KEYSTORE='/usr/lib/jvm/sun-jdk-1.6/jre/lib/security/cacerts' TMP_LIST="${TEMPYASATDIR}/list.out" TMP_CERT="${TEMPYASATDIR}/tmp_cert.out" STAT_NB=0 STAT_TOTAL=0 CERT_INVALID_LIST="${TEMPYASATDIR}/clist.out" echo "$KEYSTORE_PASSWORD" | keytool -keystore $KEYSTORE -list 2> /dev/null | grep trustedCertEntry |cut -d\, -f1 > $TMP_LIST #TODO check return code of keytool while read calias do Display --indent 2 --text "Cert $calias" --result FOUND --color BLUE echo "$KEYSTORE_PASSWORD" | keytool -keystore $KEYSTORE -exportcert -alias $calias -rfc > $TMP_RESULT 2> /dev/null check_certificate $TMP_RESULT 4 if [ $RESULTAT = 'BAD' ] ; then STAT_NB=$(($STAT_NB+1)) fi STAT_TOTAL=$(($STAT_TOTAL+1)) rm $TMP_RESULT done < $TMP_LIST echo $STAT_NB $STAT_TOTAL return 0; yasat/plugins/logging.advice0000640000175000017500000000125012457227301016712 0ustar montjoiemontjoieEN,SYSTEM_LOG_TWO_LOGGERS=Strange, you have two system loggers Certainly a yasat bug... ADVICEEND EN,SYSTEM_LOG_NO_LOGGERS=Configure and run a system logger Install a system logger like syslog-ng, or any other you might prefer. If you have already a system logger runnning and yasat doesn't report it, please let me know. ADVICEEND EN,SYSLOGNG_NOLOGHOST=Set up a remote logging server Centralize your logs in a dedicated server TODO ADVICEEND EN,SYSLOG_NOLOGHOST=Set up a remote logging server Centralize your logs in a dedicated server TODO ADVICEEND EN,RSYSLOG_NOLOGHOST=Set up a remote logging server Centralize your logs in a dedicated server TODO ADVICEEND yasat/plugins/logrotate.advice0000640000175000017500000000007112457227301017264 0ustar montjoiemontjoieEN,LOGROTATE_NOT_ROTATED=Define logrotation for this log yasat/plugins/boot.test0000640000175000017500000000310712457227301015756 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ TESTNAME='YASAT_TEST_BOOT_BOOTLOADER_PASSWORD Set Boot Loader Password' Compliance --result 'NOTIMPL' --plugin 'boot' --type 'NSAG' --cid '2.3.5.2' --cce 4144-2 --cce 3923-0 --cce 3818-2 --cce 4197-0 TESTNAME='YASAT_TEST_BOOT_REQUIRE_AUTHENT Require Authentication for Single-User Mode' Compliance --result 'NOTIMPL' --plugin 'boot' --type 'NSAG' --cid '2.3.5.3' --cce 4241-6 TESTNAME='YASAT_TEST_BOOT_DISABLE_INTERACTIVE_BOOT Disable Interactive Boot' Compliance --result 'NOTIMPL' --plugin 'boot' --type 'NSAG' --cid '2.3.5.4' --cce 4245-7 return 0; yasat/plugins/gnome.test0000640000175000017500000000236712457227301016127 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ TESTNAME='YASAT_GNOME_TODO TODO' Compliance --result 'NOTIMPL' --plugin 'gnome' --nsag '2.2.2.4' --cce '4231-7' TESTNAME='YASAT_GNOME_TODO TODO' Compliance --result 'NOTIMPL' --plugin 'gnome' --nsag '2.2.2.6' return 0; yasat/plugins/ssl.advice0000640000175000017500000000012612457227301016066 0ustar montjoiemontjoieEN,SSL_BAD_PRIVATE_RIGHT=This directory and its contents must not have others rights. yasat/plugins/php_conf.advice0000640000175000017500000000517012457227301017065 0ustar montjoiemontjoieEN,PHP_CONF_SAFEMODE=If possible use safe_mode See http://php.net/manual/en/features.safe-mode.php ADVICEEND EN,PHP_CONF_REGISTER_GLOBALS=Don't use register-globals!! See http://www.php.net/manual/en/ini.core.php#ini.register-globals ADVICEEND EN,PHP_CONF_ALLOW_URL_INCLUDE=Don't use allow_url_include See http://php.net/manual/en/filesystem.configuration.php See also http://blog.php-security.org/archives/45-PHP-5.2.0-and-allow_url_include.html ADVICEEND EN,PHP_CONF_SORT_OPEN_TAG=Don't use short_open_tag See http://php.net/manual/en/ini.core.php ADVICEEND EN,PHP_CONF_DISPLAY_ERRORS=Don't display php errors, log them On a production site, errors can give away information to malicious people. See http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors ADVICEEND EN,PHP_CONF_ENABLE_DL=Set enable_dl to off See http://php.net/manual/en/function.dl.php ADVICEEND EN,PHP_CONF_EXPOSE_PHP=Set expose_php to off See http://phpsec.org/projects/phpsecinfo/tests/expose_php.html ADVICEEND EN,PHP_CONF_FILE_UPLOADS=Set file_uploads to off if possible If your site doesn't need to upload files, disable this functionality. See http://phpsec.org/projects/phpsecinfo/tests/file_uploads.html ADVICEEND EN,PHP_CONF_REGISTER_LONG_ARRAYS=Set it to off, it's deprecated This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged. See http://www.php.net/manual/en/ini.core.php#ini.register-long-arrays ADVICEEND EN,PHP_CONF_REGISTER_ARGC_ARGV=Set it to off TODO, why must it be set to off ? See http://www.php.net/manual/en/ini.core.php#ini.register-argc-argv ADVICEEND EN,PHP_CONF_EXECCOMM=This function can launch dangerous commands EN,PHP_CONF_INFODISCLOSURE=This function can display confidential information EN,PHP_CONF_PHPSESSID=Change the default PHPSESSID name yasat/plugins/system_user.test0000640000175000017500000002634112457227301017402 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ # PLUGINDESC="Check all users present in the auth database(/etc/passwd)" # OPT_TOOLS="getent which" Title "Check system user" POSSIBLE_USELESS_USER='games uucp news toor proxy irc gnats gopher' BASEHOME="/home" PASSFILE="/etc/shadow" TMP_LEAK_PASSWORD_FILE="$TEMPYASATDIR/yasat.leak" if [ "${OS_TYPE}" = "BSD" ] ;then PASSFILE="/etc/master.passwd" fi #Check for readability of PASSFILE (Enforced SELinux deny it for example) if [ -e "$PASSFILE" ];then cat $PASSFILE > /dev/null if [ $? -eq 1 ] ;then Display --indent 2 --text "$PASSFILE is unreadable (inexistant or access denied)" --result ERROR --color RED PASSFILE='non-readable' fi fi my_getent ALLUSER=`grep -v '^#' ${MY_PASSWD} | cut -d\: -f1` for iuser in $ALLUSER do #HOMEUSER=`grep "^${iuser}:" /etc/passwd | cut -d\: -f6` HOMEUSER=`grep "^${iuser}:" ${MY_PASSWD} | cut -d\: -f6` #USERSHELL=`grep "^${iuser}:" /etc/passwd | cut -d\: -f7` USERSHELL=`grep "^${iuser}:" ${MY_PASSWD} | cut -d\: -f7` PRIMARYGROUP="`id -gn ${iuser}`" if [ ! -e "${HOMEUSER}" ] ;then Display --indent 2 --text "The home of $iuser, ${HOMEUSER} dont exist" --result NOTFOUND --color ORANGE --advice SYSTEM_USER_NO_HOMEDIR HOMEUSER="$BASEHOME/$iuser/" fi if [ -e "${HOMEUSER}" ] ;then Display --indent 2 --text "Check $iuser ${HOMEUSER} " --result FOUND --color GREEN if [ "${HOMEUSER}" = "/" ] ;then Display --indent 4 --text "homedir is /" --result WARNING --color RED --advice SYSTEM_USER_HOMEDIR_ROOT_SLASH fi if [ -e "${HOMEUSER}/.bashrc" ] ;then UMASK="`grep 'umask 027' ${HOMEUSER}/.bashrc`" if [ -z "$UMASK" ] ;then Display --indent 4 --text "bad umask in bashrc (not 027)" --result WARNING --color RED --advice SYSTEM_USER_UMASK fi fi #TODO check valid shells for warning about "no pass and shells" #TODO differenciate desactivated account than other if [ -e "$PASSFILE" ] ; then PASSWORD=`grep ^${iuser}\: $PASSFILE | cut -d\: -f2` if [ "$PASSWORD" = '*' ] ;then if [ ! -z "`echo $USERSHELL | grep -v 'nologin' |grep -v 'bin/false'`" ] then Display --indent 4 --text "No pass and shell, why?" --result WARNING --color ORANGE --advice SYSTEM_USER_NOPASS_AND_SHELL fi fi if [ "$PASSWORD" = '!' ] ;then if [ ! -z "`echo $USERSHELL | grep -v 'nologin' |grep -v 'bin/false'`" ] then Display --indent 4 --text "No pass and shell, why?" --result WARNING --color ORANGE --advice SYSTEM_USER_NOPASS_AND_SHELL fi fi #Password is empty, bad if [ "$PASSWORD" = '' ] ;then Display --indent 4 --text "Password is empty" --result ERROR --color RED fi fi #end of if PASSFILE if [ -e "${HOMEUSER}/.ssh/" ];then if [ `stat $STAT_RIGHT ${HOMEUSER}/.ssh/` != '700' ];then Display --indent 4 --text "${HOMEUSER}/.ssh is not 700" --result WARNING --color RED --advice SYSTEM_USER_DOTDIR else Display --indent 4 --text "${HOMEUSER}/.ssh" --result OK --color GREEN fi # find ${HOMEUSER}/.ssh/ ! -user $iuser -ls TMP_RESULT="${TEMPYASATDIR}/ssh_others" check_directory_owner "${HOMEUSER}/.ssh/" $iuser $TMP_RESULT 4 'TODO' # find ${HOMEUSER}/.ssh/ -perm $ORWX -ls check_directory_others "${HOMEUSER}/.ssh/" $TMP_RESULT 4 GLOBAL_FILE_OTHER_READABLE if [ -e "${HOMEUSER}/.ssh/authorized_keys" -o -e "${HOMEUSER}/.ssh/authorized_keys2" ];then Display --indent 4 --text "authorized_keys" --result FOUND --color GREEN #TODO check this files (content) fi #TODO check keysize for < 2048bits (find a good link to explain why) if [ -e "${HOMEUSER}/.ssh/id_rsa" -o -e "${HOMEUSER}/.ssh/id_rsa.pub" ] ;then KEY_SIZE="`ssh-keygen -l -f ${HOMEUSER}/.ssh/id_rsa | cut -d\ -f1`" Display --indent 4 --text "RSA keys found ($KEY_SIZE bits)" --result OK --color GREEN check_private_key "${HOMEUSER}/.ssh/id_rsa" 4 'ssh' "${iuser}" "$PRIMARYGROUP" fi if [ -e "${HOMEUSER}/.ssh/id_dsa" -o -e "${HOMEUSER}/.ssh/id_dsa.pub" ] ;then #I have read somewhere that DSA is only 1024, so perhaps reading keysize is useless KEY_SIZE="`ssh-keygen -l -f ${HOMEUSER}/.ssh/id_dsa | cut -d\ -f1`" Display --indent 4 --text "DSA keys found ($KEY_SIZE bits)" --result OK --color GREEN check_private_key "${HOMEUSER}/.ssh/id_dsa" 4 'ssh' "${iuser}" "$PRIMARYGROUP" fi if [ `stat $STAT_USER ${HOMEUSER}/.ssh/` != $iuser ];then Display --indent 4 --text "Error ${HOMEUSER}/.ssh/ is not $iuser owned" --result ERROR --color RED fi fi #end if [ -e "${HOMEUSER}/.ssh/" ] if [ -e "${HOMEUSER}/.gnupg/" ];then if [ `stat $STAT_RIGHT ${HOMEUSER}/.gnupg/` != '700' ];then Display --indent 4 --text "$BASEHOME/$iuser/.gnupg is not 700" --result WARNING --color RED --advice SYSTEM_USER_DOTDIR else Display --indent 4 --text "$BASEHOME/$iuser/.gnupg" --result OK --color GREEN fi fi #TODO check recusivly the content of the directory #end of gnupg if [ -e "${HOMEUSER}/.my.cnf" ] then if [ `stat $STAT_RIGHT ${HOMEUSER}/.my.cnf` != '600' ] then Display --indent 4 --text "$BASEHOME/$iuser/.my.cnf is not 600" --result WARNING --color RED --advice SYSTEM_USER_DOTFILES else Display --indent 4 --text "$BASEHOME/$iuser/.my.cnf" --result OK --color GREEN fi fi #end of my.cnf #check rights of some files LIST_USER_FILE=".bashrc .cshrc .exrc .forward .kshrc .login .profile .xinitrc .nessusrc .muttrc .cvspass .rhosts .openvasrc .bash_history .history .k5login .mysql_history .pgpass" #TODO finish that for DOT_FILE in $LIST_USER_FILE do if [ -e "${HOMEUSER}/${DOT_FILE}" ] then DOTFILERIGHT="`stat $STAT_RIGHT ${HOMEUSER}/$DOT_FILE`" if [ "${DOTFILERIGHT}" != '600' -a "${DOTFILERIGHT}" != '400' ] then Display --indent 4 --text "${HOMEUSER}/$DOT_FILE is not 600" --result WARNING --color RED --advice SYSTEM_USER_DOTFILES else Display --indent 4 --text "${HOMEUSER}/$DOT_FILE" --result OK --color GREEN fi fi done #check only "normal" users for the moment if [ ! -z "`echo ${HOMEUSER} |grep $BASEHOME`" ] then TMP_RESULT="${TEMPYASATDIR}/${iuser}.homeresult" check_directory_others ${HOMEUSER} $TMP_RESULT 4 SYSTEM_USER_HOMEDIR_READABLE_BY_OTHERS fi #check for information leaking in .bash_history #TODO ipmitool -U root user set password 8 xxx ? and other command with clear text password #TODO list of bad command like ./r00t if [ -e "${HOMEUSER}/.bash_history" ] then cat "${HOMEUSER}/.bash_history" |grep mysql | grep -iE '\-p[^ ]' > "$TMP_LEAK_PASSWORD_FILE" cat "${HOMEUSER}/.bash_history" |grep ldap | grep -E '\-w|\-a|\-s' >> "$TMP_LEAK_PASSWORD_FILE" cat ${HOMEUSER}/.bash_history |grep wget | grep -i ':.*@' >> $TMP_LEAK_PASSWORD_FILE cat ${HOMEUSER}/.bash_history | grep -v '^cd ' |grep -v '^exit[[:space:]]*$' | grep -v '^source[[:space:]]' | grep -v '^export[[:space:]]'| while read line_of_command do COMMAND_TO_CHECK="`echo $line_of_command | sed 's/[[:space:]].*//g'`" which $COMMAND_TO_CHECK > /dev/null 2> /dev/null if [ $? -eq 1 ] then echo "$line_of_command" >> $TMP_LEAK_PASSWORD_FILE fi done # file with password to test for their right # cat $bash_h |grep ldap | grep -E '\-y|\-t|\-T' NBLINE="`cat $TMP_LEAK_PASSWORD_FILE | wc -l`" if [ $NBLINE -eq 0 ] then Display --indent 4 --text ".bash_history" --result GOOD --color GREEN else Display --indent 4 --text ".bash_history" --result BAD --color RED --advice SYSTEM_USER_PASSWORD_LEAKING cat $TMP_LEAK_PASSWORD_FILE | sort | uniq | while read line_of_command_with_pass do echo " $line_of_command_with_pass" done fi fi #end of bash_history #Check for PASSWORD() or other line with a password in mysql_history if [ -e "${HOMEUSER}/.mysql_history" ] ; then echo -n "" > $TMP_LEAK_PASSWORD_FILE cat "${HOMEUSER}/.mysql_history" |grep -iE 'identified|PASSWORD' | while read line_of_command do echo "$line_of_command" >> $TMP_LEAK_PASSWORD_FILE done NBLINE="`cat $TMP_LEAK_PASSWORD_FILE | wc -l`" if [ $NBLINE -eq 0 ] then Display --indent 4 --text ".mysql_history" --result GOOD --color GREEN else Display --indent 4 --text ".mysql_history" --result BAD --color RED --advice SYSTEM_USER_MYSQL_HISTORY_PASSWORD_LEAKING cat $TMP_LEAK_PASSWORD_FILE | sort | uniq | while read line_of_command_with_pass do echo " $line_of_command_with_pass" done fi fi if [ -e "${HOMEUSER}/.mozilla/firefox/profiles.ini" ] ; then if [ -e "${PLUGINS_REP}/system_user.firefox" ] ; then #get profiles for profile in `grep '^Path=' "${HOMEUSER}/.mozilla/firefox/profiles.ini" | sed 's/^Path=//'` do Display --indent 4 --text "Firefox profile $profile" --result FOUND --color BLUE PATH_TO_PREFJS="${HOMEUSER}/.mozilla/firefox/$profile/prefs.js" if [ -e $PATH_TO_PREFJS ] ; then grep -v ^# "${PLUGINS_REP}/system_user.firefox" | while read firefox_test do FIREFOX_STRING="`echo $firefox_test | cut -d, -f1`" FIREFOX_ADVICE="`echo $firefox_test | cut -d, -f2`" if [ ! -z "`grep $FIREFOX_STRING $PATH_TO_PREFJS`" ] ; then Display --indent 6 --text "$FIREFOX_STRING" --result FOUND --color BLUE --advice "$FIREFOX_ADVICE" else Display --indent 6 --text "$FIREFOX_STRING" --result NOTFOUND --color GREEN fi done fi done else Display --indent 4 --text "${PLUGINS_REP}/system_user.firefox" --result NOTFOUND --color REd fi fi #end of firefox fi #end of if homeuser for TMP_USELESS in $POSSIBLE_USELESS_USER do if [ "$TMP_USELESS" = "$iuser" ] then Display --indent 4 --text "is user $iuser useful?" --result WARNING --color ORANGE --advice SYSTEM_USER_USELESS fi done done #check UID 0 account USER_ONLY_ONE_UID0=0 cut -d\: -f1,3 ${MY_PASSWD} | grep ':0$' | while read line do if [ "$line" != "root:0" ] then USER_ONLY_ONE_UID0=1 USER_UID0="`echo $line | cut -d\: -f1`" Display --indent 2 --text "Found user $USER_UID0 with UID=0" --result FOUND --color RED --advice SYSTEM_USER_USER_wITH_UID0 fi done if [ $USER_ONLY_ONE_UID0 -eq 0 ] then Display --indent 2 --text "Only root is UID=0" --result GOOD --color GREEN fi #check that shadow is used cut -d\: -f1,2 ${MY_PASSWD} |grep ':$'| while read line do USER_STRANGE="`echo $line | cut -d\: -f1`" Display --indent 2 --text "Found anormal $USER_STRANGE" --result FOUND --color RED --advice TODO done return 0; #TODO check_user_cron #TODO check for a .macromedia and give advice of trash "flash cookies" yasat/plugins/samba.test0000640000175000017500000000537712457227301016111 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ #TODO directory security mask create mask #TODO invalid users POSSIBLE_SAMBA_CONF="/etc/samba/smb.conf /usr/local/etc/samba/smb.conf" SAMBA_CONF="/etc/samba/smb.conf" for LOCATION in ${POSSIBLE_SAMBA_CONF} do if [ -e "${SCAN_ROOT}/${LOCATION}" ] ;then SAMBA_CONF="${SCAN_ROOT}/${LOCATION}" fi done SAMBA_CONF="`dirname $SAMBA_CONF`/smb.conf" Title "Check SAMBA" if [ ! -e "$SAMBA_CONF" ] ;then return 1; fi Display --indent 2 --text "$SAMBA_CONF" --result FOUND --color GREEN get_simple_right "$SAMBA_CONF" if [ "$RESULTAT" = '644' ] then Display --indent 4 --text "Right of $SAMBA_CONF" --result OK --color GREEN else Display --indent 4 --text "Right of $SAMBA_CONF" --result "$RESULTAT" --color RED fi TESTNAME='YASAT_TEST_SAMBA_SERVICE_ENABLED NSAG=3.18.1 CCEID=4551-8 Check if the samba service is enabled' Check_auto_start samba samba any if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] ;then Display --indent 2 --text "samba is started at boot" --result UNKNOWN --color BLUE Compliance --result 'NOTTESTED' --plugin samba --nsag 3.18.1 --cce 4551-8 else if [ "$RESULTAT" = "yes" ] ;then Display --indent 2 --text "samba is started at boot" --result YES --color BLUE else Display --indent 2 --text "samba is started at boot" --result NO --color GREEN fi fi Is_installed_via_package_manager samba if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] then Display --indent 2 --text "samba installation" --result UNKNOWN --color BLUE else if [ "$RESULTAT" = "yes" ] then Display --indent 2 --text "samba is installed by package" --result GOOD --color GREEN else Display --indent 2 --text "samba is installed at hand" --result BAD --color ORANGE --advice GLOBAL_PACKAGE_INSTALLED_AT_HAND fi fi return 0; yasat/plugins/tomcat.advice0000640000175000017500000000017012457227301016553 0ustar montjoiemontjoieEN,TOMCAT_DEFAULT_WEBAPP=If you don't use this default webapp, remove it EN,TOMCAT_DEFAULT_PASSWORD=Change the password yasat/plugins/accounting.test0000640000175000017500000003132412457227301017147 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check accounting and audit configuration" #http://www.freebsd.org/doc/en/books/handbook/security-accounting.html if [ "$OS_TYPE" = "BSD" ] then if [ -e "/var/account/acct" ] then Display --indent 2 --text "/var/account/acct" --result FOUND --color GREEN else Display --indent 2 --text "/var/account/acct" --result NOTFOUND --color ORANGE fi FindValueOfEqual '/etc/rc.conf' 'accounting_enable' JUSTTEST if [ -z "$RESULTAT" ] then Display --indent 2 --text "accounting_enable" --result NOTFOUND --color ORANGE else if [ "$RESULTAT" = "YES" ] then Display --indent 2 --text "accounting_enable" --result FOUND --color GREEN else Display --indent 2 --text "accounting_enable" --result NOTFOUND --color ORANGE --advice ACCOUNTING_BSD_NOT_ENABLED fi fi fi TESTNAME='YASAT_TEST_ACCT_WTMP_EXISTENCE Check if /var/log/wtmp exists' if [ -e /var/log/wtmp ];then Display --indent 2 --text "/var/log/wtmp" --result FOUND --color GREEN Compliance --result 'OK' --plugin 'accounting' --color 'green' --yasatresult 'FOUND' else Display --indent 2 --text "/var/log/wtmp" --result NOTFOUND --color RED --advice ACCOUNTING_MISSING_FILE Compliance --result 'NOK' --plugin 'accounting' --color 'red' --yasatresult 'NOTFOUND' fi if [ ! "$OS" = "FreeBSD" ];then TESTNAME='YASAT_TEST_ACCT_BTMP_EXISTENCE Check if /var/log/btmp exists' if [ -e /var/log/btmp ]; then Display --indent 2 --text "/var/log/btmp" --result FOUND --color GREEN Compliance --result 'OK' --plugin 'accounting' --color 'green' --yasatresult 'FOUND' else Display --indent 2 --text "/var/log/btmp" --result NOTFOUND --color RED --advice ACCOUNTING_BTMP Compliance --result 'NOK' --plugin 'accounting' --color 'red' --yasatresult 'NOTFOUND' fi TESTNAME='YASAT_TEST_ACCT_FAILLOG_EXISTENCE Check if /var/log/faillog exists' if [ -e /var/log/faillog ]; then Display --indent 2 --text "/var/log/faillog" --result FOUND --color GREEN Compliance --result 'OK' --plugin 'accounting' --color 'green' --yasatresult 'FOUND' else Display --indent 2 --text "/var/log/faillog" --result NOTFOUND --color RED --advice ACCOUNTING_FAILLOG Compliance --result 'NOK' --plugin 'accounting' --color 'red' --yasatresult 'NOTFOUND' fi fi TESTNAME='YASAT_TEST_ACCT_LASTLOG_EXISTENCE Check if /var/log/lastlog exists' if [ -e /var/log/lastlog ];then Display --indent 2 --text "/var/log/lastlog" --result FOUND --color GREEN Compliance --result 'OK' --plugin 'accounting' --color 'green' --yasatresult 'FOUND' else Display --indent 2 --text "/var/log/lastlog" --result NOTFOUND --color RED --advice ACCOUNTING_MISSING_FILE Compliance --result 'NOK' --plugin 'accounting' --color 'red' --yasatresult 'NOTFOUND' fi #TODO /var/run/utmp #http://www.gnu.org/software/acct/manual/html_mono/accounting.html TESTNAME='YASAT_TEST_ACCT_ACCT_ENABLED Check if accounting is enabled' if [ -e /var/account/pacct ];then Display --indent 2 --text "accounting is enabled" --result OK --color GREEN Compliance --result 'OK' --plugin 'accounting' --color 'green' --yasatresult 'ENABLED' else Display --indent 2 --text "accounting is not enabled" --result WARNING --color ORANGE --advice ACCOUNTING_NOT_ENABLED Compliance --result 'OK' --plugin 'accounting' --color 'orange' --yasatresult 'DISABLED' fi #TODO check SULOG_FILE in /etc/login.defs (linux only) # SYSLOG_SG_ENAB #TODO FIND A BETTER PLACE FOR THIS TEST #TODO must check for MD5_CRYPT_ENAB in /etc/login.defs DEFAULT_CRYPT_METHOD='DES' if [ -e "$SCAN_ROOT/etc/pam.d" ] ; then if [ ! -z "`grep -r ^password.*sha512 $SCAN_ROOT/etc/pam.d`" ] ; then DEFAULT_CRYPT_METHOD='sha512' Display --indent 2 --text "Found sha512 in pam.d" --result OK --color BLUE fi if [ ! -z "`grep -r ^password.*md5 $SCAN_ROOT/etc/pam.d`" ] ; then DEFAULT_CRYPT_METHOD='MD5' Display --indent 2 --text "Found MD5 in pam.d" --result OK --color BLUE fi TESTNAME='YASAT_TEST_PAM_CRACKLIB NSAG=2.3.3.1.1 Set Password Quality Requirements, if using pam cracklib' pamtmp="${TEMPYASATDIR}/pam" grep -r 'pam_cracklib.so' $SCAN_ROOT/etc/pam.d |grep -v '^#' > $pamtmp if [ -z "`cat $pamtmp`" ] ; then Display --indent 2 --text "cracklib" --result NOTFOUND --color BLUE else Display --indent 2 --text "cracklib" --result FOUND --color BLUE fi rm "$pamtmp" Compliance --result 'NOTIMPL' --plugin 'accounting' --nsag 2.3.3.1.1 --cce 14113-5 --cce 14672-0 --cce 14712-4 --cce 14122-6 --cce 14701-7 --cce 15054-0 TESTNAME='YASAT_TEST_PAM_PASSWSQC Set Password Quality Requirements, if using pam passwdqc' Compliance --result 'NOTIMPL' --plugin 'accounting' --nsag 2.3.3.1.2 TESTNAME='YASAT_TEST_PAM_LOCKOUTS Set Lockouts for Failed Password Attempts' Compliance --result 'NOTIMPL' --plugin 'accounting' --nsag 2.3.3.2 TESTNAME='YASAT_TEST_PAM_LIMIT_PASSWORD_REUSE Limit Password Reuse' Compliance --result 'NOTIMPL' --plugin 'accounting' --nsag 2.3.3.6 TESTNAME='YASAT_TEST_PAM_REMOVE_CCREDS Remove the pam ccreds Package if Possible' Compliance --result 'NOTIMPL' --plugin 'accounting' --nsag 2.3.3.7 TESTNAME='YASAT_TEST_PAM_REMOVE_RHOSTS Remove .rhosts Support from PAM Configuration Files' Compliance --result 'NOTIMPL' --plugin 'accounting' --nsag 3.2.3.2 fi #check also salt type in shadow http://en.wikipedia.org/wiki/Shadow_password (on my system 2 different salt coexists $1 and $6 #YASAT_TEST_SHADOW_PASSWORD Check the real hash method used in /etc/shadow SHADOW_FILE="`echo $SCAN_ROOT/etc/shadow |sed 's,//*,/,g'`" if [ "${OS_TYPE}" = "BSD" ] ;then SHADOW_FILE="/etc/master.passwd" fi if [ ! -e "$SHADOW_FILE" ];then Display --indent 2 --text "$SHADOW_FILE not found, trying /etc/passwd" --result NOSHADOW --color BLUE SHADOW_FILE="`echo $SCAN_ROOT/etc/passwd |sed 's,//*,/,g'`" fi if [ -e "$SHADOW_FILE" ];then Display --indent 2 --text "$SHADOW_FILE" --result FOUND --color BLUE TMPFILE_ACCT="${TEMPYASATDIR}/shadow.tmp" grep -v '^#' "$SHADOW_FILE" |cut -d\: -f1,2 > $TMPFILE_ACCT while read line do HASH_METHOD="`echo $line |cut -d\: -f2 | cut -c1,2`" USER="`echo $line |cut -d\: -f1`" KNOW_HASH_METHOD=0 TESTNAME="YASAT_TEST_ACCT_GENERIC_HASH_METHOD Check pasword hash method for $USER" if [ "$HASH_METHOD" = '$1' ];then Display --indent 2 --text "password hash method for $USER" --result MD5 --color RED --advice DO_NOT_USE_MD5 Compliance --result 'NOK' --plugin 'accouting' --color 'red' --yasatresult 'MD5' KNOW_HASH_METHOD=1 fi if [ "$HASH_METHOD" = '$2' ];then Display --indent 2 --text "password hash method for $USER" --result BLOWFISH --color GREEN --comp 'OK' 'accouting' KNOW_HASH_METHOD=1 fi if [ "$HASH_METHOD" = '$5' ];then Display --indent 2 --text "password hash method for $USER" --result SHA256 --color GREEN --comp 'OK' 'accouting' KNOW_HASH_METHOD=1 fi if [ "$HASH_METHOD" = '$6' ];then Display --indent 2 --text "password hash method for $USER" --result SHA512 --color GREEN --comp 'OK' 'accouting' KNOW_HASH_METHOD=1 fi if [ "$HASH_METHOD" = 'x' ];then KNOW_HASH_METHOD=1 fi if [ "$HASH_METHOD" = '*' ];then KNOW_HASH_METHOD=1 fi if [ "$HASH_METHOD" = '!' ];then KNOW_HASH_METHOD=1 fi if [ "$HASH_METHOD" = '!!' ];then KNOW_HASH_METHOD=1 fi if [ $KNOW_HASH_METHOD -eq 0 ];then Display --indent 2 --text "Unknown password hash method for $USER" --result "$HASH_METHOD" --color RED --comp 'NOK' 'accouting' fi #TODO Blowfish $2a done < $TMPFILE_ACCT rm $TMPFILE_ACCT fi #TODO need more work if [ -e /etc/login.defs ] ; then TESTNAME='YASAT_TEST_ACCT_DEFAULT_PASSWORD_ENCRYPTION Check the default password encryption method in /etc/login.defs' FindValueOf /etc/login.defs ENCRYPT_METHOD JUSTTEST if [ "$RESULTAT" = 'SHA512' ] ; then RESULTAT='sha512' fi if [ ! -z "$RESULTAT" ] ; then Display --indent 2 --text "default password encryption" --result $RESULTAT --color BLUE #TODO warn if DEFAULT_CRYPT_METHOD is also modify in pam for a different value else if [ $DEFAULT_CRYPT_METHOD = 'DES' ] ; then Display --indent 2 --text "password encryption" --result $DEFAULT_CRYPT_METHOD --color RED --advice DO_NOT_USE_DES Compliance --result 'NOK' --plugin 'accounting' --color 'red' --yasatresult "$DEFAULT_CRYPT_METHOD" else Display --indent 2 --text "password encryption" --result $DEFAULT_CRYPT_METHOD --color GREEN Compliance --result 'OK' --plugin 'accounting' --color 'green' --yasatresult "$DEFAULT_CRYPT_METHOD" fi fi TESTNAME='YASAT_TEST_PASSWORD_SHA512 NSAG=2.3.3.5 CCEID=14063-2 Check if password hashing is sha512' FindValueOf /etc/login.defs MD5_CRYPT_ENAB JUSTTEST if [ ! -z $RESULTAT ] ; then if [ "$RESULTAT" = 'no' ] ; then Display --indent 2 --text "MD5_CRYPT_ENAB" --result 'NO' --color GREEN if [ $DEFAULT_CRYPT_METHOD = 'sha512' ] ;then Compliance --result 'OK' --plugin accounting --nsag 2.3.3.5 --cce 14063-2 --color 'green' --yasatresult 'YES' else Compliance --result 'NOK' --plugin accounting --nsag 2.3.3.5 --cce 14063-2 --color 'green' --yasatresult 'NO' fi else Display --indent 2 --text "MD5_CRYPT_ENAB" --result 'YES' --color RED --advice DO_NOT_USE_MD5 Compliance --result 'NOK' --plugin accounting --nsag 2.3.3.5 --cce 14063-2 --color 'red' --yasatresult 'NO' fi fi fi if [ "$OS_TYPE" != 'Linux' ] ; then return ; fi #TODO freebsd also have some audit http://www.freebsd.org/doc/fr/books/handbook/audit-config.html #check for auditd daemon, /sbin/auditd for gentoo and auditd for redhat/centos AUDITD_PRESENT=0 PACKAGE_NAME="audit" SERVICE_NAME="auditd" PROCESS_NAME="auditd" if [ "$LIST_PKG" = "emerge" ] ; then PACKAGE_NAME="sys-process/audit" # SERVICE_NAME="auditd" PROCESS_NAME="/sbin/auditd" fi #TODO do a find_runing_process function TESTNAME='YASAT_TEST_AUDITD_1 NSAG=2.6.2 Test for a running auditd daemon' if [ "`ps aux |grep [[:space:]]$PROCESS_NAME[[:space:]]*$`" ] ; then AUDITD_PRESENT=1 Display --indent 2 --text "$PROCESS_NAME" --result RUNNING --color BLUE --comp 'OK' 'accounting' fi TESTNAME='YASAT_TEST_AUDITD_2 Check if auditd is installed by a package' Is_installed_via_package_manager $PACKAGE_NAME if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] ;then Display --indent 2 --text "$PACKAGE_NAME installation" --result UNKNOWN --color BLUE else if [ "$RESULTAT" = "yes" ] ;then Display --indent 2 --text "$PACKAGE_NAME is installed by package" --result GOOD --color GREEN --comp 'OK' 'accounting' AUDITD_PRESENT=1 else if [ $AUDITD_PRESENT -eq 1 ] ; then Display --indent 2 --text "$PACKAGE_NAME is manually installed" --result BAD --color ORANGE --advice GLOBAL_PACKAGE_INSTALLED_AT_HAND --comp 'NOK' 'accounting' else Display --indent 2 --text "$PACKAGE_NAME is not installed" --result BAD --color RED --comp 'NOK' 'accounting' fi fi fi TESTNAME='YASAT_TEST_AUDITD_3 CCEID=4292-9 NSAG=2.6.2.1 Test for a enabled auditd service' if [ $AUDITD_PRESENT -eq 1 ] ; then Check_auto_start --nocompliance $SERVICE_NAME accounting any if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] ;then Display --indent 2 --text "$SERVICE_NAME is started at boot" --result UNKNOWN --color BLUE Compliance --result NOK --plugin accounting --nsag 2.6.2.1 --cce 4292-9 --color 'blue' --yasatresult 'UNKNOWN' else if [ "$RESULTAT" = "yes" ] ;then Display --indent 2 --text "$SERVICE_NAME is started at boot" --result YES --color GREEN Compliance --result OK --plugin accounting --nsag 2.6.2.1 --cce 4292-9 --color 'green' --yasatresult 'YES' else Display --indent 2 --text "$SERVICE_NAME is started at boot" --result NO --color RED --color 'red' --yasatresult 'NO' Compliance --result NOK --plugin accounting --nsag 2.6.2.1 --cce 4292-9 fi fi else Display --indent 2 --text "auditd presence" --result NO --color RED --advice INSTALL_AUDITD Compliance --result NOK --plugin accounting --nsag 2.6.2.1 --cce 4292-9 --color 'red' --yasatresult 'NO' fi yasat/plugins/system_user.advice0000640000175000017500000000503212457227301017650 0ustar montjoiemontjoieEN,SYSTEM_USER_UMASK=umask must be 027, 022 by default is not strict enough. EN,SYSTEM_USER_DOTFILES=This file must be chmod 600 EN,SYSTEM_USER_DOTDIR=This directory must be chmod 700 EN,SYSTEM_USER_HOMEDIR_ROOT_SLASH=Why is the homedir / ? EN,SYSTEM_USER_HOMEDIR_READABLE_BY_OTHERS=The homedir is readable by others EN,SYSTEM_USER_USELESS=Does this user used by your system ? EN,SYSTEM_USER_RSA_VS_DSA=RSA keys are preferred. See http://leaf.dragonflybsd.org/mailarchive/users/2005-01/msg00140.html See http://lists.gnupg.org/pipermail/gnupg-users/2000-May/005657.html See http://kerneltrap.org/mailarchive/dragonflybsd-user/2005/1/11/135791 ADVICEEND EN,--SYSTEM_USER_PASSWORD_LEAKING=Caution, some password might be visible Cleartext password can be found in your .bash_history I have checked mysql, wget and other commands to find passwords typed in the shell I will also check commands not in path ADVICEEND EN,SYSTEM_USER_MYSQL_HISTORY_PASSWORD_LEAKING=Caution, some password might be visible Check the rights of .mysql_history You can also disable mysql_history:
export MYSQL_HISTFILE=/dev/null
See MYSQL_HISTFILE in http://dev.mysql.com/doc/refman/5.1/en/environment-variables.html See http://bugs.mysql.com/bug.php?id=16803 ADVICEEND EN,SYSTEM_USER_USER_wITH_UID0=Check if this account is necessary Logically, there must be only one account with UID=0. FreeBSD comes with a toor account that can be disabled. See also http://www.freebsd.org/doc/en/books/faq/security.html#TOOR-ACCOUNT ADVICEEND EN,SYSTEM_USER_NO_HOMEDIR=This user has no homedir, why? Perhaps this user is not needed. ADVICEEND EN,SYSTEM_USER_NOPASS_AND_SHELL=This account probably doesn't need a shell If this user is not an interactive user, suppress the user's shell.
usermod -s /bin/false account_name
ADVICEEND EN,SYSTEM_USER_FIREFOX_MIXED_HTTPS=Enable warning of loading mixed HTTP/HTTPS content You can find it at Tools/Options/Security/Settings ADVICEEND EN,SYSTEM_USER_FIREFOX_NO_AUTO_UPDATE=Enable automatic check of firefox updates ADVICEEND yasat/plugins/apache_conf.data0000640000175000017500000000152612457227301017176 0ustar montjoiemontjoie# DIRECTIVE PARAMETER COMPARE OPTIONAL ADVICE NSAG CCE ServerSignature|off|s||APACHE_CONF_SERVERSIGNATURE|3.16.3.1|3756-4 ServerTokens|Prod|S||APACHE_CONF_SERVERTOKENS|3.16.3.1|4474-3 Timeout|21|NM||APACHE_CONF_TIMEOUT HostnameLookups|Off|S||APACHE_CONF_HOSTNAMELOOKUPS KeepAlive|on|s||APACHE_CONF_KEEPALIVES KeepAliveTimeout|20|NM||APACHE_CONF_KEEPALIVE_TIMEOUT MaxKeepAliveRequests|101|NM TraceEnable|off|s||APACHE_CONF_TRACEENABLE User|root|snot Group|root|snot LimitRequestBody|102400|NM||APACHE_CONF_LIMITREQUESTBODY LimitRequestFields|101|NM||APACHE_CONF_LIMITREQUESTFIELDS LimitRequestFieldsize|8191|NM||APACHE_CONF_LIMITREQUESTFIELDSIZE LimitRequestLine|8191|NM||APACHE_CONF_LIMITREQUESTLINE LimitXMLRequestBody|1000000|NM|Y #TODO place it directly in the test FileETag|''|s|Y|APACHE_CONF_FILEETAG ProxyRequests|off|s|Y|APACHE_CONF_PROXYREQUESTS yasat/plugins/sensors.test0000750000175000017500000000605012457227301016511 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check sensors and temperature monitoring" #TODO detect if we are inside a VM (so no need of IPMI/sensors) #TODO on many servers there are no sensors and the use of IPMI is necessary if [ "$OS_TYPE" = 'Linux' ] ; then Check_tool_presence sensors if [ $? -eq 1 ] ;then Display --indent 2 --text "No sensors binary" --result WARNING --color RED --advice TEMP_SENSORS else Display --indent 2 --text "sensors binary" --result FOUND --color GREEN fi else Display --indent 2 --text "HW temperature monitoring" --result NOTFOUND --color BLUE --advice TEMP_SENSOR_PROGRAM_UNK fi #check /dev/ipmi0 FOUND_IPMI=0 if [ -e /dev/ipmi0 ] ;then Display --indent 2 --text "IPMI BMC" --result FOUND --color BLUE FOUND_IPMI=1 fi if [ $FOUND_IPMI -ge 1 -o "$SCAN_PROFILE" = 'server' ];then Check_tool_presence ipmitool if [ $? -eq 1 ] ;then Display --indent 2 --text "No ipmitool binary" --result WARNING --color RED --advice IPMI_NO_BINARY else IPMI_TMP="${TEMPYASATDIR}/ipmi.out" #when doing ipmitool lan print seek for snmp community string ipmitool lan print > $IPMI_TMP #TODO test ret value of ipmitool IPMI_SNMP_COMM="`grep -i snmp $IPMI_TMP | cut -d\: -f2- | sed 's/[[:space:]]*//g'`" if [ -z "$IPMI_SNMP_COMM" ];then Display --indent 2 --text "IPMI SNMP Comunity" --result NOTFOUND --color BLUE else if [ "$IPMI_SNMP_COMM" = "public" ];then Display --indent 2 --text "IPMI SNMP Community" --result WARNING --color RED --advice IPMI_BAD_SNMP_COMM else Display --indent 2 --text "IPMI SNMP Community" --result GOOD --color GREEN fi fi fi fi #Usefull http://wiki.nagios-fr.org/supervision/ipmi #MCELOG this test is present here and in kernel, need to find the best place if [ -e /dev/mcelog ] ;then Display --indent 2 --text "/dev/mcelog" --result FOUND --color BLUE Check_tool_presence mcelog if [ $? -eq 1 ];then Display --indent 4 --text "mcelog tool" --result NOTFOUND --color RED --advice MCELOG_TOOL else Display --indent 4 --text "mcelog tool" --result FOUND --color GREEN fi fi return 0; yasat/plugins/xinetd.data0000640000175000017500000000305412457227301016241 0ustar montjoiemontjoie# name of service | nothing = warning , O = just advice , R = just report| ID of ADVICE chargen-stream||XINETD_SERVICES_USELESS chargen-dgram||XINETD_SERVICES_USELESS chargen||XINETD_SERVICES_USELESS daytime-stream||XINETD_SERVICES_USELESS daytime-dgram||XINETD_SERVICES_USELESS daytime||XINETD_SERVICES_USELESS discard-stream||XINETD_SERVICES_USELESS discard-dgram||XINETD_SERVICES_USELESS discard||XINETD_SERVICES_USELESS echo-stream||XINETD_SERVICES_USELESS echo-dgram||XINETD_SERVICES_USELESS echo||XINETD_SERVICES_USELESS tcpmux-server||XINETD_SERVICES_USELESS time-stream||XINETD_SERVICES_USELESS time-dgram||XINETD_SERVICES_USELESS time||XINETD_SERVICES_USELESS telnetd||XINETD_SERVICES_USELESS finger||XINETD_SERVICES_USELESS fingerd||XINETD_SERVICES_USELESS systat||XINETD_SERVICES_USELESS sysstat||XINETD_SERVICES_USELESS netstat||XINETD_SERVICES_USELESS rusers||XINETD_SERVICES_USELESS gssftp||XINETD_SERVICES_USELESS klogin||XINETD_SERVICES_USELESS ekrb5-telnet||XINETD_SERVICES_USELESS eklogin||XINETD_SERVICES_USELESS krb5-telnet||XINETD_SERVICES_USELESS kshell||XINETD_SERVICES_USELESS rsync|O|XINETD_SERVICES_OPTIONAL cvspserver|O|XINETD_SERVICES_OPTIONAL rexec||XINETD_SERVICES_USELESS rexecd||XINETD_SERVICES_USELESS rlogin||XINETD_SERVICES_USELESS rsh||XINETD_SERVICES_USELESS svnserve|O|XINETD_SERVICES_OPTIONAL ftp-sensor|O|XINETD_SERVICES_OPTIONAL ident|O|XINETD_SERVICES_OPTIONAL comsat|O|XINETD_SERVICES_OPTIONAL bootp||XINETD_SERVICES_USELESS ftpd||XINETD_SERVICES_USELESS tftpd||XINETD_SERVICES_USELESS talk||XINETD_SERVICES_USELESS amanda|R| yasat/plugins/selinux.test0000750000175000017500000000727112457227301016512 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check SELinux status" if [ ! -e "$SCAN_ROOT/etc/selinux" -o ! -e "$SCAN_ROOT/etc/selinux/config" ] ; then TESTNAME='Check SELinux' Compliance --result 'NOTTESTED' --plugin selinux --nsag 2.4.2 --nsag 2.4.2.1 --nsag 2.4.3.1 --nsag 2.4.3.2 --nsag 2.4.4 --nsag 2.4.5 --cce 3977-6 --cce 3999-0 --cce 4254-9 --cce 4148-3 --cce 3668-1 --cce 4129-3 --cce 14991-4 return 0; fi TESTNAME='YASAT_TEST_SELINUX_ENABLED NSAG=2.4.2 CCEID=3977-6 Check if SELinux is enabled' FindValueOfEqual $SCAN_ROOT/etc/selinux/config SELINUX JUSTTEST if [ -z "$RESULTAT" ] ;then Compliance --result NOK --plugin selinux --nsag 2.4.2 --cce '3977-6' --cce '3999-0' Display --indent 2 --text "SELinux" --result DISABLED --color RED else if [ "$RESULTAT" = 'disabled' ] ; then Compliance --result NOK --plugin selinux --nsag 2.4.2 --cce '3977-6' --cce '3999-0' Display --indent 2 --text "SELinux" --result DISABLED --color RED else Compliance --result OK --plugin selinux --nsag 2.4.2 --cce '3977-6' Display --indent 2 --text "SELinux" --result ENABLED --color GREEN TESTNAME='YASAT_TEST_SELINUX_ENFORCING NSAG=2.4.2 CCEID=3999-0 Check if SELinux is enforced' if [ "$RESULTAT" = 'enforcing' ] ; then Display --indent 2 --text "SELinux" --result ENFORCING --color GREEN Compliance --result OK --plugin selinux --nsag 2.4.2 --cce '3999-0' else Display --indent 2 --text "SELinux" --result PERMISSIVE --color ORANGE Compliance --result NOK --plugin selinux --nsag 2.4.2 --cce '3999-0' fi fi fi TESTNAME='YASAT_TEST_SELINUX_MODE NSAG=2.4.2 Check if SELinux is in targeted mode' FindValueOfEqual $SCAN_ROOT/etc/selinux/config SELINUXTYPE JUSTTEST if [ ! -z "$RESULTAT" ] ;then Display --indent 2 --text "SELinux Mode" --result $RESULTAT --color GREEN fi TESTNAME='YASAT_TEST_SELINUX_CURRENT_ENABLE NSAG=2.4.2.1 Check if SELinux is currently enabled' if [ "$SCAN_ROOT" = '/' ] ; then Display --indent 2 --text "SELinux current mode" --result TODO --color BLUE Compliance --result 'NOTIMPL' --plugin selinux --nsag 2.4.2.1 else Display --indent 2 --text "SELinux current mode" --result SKIP --color BLUE Compliance --result 'NOTTESTED' --plugin selinux --nsag 2.4.2.1 fi TESTNAME='Disable and Remove SETroubleshoot if Possible' Compliance --result 'NOTIMPL' --plugin selinux --nsag 2.4.3.1 --cce 4254-9 --cce 4148-3 TESTNAME='Disable MCS Translation Service (mcstrans) if Possible' Compliance --result 'NOTIMPL' --plugin selinux --nsag 2.4.3.2 --cce 3668-1 --cce 4129-3 TESTNAME='Check for Unconfined Daemons' Compliance --result 'NOTIMPL' --plugin selinux --nsag 2.4.4 TESTNAME='Check for Unlabeled Device Files' Compliance --result 'NOTIMPL' --plugin selinux --nsag 2.4.5 --cce 14991-4 return 0; yasat/plugins/binaries.data0000640000175000017500000003444412457227301016551 0ustar montjoiemontjoie#binary | rights | OS | owner /sbin/unix_chkpwd|4711|Gentoo /sbin/mount.nfs|4511|Gentoo /bin/umount|4711|Gentoo /bin/su|4711|Gentoo /bin/ping|4711|Gentoo /bin/mount|4711|Gentoo /bin/passwd|4711|Gentoo /usr/sbin/ssmtp|2711|Gentoo /usr/sbin/amcheck|4750|Gentoo /usr/sbin/postdrop|2755|Gentoo /usr/sbin/postqueue|2755|Gentoo /usr/sbin/fping6|4711|Gentoo /usr/sbin/fping|4711|Gentoo /usr/sbin/rscsi|4711|Gentoo /usr/bin/lppasswd|4711|Gentoo /usr/bin/rcp|4711|Gentoo /usr/bin/chsh|4711|Gentoo /usr/bin/chfn|4711|Gentoo /usr/bin/crontab|2751|Gentoo /usr/bin/sudoedit|4111|Gentoo /usr/bin/cpufreq-selector|4711|Gentoo /usr/bin/expiry|4711|Gentoo /usr/bin/smbumount|4711|Gentoo /usr/bin/man|2551|Gentoo /usr/bin/newrole|4511|Gentoo /usr/bin/gpasswd|4711|Gentoo /usr/bin/Xorg|4711|Gentoo /usr/bin/dotlockfile|2751|Gentoo /usr/bin/slocate|2711|Gentoo /usr/bin/write|2751|Gentoo /usr/bin/rlogin|4711|Gentoo /usr/bin/newgrp|4711|Gentoo /usr/bin/sudo|4711|Gentoo /usr/bin/dumpcap|6550|Gentoo /usr/bin/fusermount|4711|Gentoo /usr/bin/rsh|4711|Gentoo /usr/bin/chage|4711|Gentoo /usr/bin/smbmnt|4711|Gentoo /usr/bin/mutt_dotlock|2751|Gentoo /bin/ping6|4711|Gentoo /usr/sbin/traceroute6|4711|Gentoo /usr/bin/dspam|2511|Gentoo /usr/bin/dspamc|2511|Gentoo /usr/bin/screen|2751|Gentoo /usr/sbin/mtr|4710|Gentoo /usr/bin/cdda2wav|4711|Gentoo /usr/bin/v4l-conf|4711|Gentoo /usr/bin/cdrecord|4711|Gentoo /usr/bin/readcd|4711|Gentoo /usr/bin/locate|2711|Gentoo /usr/bin/pkexec|4711|Gentoo /usr/bin/cgexec|4711|Gentoo /usr/libexec/lockspool|4511|Gentoo /usr/libexec/polkit-agent-helper-1|4711|Gentoo /usr/libexec/dbus-daemon-launch-helper|4710|Gentoo /usr/libexec/gnome-pty-helper|2751|Gentoo /usr/libexec/squid/pinger|4710|Gentoo /usr/libexec/squid/basic_ncsa_auth|4710|Gentoo /usr/lib/misc/utempter/utempter|2751|Gentoo /usr/lib/misc/glibc/pt_chown|4711|Gentoo /usr/lib/misc/ssh-keysign|4711|Gentoo /usr/lib/polkit-1/polkit-agent-helper-1|4711|Gentoo /usr/lib/kde4/libexec/fileshareset|4711|Gentoo /usr/sbin/amservice|4710|Gentoo /usr/libexec/amanda/killpgrp|4750|Gentoo /usr/libexec/amanda/application/amgtar|4710|Gentoo /usr/libexec/amanda/application/amstar|4710|Gentoo /usr/libexec/amanda/calcsize|4750|Gentoo /usr/libexec/amanda/dumper|4750|Gentoo /usr/libexec/amanda/planner|4750|Gentoo /usr/libexec/amanda/runtar|4750|Gentoo /usr/libexec/amanda/rundump|4750|Gentoo /usr/lib/nagios/plugins/check_dhcp|4710|Gentoo /usr/lib/nagios/plugins/check_ide_smart|4710|Gentoo /usr/lib/nagios/plugins/check_icmp|4710|Gentoo /usr/lib/mailman/mail/mailman|2751|Gentoo /usr/lib/mailman/cgi-bin/admin|2751|Gentoo /usr/lib/mailman/cgi-bin/rmlist|2751|Gentoo /usr/lib/mailman/cgi-bin/create|2751|Gentoo /usr/lib/mailman/cgi-bin/subscribe|2751|Gentoo /usr/lib/mailman/cgi-bin/roster|2751|Gentoo /usr/lib/mailman/cgi-bin/edithtml|2751|Gentoo /usr/lib/mailman/cgi-bin/private|2751|Gentoo /usr/lib/mailman/cgi-bin/listinfo|2751|Gentoo /usr/lib/mailman/cgi-bin/options|2751|Gentoo /usr/lib/mailman/cgi-bin/confirm|2751|Gentoo /usr/lib/mailman/cgi-bin/admindb|2751|Gentoo /usr/libexec/squid/ncsa_auth|4710|Gentoo /usr/libexec/mc/cons.saver|2751|Gentoo /usr/lib/virtualbox/VirtualBox|4710|Gentoo /usr/lib/virtualbox/VBoxHeadless|4710|Gentoo /usr/lib/virtualbox/VBoxSDL|4710|Gentoo /usr/lib/virtualbox/VBoxNetDHCP|4710|Gentoo /usr/lib/virtualbox/VBoxNetAdpCtl|4710|Gentoo #Debian /sbin/unix_chkpwd|4555|Etch| /bin/ping|4755|Etch| /bin/umount|4755|Etch| /bin/mount|4755|Etch /bin/ping6|4755|Etch| /bin/su|4755|Etch /usr/sbin/postqueue|2555|Etch /usr/sbin/postdrop|2555|Etch /usr/bin/gpasswd|4755|Etch /usr/bin/traceroute.lbl|4755|Etch /usr/bin/passwd|4755|Etch| /usr/bin/bsd-write|2755|Etch /usr/bin/gpg|4755|Etch /usr/bin/screen|2755|Etch /usr/bin/expiry|2755|Etch /usr/bin/wall|2755|Etch /usr/bin/chage|2755|Etch /usr/bin/chfn|4755|Etch /usr/bin/sudo|4755|Etch /usr/bin/newgrp|4755|Etch /usr/bin/crontab|2755|Etch /usr/bin/chsh|4755|Etch /usr/bin/sudoedit|4755|Etch /usr/bin/ssh-agent|2755|Etch /usr/bin/X|6755|Etch /sbin/unix_chkpwd|2755|Lenny /sbin/mount.nfs|4755|Lenny /bin/ping|4755|Lenny /bin/umount|4755|Lenny /bin/mount|4755|Lenny /bin/ping6|4755|Lenny /bin/su|4755|Lenny /usr/sbin/postqueue|2555|Lenny /usr/sbin/postdrop|2555|Lenny /usr/sbin/exim4|4755|Lenny /usr/bin/gpasswd|4755|Lenny /usr/bin/procmail|6755|Lenny /usr/bin/traceroute.lbl|4755|Lenny /usr/bin/passwd|4755|Lenny /usr/bin/bsd-write|2755|Lenny /usr/bin/mutt_dotlock|2755|Lenny /usr/bin/dotlockfile|2755|Lenny /usr/bin/lockfile|2755|Lenny /usr/bin/mlocate|2755|Lenny /usr/bin/gpg|4755|Lenny /usr/bin/screen|2755|Lenny /usr/bin/expiry|2755|Lenny /usr/bin/wall|2755|Lenny /usr/bin/chage|2755|Lenny /usr/bin/chfn|4755|Lenny /usr/bin/sudo|4755|Lenny /usr/bin/newgrp|4755|Lenny /usr/bin/crontab|2755|Lenny /usr/bin/chsh|4755|Lenny /usr/bin/sudoedit|4755|Lenny /usr/bin/ssh-agent|2755|Lenny /usr/bin/at|6755|Lenny /usr/bin/pkexec|4711|Lenny #squeeze /sbin/unix_chkpwd|2755|Squeeze /sbin/mount.nfs|4755|Squeeze /sbin/mount.cifs|4755|Squeeze /bin/ping|4755|Squeeze /bin/umount|4755|Squeeze /bin/mount|4755|Squeeze /bin/ping6|4755|Squeeze /bin/su|4755|Squeeze /usr/sbin/postqueue|2555|Squeeze /usr/sbin/postdrop|2555|Squeeze /usr/sbin/exim4|4755|Squeeze /usr/sbin/pwauth|2755|Squeeze /usr/bin/gpasswd|4755|Squeeze /usr/bin/procmail|6755|Squeeze /usr/bin/traceroute.lbl|4755|Squeeze /usr/bin/passwd|4755|Squeeze /usr/bin/bsd-write|2755|Squeeze /usr/bin/mutt_dotlock|2755|Squeeze /usr/bin/dotlockfile|2755|Squeeze /usr/bin/lockfile|2755|Squeeze /usr/bin/mlocate|2755|Squeeze /usr/bin/gpg|4755|Squeeze /usr/bin/screen|2755|Squeeze /usr/bin/expiry|2755|Squeeze /usr/bin/wall|2755|Squeeze /usr/bin/chage|2755|Squeeze /usr/bin/chfn|4755|Squeeze /usr/bin/sudo|4755|Squeeze /usr/bin/newgrp|4755|Squeeze /usr/bin/crontab|2755|Squeeze /usr/bin/chsh|4755|Squeeze /usr/bin/sudoedit|4755|Squeeze /usr/bin/ssh-agent|2755|Squeeze /usr/bin/at|6755|Squeeze /usr/bin/mtr|4755|Squeeze /usr/bin/pkexec|4711|Squeeze /usr/bin/tcptraceroute.mt|4755|Squeeze /usr/bin/mlock|2755|Squeeze /usr/bin/beep|4755|Squeeze /usr/lib/openssh/ssh-keysign|4755|Squeeze /usr/lib/mc/cons.saver|2755|Squeeze /usr/lib/pt_chown|4755|Squeeze /usr/lib/eject/dmcrypt-get-device|4755|Squeeze /usr/lib/apache2/suexec|4754|Squeeze /usr/lib/vdr/vdr-shutdown.wrapper|6750|Squeeze /usr/lib/dbus-1.0/dbus-daemon-launch-helper|4754|Squeeze /usr/lib/virtualbox/VBoxNetAdpCtl|4511|Squeeze /usr/lib/virtualbox/VBoxNetDHCP|4511|Squeeze /usr/lib/virtualbox/VBoxHeadless|4511|Squeeze /usr/lib/virtualbox/VirtualBox|4511|Squeeze /usr/lib/virtualbox/VBoxSDL|4511|Squeeze #Wheezy /sbin/unix_chkpwd|2755|Wheezy /sbin/mount.nfs|4755|Wheezy /sbin/mount.cifs|4755|Wheezy /bin/ping|4755|Wheezy /bin/umount|4755|Wheezy /bin/mount|4755|Wheezy /bin/ping6|4755|Wheezy /bin/rdisc6|4755|Wheezy /bin/su|4755|Wheezy /usr/sbin/postqueue|2555|Wheezy /usr/sbin/postdrop|2555|Wheezy /usr/sbin/exim4|4755|Wheezy /usr/bin/gpasswd|4755|Wheezy /usr/bin/procmail|6755|Wheezy /usr/bin/traceroute.lbl|4755|Wheezy /usr/bin/passwd|4755|Wheezy /usr/bin/bsd-write|2755|Wheezy /usr/bin/mutt_dotlock|2755|Wheezy /usr/bin/dotlockfile|2755|Wheezy /usr/bin/lockfile|2755|Wheezy /usr/bin/mlocate|2755|Wheezy /usr/bin/gpg|4755|Wheezy /usr/bin/screen|2755|Wheezy /usr/bin/expiry|2755|Wheezy /usr/bin/wall|2755|Wheezy /usr/bin/chage|2755|Wheezy /usr/bin/chfn|4755|Wheezy /usr/bin/sudo|4755|Wheezy /usr/bin/newgrp|4755|Wheezy /usr/bin/crontab|2755|Wheezy /usr/bin/chsh|4755|Wheezy /usr/bin/sudoedit|4755|Wheezy /usr/bin/ssh-agent|2755|Wheezy /usr/bin/at|6755|Wheezy|daemon /usr/bin/pkexec|4755|Wheezy /usr/bin/rltraceroute6|4755|Wheezy /usr/bin/ndisc6|4755|Wheezy /usr/bin/lppasswd|4755|Wheezy /usr/lib/openssh/ssh-keysign|4755|Wheezy /usr/lib/mc/cons.saver|2755|Wheezy /usr/lib/pt_chown|4755|Wheezy /usr/lib/eject/dmcrypt-get-device|4755|Wheezy /usr/lib/policykit-1/polkit-agent-helper-1|4755|Wheezy /usr/lib/uml/uml_net|4750|Wheezy /usr/lib/dbus-1.0/dbus-daemon-launch-helper|4754|Wheezy #Jessie /sbin/unix_chkpwd|2755|Jessie /sbin/mount.nfs|4755|Jessie /sbin/mount.cifs|4755|Jessie /bin/ping|4755|Jessie /bin/umount|4755|Jessie /bin/mount|4755|Jessie /bin/ping6|4755|Jessie /bin/rdisc6|4755|Jessie /bin/su|4755|Jessie /usr/sbin/postqueue|2555|Jessie /usr/sbin/postdrop|2555|Jessie /usr/sbin/exim4|4755|Jessie /usr/bin/gpasswd|4755|Jessie /usr/bin/procmail|6755|Jessie /usr/bin/traceroute.lbl|4755|Jessie /usr/bin/passwd|4755|Jessie /usr/bin/bsd-write|2755|Jessie /usr/bin/mutt_dotlock|2755|Jessie /usr/bin/dotlockfile|2755|Jessie /usr/bin/lockfile|2755|Jessie /usr/bin/mlocate|2755|Jessie /usr/bin/gpg|4755|Jessie /usr/bin/screen|2755|Jessie /usr/bin/expiry|2755|Jessie /usr/bin/wall|2755|Jessie /usr/bin/chage|2755|Jessie /usr/bin/chfn|4755|Jessie /usr/bin/sudo|4755|Jessie /usr/bin/newgrp|4755|Jessie /usr/bin/crontab|2755|Jessie /usr/bin/chsh|4755|Jessie /usr/bin/sudoedit|4755|Jessie /usr/bin/ssh-agent|2755|Jessie /usr/bin/at|6755|Jessie|daemon /usr/bin/pkexec|4755|Jessie /usr/bin/rltraceroute6|4755|Jessie /usr/bin/ndisc6|4755|Jessie /usr/bin/lppasswd|4755|Jessie /usr/lib/openssh/ssh-keysign|4755|Jessie /usr/lib/mc/cons.saver|2755|Jessie /usr/lib/pt_chown|4755|Jessie /usr/lib/eject/dmcrypt-get-device|4755|Jessie /usr/lib/policykit-1/polkit-agent-helper-1|4755|Jessie /usr/lib/uml/uml_net|4750|Jessie /usr/lib/dbus-1.0/dbus-daemon-launch-helper|4754|Jessie #Freebsd /sbin/mksnap_ffs|4550|FreeBSD /sbin/ping|4555|FreeBSD /sbin/ping6|4555|FreeBSD /sbin/shutdown|4550|FreeBSD /sbin/poweroff|4550|FreeBSD /bin/rcp|4555|FreeBSD /usr/sbin/authpf|6555|FreeBSD /usr/sbin/authpf-noip|6555|FreeBSD /usr/sbin/lpc|2555|FreeBSD /usr/sbin/ppp|4550|FreeBSD /usr/sbin/pppd|4550|FreeBSD /usr/sbin/sliplogin|4550|FreeBSD /usr/sbin/timedc|4555|FreeBSD /usr/sbin/traceroute|4555|FreeBSD /usr/sbin/traceroute6|4555|FreeBSD /usr/sbin/trpt|2555|FreeBSD /usr/bin/at|4555|FreeBSD /usr/bin/atq|4555|FreeBSD /usr/bin/atrm|4555|FreeBSD /usr/bin/batch|4555|FreeBSD /usr/bin/btsockstat|2555|FreeBSD /usr/bin/chpass|4555|FreeBSD /usr/bin/chfn|4555|FreeBSD /usr/bin/chsh|4555|FreeBSD /usr/bin/ypchpass|4555|FreeBSD /usr/bin/ypchfn|4555|FreeBSD /usr/bin/ypchsh|4555|FreeBSD /usr/bin/fstat|2555|FreeBSD /usr/bin/lock|4555|FreeBSD /usr/bin/login|4555|FreeBSD /usr/bin/netstat|2555|FreeBSD /usr/bin/opieinfo|4555|FreeBSD /usr/bin/opiepasswd|4555|FreeBSD /usr/bin/passwd|4555|FreeBSD /usr/bin/yppasswd|4555|FreeBSD /usr/bin/rlogin|4555|FreeBSD /usr/bin/rsh|4555|FreeBSD /usr/bin/su|4555|FreeBSD /usr/bin/wall|2555|FreeBSD /usr/bin/write|2555|FreeBSD /usr/bin/crontab|4555|FreeBSD /usr/bin/lpq|6555|FreeBSD /usr/bin/lpr|6555|FreeBSD /usr/bin/lprm|6555|FreeBSD /usr/bin/quota|4555|FreeBSD /usr/libexec/sendmail/sendmail|2555|FreeBSD /usr/libexec/ulog-helper|4555|FreeBSD /usr/libexec/ssh-keysign|4555|FreeBSD #Red Hat /bin/ping|4755|Red Hat /bin/ping6|4755|Red Hat /bin/umount|4755|Red Hat /bin/mount|4755|Red Hat /bin/su|4755|Red Hat /sbin/umount.nfs|4755|Red Hat /sbin/mount.nfs|4755|Red Hat /sbin/mount.nfs4|4755|Red Hat /sbin/umount.nfs4|4755|Red Hat /sbin/unix_chkpwd|4755|Red Hat /sbin/shutdown|4754|Red Hat /sbin/pam_timestamp_check|4755|Red Hat /sbin/netreport|2755|Red Hat /usr/bin/write|2755|Red Hat /usr/bin/passwd|4755|Red Hat /usr/bin/chfn|4711|Red Hat /usr/bin/wall|2555|Red Hat /usr/bin/rcp|4755|Red Hat /usr/bin/rlogin|4755|Red Hat /usr/bin/chsh|4711|Red Hat /usr/bin/sudo|4111|Red Hat /usr/bin/locate|2711|Red Hat /usr/bin/gpasswd|4755|Red Hat /usr/bin/crontab|6755|Red Hat /usr/bin/newgrp|4755|Red Hat /usr/bin/sudoedit|4111|Red Hat /usr/bin/chage|4755|Red Hat /usr/bin/rsh|4755|Red Hat /usr/bin/screen|2755|Red Hat /usr/bin/at|4755|Red Hat /usr/bin/ssh-agent|2755|Red Hat /usr/bin/lockfile|2755|Red Hat /usr/bin/Xorg|4711|Red Hat /usr/sbin/userisdnctl|4755|Red Hat /usr/sbin/suexec|4510|Red Hat /usr/sbin/lockdev|2755|Red Hat /usr/sbin/sendmail.sendmail|2755|Red Hat /usr/sbin/mtr|4755|Red Hat /usr/sbin/userhelper|4711|Red Hat /usr/sbin/fping6|4755|Red Hat /usr/sbin/fping|4755|Red Hat /usr/sbin/usernetctl|4755|Red Hat /usr/sbin/postqueue|2755|Red Hat /usr/sbin/postdrop|2755|Red Hat /usr/sbin/ccreds_validate|4755|Red Hat /usr/libexec/openssh/ssh-keysign|4755|Red Hat /usr/libexec/utempter/utempter|2711|Red Hat /lib/dbus-1/dbus-daemon-launch-helper|4750|Red Hat /sbin/mount.nfs|4755|Ubuntu /sbin/unix_chkpwd|2755|Ubuntu /bin/ping|4755|Ubuntu /bin/umount|4755|Ubuntu /bin/mount|4755|Ubuntu /bin/ping6|4755|Ubuntu /bin/su|4755|Ubuntu /usr/bin/wall|2755|Ubuntu /usr/bin/mail-touchlock|2755|Ubuntu /usr/bin/X|6755|Ubuntu /usr/bin/crontab|2755|Ubuntu /usr/bin/newgrp|4755|Ubuntu /usr/bin/mail-lock|2755|Ubuntu /usr/bin/xterm with|2755|Ubuntu /usr/bin/bsd-write|2755|Ubuntu /usr/bin/dotlockfile|2755|Ubuntu /usr/bin/gpasswd|4755|Ubuntu /usr/bin/ssh-agent|2755|Ubuntu /usr/bin/mail-unlock|2755|Ubuntu /usr/bin/chfn|4755|Ubuntu /usr/bin/chage|2755|Ubuntu /usr/bin/chsh|4755|Ubuntu /usr/bin/expiry|2755|Ubuntu /usr/bin/screen|2755|Ubuntu /usr/bin/sudoedit|4755|Ubuntu /usr/bin/passwd|4755|Ubuntu /usr/bin/sudo|4755|Ubuntu /usr/lib/amanda/calcsize|4754|Ubuntu /usr/lib/amanda/rundump|4754|Ubuntu /usr/lib/amanda/runtar|4754|Ubuntu /usr/lib/amanda/killpgrp|4754|Ubuntu /usr/lib/openssh/ssh-keysign|4755|Ubuntu /usr/lib/pt_chown|4755|Ubuntu /usr/lib/eject/dmcrypt-get-device|4755|Ubuntu /usr/sbin/authpf|6555|OpenBSD /usr/sbin/authpf-noip|6555|OpenBSD /usr/bin/lpr|6555|OpenBSD /usr/bin/lprm|6555|OpenBSD #ArchLinux /sbin/unix_chkpwd|6755|arch /bin/su|4555|arch /bin/mount|4755|arch /bin/umount|4755|arch /bin/ping|4755|arch /bin/ping6|4755|arch /bin/traceroute|4555|arch /bin/traceroute6|4755|arch /usr/bin/chfn|4755|arch /usr/bin/write|2755|arch /usr/bin/newgrp|4755|arch /usr/bin/expiry|4755|arch /usr/bin/gpasswd|4755|arch /usr/bin/passwd|4755|arch /usr/bin/rsh|4775|arch /usr/bin/crontab|4755|arch /usr/bin/chage|4755|arch /usr/bin/ksu|4755|arch /usr/bin/rlogin|4775|arch /usr/bin/chsh|4755|arch /usr/bin/rcp|4775|arch /usr/lib/pt_chown|4755|arch /usr/lib/dbus-1.0/dbus-daemon-launch-helper|4750|arch /sbin/unix_chkpwd|4755|Fedora /sbin/pam_timestamp_check|4755|Fedora /sbin/netreport|2755|Fedora /bin/su|4755|Fedora /bin/mount|4755|Fedora /bin/umount|4755|Fedora /usr/sbin/usernetctl|4755|Fedora /usr/sbin/sendmail.sendmail|2755|Fedora /usr/bin/chage|4755|Fedora /usr/bin/wall|2555|Fedora /usr/bin/newgrp|4755|Fedora /usr/bin/chsh|4711|Fedora /usr/bin/sudo|4111|Fedora /usr/bin/sudoedit|4111|Fedora /usr/bin/chfn|4711|Fedora /usr/bin/gpasswd|4755|Fedora /usr/bin/crontab|6755|Fedora /usr/bin/passwd|4755|Fedora /usr/bin/write|2755|Fedora /usr/bin/lockfile|2755|Fedora /usr/libexec/utempter/utempter|2711|Fedora /usr/libexec/openssh/ssh-keysign|2111|Fedora /lib/dbus-1/dbus-daemon-launch-helper|4750|Fedora yasat/plugins/avahi.test0000750000175000017500000000420012457227301016100 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check avahi" TESTNAME='YASAT_TEST_SERVICE_AVAHI NSAG=3.7.1.1 CCEID=4365-3 Check if the avahi-daemon service is disabled' Check_auto_start avahi-daemon packages no 3.7.1.1 4365-3 TESTNAME='YASAT_TEST_AVAHI_REMOVE_IPTABLES NSAG=3.7.1.2 Remove Avahi Server iptables Firewall Exception' Compliance --result 'NOTIMPL' --plugin avahi --nsag 3.7.1.2 TESTNAME='YASAT_TEST_AVAHI_1 Serve Only via Required Protocol' Compliance --result 'NOTIMPL' --plugin avahi --nsag 3.7.2.1 --cce 4136-8 --cce 4409-9 TESTNAME='YASAT_TEST_AVAHI_2 Check Responses TTL Field' Compliance --result 'NOTIMPL' --plugin avahi --nsag 3.7.2.2 --cce 4426-3 TESTNAME='YASAT_TEST_AVAHI_3 Prevent Other Programs from Using Avahi s Port' Compliance --result 'NOTIMPL' --plugin avahi --nsag 3.7.2.3 --cce 4193-9 TESTNAME='YASAT_TEST_AVAHI_DISABLE_PUBLISHING Disable Publishing if Possible' Compliance --result 'NOTIMPL' --plugin avahi --nsag 3.7.2.4 --cce 4444-6 TESTNAME='YASAT_TEST_AVAHI_RESTRICT_PUBLISHED_INFOS Restrict Published Information' Compliance --result 'NOTIMPL' --plugin avahi --nsag 3.7.2.5 --cce 4352-1 --cce 4433-9 --cce 445 return 0; yasat/plugins/apache_conf.test0000640000175000017500000002124112466647676017265 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ #for LOCATION in ${POSSIBLE_APACHE_CONFIG_LOCATION} #do # if [ -d "${LOCATION}/" ] # then # APACHE_CONF_REP="${LOCATION}" # fi #done apache_find_conf if [ $? -ne 0 ];then return 1 fi apache_I_want_only_one Title "Check Apache configuration" TESTNAME='YASAT_TEST_APACHE_CONF_1 test the presence of apache.conf' if [ ! -d "$APACHE_CONF_REP" ] ;then Display --indent 2 --text "No apache found" --result NOTFOUND --color BLUE return 1; else Display --indent 2 --text "$APACHE_CONF_REP " --result FOUND --color GREEN fi prepare_apache_conf $APACHE_CONF_REP APACHE_CONF_LOCATION_TO_TEST="${TEMPYASATDIR}/apache.conf" if [ ! -e "$APACHE_CONF_LOCATION_TO_TEST" ] ;then echo "Error no $APACHE_CONF_LOCATION_TO_TEST" return 1; fi if [ -e "${PLUGINS_REP}/apache_conf.data" ] ;then for i in `grep -v '^\#' $PLUGINS_REP/apache_conf.data` do ldirective=`echo $i | cut -f1 -d\|` lparam=`echo $i | cut -f2 -d\|` loption=`echo $i | cut -f3 -d\|` ltestoptional=`echo $i | cut -f4 -d\|` OPT_ADVICE='' OPT_ADVICE="`echo $i | cut -f5 -d\|`" lnsagid="`echo $i | cut -f6 -d\|`" lcceid="`echo $i | cut -f7 -d\|`" if [ -z "$lnsagid" ] ; then lnsagid=0 fi if [ -z "$lcceid" ] ; then lcceid=0 fi TESTNAME="YASAT_TEST_APACHE_CONF_$ldirective Check if $ldirective is equal to $lparam" FindValueOf $APACHE_CONF_LOCATION_TO_TEST $ldirective JUSTTEST if [ -z "$RESULTAT" ] ; then if [ -z "$FINDERROR" ] ; then if [ "$ltestoptional" = "Y" ] ; then Display --indent 2 --text "Missing declaration of $ldirective " --result OPTIONAL --color BLUE else Display --indent 2 --text "Missing declaration of $ldirective " --result WARNING --color RED --advice $OPT_ADVICE fi else if [ "$FINDERROR" = 'MULTIPLE' ] ; then Display --indent 2 --text "Multiple declaration of $ldirective " --result WARNING --color RED --advice $OPT_ADVICE else echo "Arg a bug, unknown FINDERROR"; fi fi else VAL="$RESULTAT" case $loption in S)#string equal is_equal "$RESULTAT" "$lparam" if [ $? -eq 1 ] ;then Display --indent 2 --text "$ldirective != $lparam" --result "$RESULTAT" --color RED --advice "$OPT_ADVICE" Compliance --result NOK --plugin apache --nsag $lnsagid --cce $lcceid else Display --indent 2 --text "$ldirective " --result "$RESULTAT" --color GREEN Compliance --result OK --plugin apache --nsag $lnsagid --cce $lcceid fi ;; s) #string equal case insensitive is_equal "$RESULTAT" "$lparam" -i if [ $? -eq 1 ] ; then Display --indent 2 --text "$ldirective != $lparam" --result "$RESULTAT" --color RED --advice "$OPT_ADVICE" find_file_with_directive "$APACHE_CONF_REP" "^[[:space:]]*$ldirective" add_correction "sed -i 's/^[[:space:]]*$ldirective.*/$ldirective $lparam/' $RES_FILE_WITH_DIRECTIVE" Compliance --result NOK --plugin apache --nsag $lnsagid --cce $lcceid else Display --indent 2 --text "$ldirective " --result "$RESULTAT" --color GREEN Compliance --result OK --plugin apache --nsag $lnsagid --cce $lcceid fi ;; snot)#not string case insensitive is_equal "$RESULTAT" "$lparam" -i if [ $? -eq 0 ];then Display --indent 2 --text "$ldirective != $lparam" --result "$RESULTAT" --color RED --advice "$OPT_ADVICE" Compliance --result NOK --plugin apache --nsag $lnsagid --cce $lcceid else Display --indent 2 --text "$ldirective " --result "$RESULTAT" --color GREEN Compliance --result OK --plugin apache --nsag $lnsagid --cce $lcceid fi ;; NM)#Numeric max TESTNAME="YASAT_TEST_APACHE_CONF_$ldirective Check if $ldirective is less than $lparam" if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "Missing declaration of $ldirective " --result WARNING --color RED --advice $OPT_ADVICE Compliance --result NOK --plugin apache --nsag $lnsagid --cce $lcceid else if [ $RESULTAT -ge $lparam ] ;then Display --indent 2 --text "$ldirective <= $lparam" --result "$VAL" --color RED --advice $OPT_ADVICE find_file_with_directive "$APACHE_CONF_REP" "^[[:space:]]*$ldirective" add_correction "sed -i 's/^[[:space:]]*$ldirective.*/$ldirective $lparam/' $RES_FILE_WITH_DIRECTIVE" Compliance --result NOK --plugin apache --nsag $lnsagid --cce $lcceid else Display --indent 2 --text "$ldirective " --result "$VAL" --color GREEN Compliance --result OK --plugin apache --nsag $lnsagid --cce $lcceid fi fi ;; *) echo "Unknown option $loption" ;; esac fi done else echo "No apache_conf.data" fi TESTNAME='YASAT_TEST_APACHE_CONF_ERRORDOC_404 Check if an ErrorDocument for 404 is configured' #ErrorDocument\ 404|/error/http_not_found.html.var|snot|W FindValueOf $APACHE_CONF_LOCATION_TO_TEST 'ErrorDocument\ 404' JUSTTEST if [ ! -z "$RESULTAT" ];then if [ "$RESULTAT" = '/error/HTTP_NOT_FOUND.html.var' ] ;then Display --indent 2 --text "ErrorDocument 404" --result FOUND --color ORANGE --advice APACHE_ERRORDOC_CUSTOM fi else Display --indent 2 --text "ErrorDocument 500" --result NOTFOUND --color ORANGE --advice APACHE_ERRORDOC_CUSTOM fi TESTNAME='YASAT_TEST_APACHE_CONF_ERRORDOC_500 Check if an ErrorDocument for 500 is configured' FindValueOf $APACHE_CONF_LOCATION_TO_TEST 'ErrorDocument\ 500' JUSTTEST if [ ! -z "$RESULTAT" ];then if [ "$RESULTAT" = '/error/HTTP_INTERNAL_SERVER_ERROR.html.var' ] ;then Display --indent 2 --text "ErrorDocument 500" --result FOUND --color ORANGE --advice APACHE_ERRORDOC_CUSTOM fi else Display --indent 2 --text "ErrorDocument 500" --result NOTFOUND --color ORANGE --advice APACHE_ERRORDOC_CUSTOM fi TESTNAME='YASAT_TEST_APACHE_CONF_USER Check if the user parameter is set' FindValueOf $APACHE_CONF_LOCATION_TO_TEST "User" Check_apache_user $APACHE_CONF_REP $RESULTAT TMP_RESULT="${TEMPYASATDIR}/apache.tmpresult" if [ -z "$RESULTAT" ];then Display --indent 2 --text "Missing declaration of User " --result WARNING --color RED else TESTNAME='YASAT_TEST_APACHE_USER Check if apache user have a shell' APACHESHELL="`getent passwd ${RESULTAT} | cut -d\: -f7`" if [ `echo $APACHESHELL |grep 'sh' ` ] then Display --indent 2 --text "apache's shell $APACHESHELL is incorrect " --result WARNING --color RED --advice APACHE_USER_BAD_SHELL else Display --indent 2 --text "apache's shell $APACHESHELL is correct " --result OK --color GREEN fi fi TESTNAME='YASAT_TEST_APACHE_CONF_GROUP Check if the group parameter is set' FindValueOf $APACHE_CONF_LOCATION_TO_TEST "Group" Check_apache_group $APACHE_CONF_REP $RESULTAT APACHE_GROUP="$RESULTAT" RESULTAT=`find $APACHE_CONF_REP ! -type l ! -user root -exec ls {} \;` if [ ! -z "$RESULTAT" ] then Display --indent 2 --text "owner of $APACHE_CONF_REP/* " --result WARNING --color RED --advice APACHE_USER_OWNER_CONF_REP echo " $RESULTAT" else Display --indent 2 --text "owner of $APACHE_CONF_REP/* " --result OK --color GREEN fi TESTNAME='YASAT_TEST_APACHE_USER_5 Check the owner/group of apache confdir' check_directory_group $APACHE_CONF_REP $ROOTGROUP $TMP_RESULT 2 APACHE_USER_GROUP_CONF_REP TESTNAME='YASAT_TEST_APACHE_USER_6 Check the right of apache confdir' check_directory_others $APACHE_CONF_REP $TMP_RESULT 2 APACHE_USER_OTHERS_CONF_REP TESTNAME='YASAT_TEST_APACHE_USER_7 Check presence of passwd file in confdir' find $APACHE_CONF_REP -type f -iname '*pass*' -o -iname '*htaccess*' | while read line do Display --indent 2 --text "Found passwd $line " --result "FOUND" --color RED --advice APACHE_USER_PASSWD_IN_CONF_REP done return 0; RESULTAT=`find $APACHE_CONF_REP ! -type l ! -user root -exec ls {} \;` if [ ! -z "$RESULTAT" ];then Display --indent 2 --text "owner of $APACHE_CONF_REP " --result WARNING --color RED echo " $RESULTAT" else Display --indent 2 --text "owner of $APACHE_CONF_REP " --result OK --color GREEN fi yasat/plugins/yasat_global.advice0000640000175000017500000000556212457717525017753 0ustar montjoiemontjoieEN,GLOBAL_MULTIPLE_DECLARATIONS=Unable to discern which declaration is really used EN,GLOBAL_FILE_CHMOD640=This file must be chmoded 640 or 600
chmod 640 filename
ADVICEEND EN,GLOBAL_FILE_CHMOD600=This file must be chmoded 600
chmod 600 filename
ADVICEEND EN,GLOBAL_FILE_MUST_BE_OWNED_BY_ROOT=This file must be owned by the root user EN,GLOBAL_FILE_MUST_BE_GROUPED_BY_ROOT=This file must be group owned by the root user (root or wheel) EN,GLOBAL_FILE_OTHER_WRITABLE=Do a chmod o-w name_of_the_file EN,GLOBAL_FILE_OTHER_READABLE=Do a chmod o-rxw name_of_the_file EN,GLOBAL_INTERNAL_ERROR=Internal error, probably a bug EN,GLOBAL_SKIPPED_LONG_TESTS=Long tests skipped, use -f to include them EN,YASAT_BUG=Argg a bug, please report it. EN,YASAT_DENIED=You got a permission denied, are you root ? EN,CERTIFICATE_OUTDATED=This certificate will outdated soon. EN,GLOBAL_PACKAGE_INSTALLED_AT_HAND=Why have you installed this package manually ? Installing software from manually is not recommended, because you have to do all patch management your self. (no security patch tracking) ADVICEEND EN,GLOBAL_PRIVATE_KEY_NOT_PASSWORD_PROTECTED=Password protect your private key openssl rsa -in nopassword.key -des3 -out password.key You will be prompted for a passphrase. -des3 could be replaced by -aes128, -aes192, or -aes256 if you want a stronger cipher for encryption. ADVICEEND EN,GLOBAL_RSA_KEY_SIZE=RSA keys must be 2048bits at minimum see http://www.openssl.org/docs/HOWTO/keys.txt ADVICEEND EN,GLOBAL_BINARY_PIE=TODO See http://www.gentoo.org/proj/en/hardened/pie-ssp.xml http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml ADVICEEND EN,GLOBAL_BINARY_SSP=TODO See http://www.gentoo.org/proj/en/hardened/pie-ssp.xml http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml ADVICEEND EN,GLOBAL_UNSECURE_SIGN_ALGO=Unsecure algorithm used Certificate with MD5 signature are subject to collision attacks. http://technet.microsoft.com/en-us/security/advisory/961509 ADVICEEND EN,SSL_PROTOCOL_SSLV2=SSLV2 is deprecated, disable it with -SSLv2 SSLv2 is known to be a weak protection, disable it. see http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol ADVICEEND EN,SSL_PROTOCOL_SSLV3=SSLV3 is deprecated, disable it with -SSLv3 SSLv3 is known to be a weak protection, disable it. (TODO POODLE attack) ADVICEEND yasat/plugins/network.advice0000640000175000017500000000504012457227301016756 0ustar montjoiemontjoieEN,NETWORK_ICMP_ECHO_IGNORE_BROADCASTS=Set icmp_echo_ignore_broadcasts to 1 For a complete security guide see http://www.gentoo.org/doc/fr/security/security-handbook.xml?part=1&chap=9 ADVICEEND EN,NETWORK_FIN_TIMEOUT=Decrease tcp_fin_timeout value For a complete security guide see http://www.gentoo.org/doc/fr/security/security-handbook.xml?part=1&chap=9 ADVICEEND EN,NETWORK_IGNORE_BOGUS_ERROR_RESPONSES=Set icmp_ignore_bogus_error_responses to 1 For a complete security guide see http://www.gentoo.org/doc/fr/security/security-handbook.xml?part=1&chap=9 ADVICEEND EN,NETWORK_CONF_ALL_ACCEPT_REDIRECTS=TODO For a complete security guide see http://www.gentoo.org/doc/fr/security/security-handbook.xml?part=1&chap=9 ADVICEEND EN,NETWORK_CONF_DEFAULT_ACCEPT_REDIRECTS=TODO For a complete security guide see http://www.gentoo.org/doc/fr/security/security-handbook.xml?part=1&chap=9 ADVICEEND EN,NETWORK_TCP_SYNCOOKIES=Enable TCP_SYN_COOKIE See http://en.wikipedia.org/wiki/SYN_cookie For a complete security guide see http://www.gentoo.org/doc/fr/security/security-handbook.xml?part=1&chap=9 ADVICEEND EN,NETWORK_CONF_ALL_ACCEPT_SOURCE_ROUTE=TODO For a complete security guide see http://www.gentoo.org/doc/fr/security/security-handbook.xml?part=1&chap=9 ADVICEEND EN,NETWORK_CONF_DEFAULT_ACCEPT_SOURCE_ROUTE=TODO For a complete security guide see http://www.gentoo.org/doc/fr/security/security-handbook.xml?part=1&chap=9 ADVICEEND EN,NETWORK_CONF_ENABLE_IP_SPOOFING_PROTECTION=Enable IP spoofing protection For a complete security guide see http://www.gentoo.org/doc/fr/security/security-handbook.xml?part=1&chap=9 ADVICEEND EN,NETWORK_CONF_TODO=TODO #http://www.gentoo.org/doc/fr/security/security-handbook.xml?part=1&chap=9 yasat/plugins/php_conf.data0000640000175000017500000000566512457227301016554 0ustar montjoiemontjoie#directive | value | comparaison operator | optional | ADVICE default_socket_timeout|20|NM safe_mode|on|s||PHP_CONF_SAFEMODE #safe_mode_exec_dir #safe_mode_include_dir etc... #include_path open_basedir ??? #max_execution_time memory_limit post_max_size allow_url_open register_globals|off|s||PHP_CONF_REGISTER_GLOBALS allow_url_fopen|off|s expose_php|off|s||PHP_CONF_EXPOSE_PHP enable_dl|off|s||PHP_CONF_ENABLE_DL short_open_tag|off|s||PHP_CONF_SORT_OPEN_TAG asp_tags|off|s display_errors|off|s||PHP_CONF_DISPLAY_ERRORS log_errors|on|s display_startup_errors|off|s file_uploads|off|s||PHP_CONF_FILE_UPLOADS allow_url_include|off|s||PHP_CONF_ALLOW_URL_INCLUDE max_execution_time|20|NM max_input_time|61|NM #open_basedir TODO report_memleaks|on|s register_long_arrays|off|s||PHP_CONF_REGISTER_LONG_ARRAYS register_argc_argv|off|s||PHP_CONF_REGISTER_ARGC_ARGV #save_path #user_id and group_id #http://wiki.claroline.net/index.php/Security #http://www.php.net/manual/fr/features.safe-mode.functions.php disable_functions|shell_exec|C|N|PHP_CONF_EXECCOMM disable_functions|phpinfo|C|N|PHP_CONF_INFODISCLOSURE disable_functions|popen|C|N|PHP_CONF_EXECCOMM disable_functions|diskfreespace|C|N|PHP_CONF_INFODISCLOSURE disable_functions|disk_free_space|C|N|PHP_CONF_INFODISCLOSURE disable_functions|proc_open|C|N|PHP_CONF_EXECCOMM disable_functions|leak|C disable_functions|tmpfile|C disable_functions|exec|C|N|PHP_CONF_EXECCOMM disable_functions|system|C|N|PHP_CONF_EXECCOMM disable_functions|passthru|C|N|PHP_CONF_EXECCOMM disable_functions|eval|C #disable_functions|parse_ini_file|C disable_functions|dl|C disable_functions|set_time_limit|C disable_functions|apache_child_terminate|C disable_functions|apache_get_modules|C|N|PHP_CONF_INFODISCLOSURE disable_functions|apache_get_version|C|N|PHP_CONF_INFODISCLOSURE disable_functions|apache_getenv|C disable_functions|apache_note|C disable_functions|apache_getenv|C|N|PHP_CONF_INFODISCLOSURE disable_functions|apache_setenv|C disable_functions|virtual|C disable_functions|fsockopen|C disable_functions|ini_alter|C disable_functions|ini_set|C disable_functions|show_source|C disable_functions|proc_close|C disable_functions|proc_terminate|C #disable_functions|pfsockopen|C #disable_functions|escapeshel|C disable_functions|highlight_file|C disable_functions|pcntl_exec|C disable_functions|curl_exec|C disable_functions|curl_multi_exec|C #disable_functions|set_time_limit|C #http://seclists.org/fulldisclosure/2003/Aug/0633.html disable_functions|dlopen|C #http://groups.google.com/group/make-the-web-faster/browse_thread/thread/ddfbe82dd80408cc #magic_quotes_gpc must be on ? #register_argc_argv #always_populate_raw_post_data #session.use_trans_sid #session.auto_start. #memory limit #max_input_time #upload_max_size #enable_dl #mysql #mysql default password # #upload_max_filesize #post_max_size max_file_uploads|20|NM #http://php.net/session.name #session.name|PHPSESSID|snot session.name|phpsessid|snot||PHP_CONF_PHPSESSID session.auto_start|0|s yasat/plugins/ssh.advice0000640000175000017500000000204012457227301016057 0ustar montjoiemontjoieEN,SSH_ROOT_LOGIN=Disable direct root login
PermitRootLogin no
Tt's better for audit to see nominal login account before su to root or sudo ADVICEEND EN,SSH_X11FORWARDING=Disable X11Forwarding
X11Forwarding no
According to manpage, When X11 forwarding is enabled, there may be additional exposure to the server and to client displays if the sshd(8) proxy display is configured to listen on the wildcard address (see X11UseLocalhost below), though this is not the default. Additionally, the authentication spoofing and authentication data verification and substitution occur on the client side. The security risk of using X11 forwarding is that the client's X11 display server may be exposed to attack when the SSH client requests forwarding (see the warnings for ForwardX11 in ssh_config(5)). ADVICEEND EN,SSH_IGNORERHOSTS=Disable IgnoreRhosts
IgnoreRhosts yes
For security reasons it is recommended to no use rhosts or shosts files for authentication. ADVICEEND yasat/plugins/syslogng.test0000640000175000017500000000474212457227301016666 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ POSSIBLE_SYSLOGNG_CONF="/etc/syslog-ng/syslog-ng.conf /usr/local/etc/syslog-ng/syslog-ng.conf" SYSLOGNG_CONF="" for LOCATION in ${POSSIBLE_SYSLOGNG_CONF} do if [ -e "${LOCATION}" ] then SYSLOGNG_CONF="${LOCATION}" fi done Title "Check syslog-ng" if [ -z "$SYSLOGNG_CONF" ] then return 1; fi if [ ! -e "$SYSLOGNG_CONF" ] then return 1; fi Display --indent 2 --text "$SYSLOGNG_CONF" --result FOUND --color GREEN SYSLOGNGCONFRIGHT="`stat $STAT_RIGHT $SYSLOGNG_CONF`" if [ "$SYSLOGNGCONFRIGHT=" != '640' -a "$SYSLOGNGCONFRIGHT" != '600' ] then Display --indent 2 --text "Rights of $SYSLOGNG_CONF" --result WARNING --color RED --advice GLOBAL_FILE_CHMOD640 else Display --indent 2 --text "Rights of $SYSLOGNG_CONF" --result OK --color GREEN fi if [ "`stat $STAT_USER $SYSLOGNG_CONF`" != 'root' ] then Display --indent 2 --text "owner of $SYSLOGNG_CONF" --result WARNING --color RED --advice GLOBAL_FILE_MUST_BE_OWNED_BT_ROOT else Display --indent 2 --text "owner of $SYSLOGNG_CONF" --result OK --color GREEN fi if [ "`stat $STAT_GROUP $SYSLOGNG_CONF`" != "$ROOTGROUP" ] then Display --indent 2 --text "group of $SYSLOGNG_CONF" --result WARNING --color RED --advice GLOBAL_FILE_MUST_BE_GROUPED_BT_ROOT else Display --indent 2 --text "group of $SYSLOGNG_CONF" --result OK --color GREEN fi #TODO check use_dns #if [ `grep -v '^#*' $SYSLOGNG_CONF | grep 'use_dns'` ] #then # echo "toto" #fi #TODO for logging local1-6 #TODO loghost tcp or udp better ? return 0; yasat/plugins/squid.test0000640000175000017500000001506212457227301016143 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ POSSIBLE_SQUID_CONF="/etc/squid/squid.conf /usr/local/etc/squid/squid.conf" SQUID_CONF="/etc/squid/squid.conf" for LOCATION in ${POSSIBLE_SQUID_CONF} do if [ -e "${LOCATION}" ] then SQUID_CONF="${LOCATION}" fi done SQUID_CONF="`dirname $SQUID_CONF`/squid.conf" Title "Check Squid" if [ ! -e "$SQUID_CONF" ] then return 1; fi SQUIDUSER='squid' SQUID_SHELL="`getent passwd $SQUIDUSER | cut -d\: -f7`" if [ ! -z "`echo $SQUID_SHELL |grep 'sh'`" ] then Display --indent 2 --text "Shell de squid $SQUID_SHELL Incorrect " --result WARNING --color RED --advice SQUID_USER_BAD_SHELL else Display --indent 2 --text "Shell de squid $SQUID_SHELL Correct " --result OK --color GREEN fi Display --indent 2 --text "$SQUID_CONF" --result FOUND --color GREEN get_simple_right "$SQUID_CONF" if [ "$RESULTAT" = '640' ] then Display --indent 4 --text "Right of $SQUID_CONF" --result OK --color GREEN else Display --indent 4 --text "Right of $SQUID_CONF" --result "$RESULTAT" --color RED --advice GLOBAL_FILE_CHMOD640 fi FindValueOf "$SQUID_CONF" request_header_max_size JUSTTEST if [ -z "$RESULTAT" ] then RESULTAT=20 fi if [ "$RESULTAT" -le 20 ] then Display --indent 4 --text "request_header_max_size <= 20kb" --result GOOD --color GREEN else Display --indent 4 --text "request_header_max_size > 20kb" --result BAD --color ORANGE fi FindValueOf "$SQUID_CONF" reply_header_max_size JUSTTEST if [ -z "$RESULTAT" ] then RESULTAT=20 fi if [ "$RESULTAT" -le 20 ] then Display --indent 4 --text "reply_header_max_size <= 20kb" --result GOOD --color GREEN else Display --indent 4 --text "reply_header_max_size > 20kb" --result BAD --color ORANGE fi FindValueOf "$SQUID_CONF" check_hostnames JUSTTEST if [ -z "$RESULTAT" ] then RESULTAT='off' fi if [ "$RESULTAT" = 'on' ] then Display --indent 4 --text "check_hostnames on" --result GOOD --color GREEN else Display --indent 4 --text "check_hostnames off" --result BAD --color RED --advice SQUID_CHECK_HOSTNAMES fi FindValueOf "$SQUID_CONF" ignore_unknown_nameservers JUSTTEST if [ -z "$RESULTAT" ] then RESULTAT='on' fi if [ "$RESULTAT" = 'on' ] then Display --indent 4 --text "ignore_unknown_nameservers on" --result GOOD --color GREEN else Display --indent 4 --text "ignore_unknown_nameservers off" --result BAD --color RED --advice SQUID_UNKNOWN_NAMESERVER fi FindValueOf "$SQUID_CONF" ftp_sanitycheck JUSTTEST if [ -z "$RESULTAT" ] then RESULTAT='on' fi if [ "$RESULTAT" = 'on' ] then Display --indent 4 --text "ftp_sanitycheck on" --result GOOD --color GREEN else Display --indent 4 --text "ftp_sanitycheck off" --result BAD --color RED --advice SQUID_FTP_SANITYCHECK fi FindValueOf "$SQUID_CONF" allow_underscore JUSTTEST if [ -z "$RESULTAT" ] then RESULTAT='on' fi if [ "$RESULTAT" = 'on' ] then Display --indent 4 --text "allow_underscore on" --result BAD --color RED --advice SQUID_ALLOW_UNDERSCORE else Display --indent 4 --text "allow_underscore off" --result GOOD --color GREEN fi FindValueOf "$SQUID_CONF" httpd_suppress_version_string JUSTTEST if [ -z "$RESULTAT" ] then RESULTAT='off' fi if [ "$RESULTAT" = 'on' ] then Display --indent 4 --text "httpd_suppress_version_string on" --result GOOD --color GREEN else Display --indent 4 --text "httpd_suppress_version_string off" --result BAD --color RED --advice SQUID_HIDE_VERSION fi #check for allowed ports grep -v '^#' "$SQUID_CONF" | grep '^http_access' | sed 's/^http_access[[:space:]]*//g' | sed 's/[[:space:]][[:space:]]*/ /g'| while read line do # echo "" # echo "$line" KEY="`echo $line | cut -d\ -f1`" # if [ "$KEY" = 'allow' -o "$KEY" = 'deny' ] # then ACLNAME="`echo $line | cut -d\ -f2`" NEGATION=0 if [ ! -z "`echo $ACLNAME |grep '^!'`" ] then ACLNAME="`echo $line | cut -d\! -f2`" NEGATION=1 fi if [ $NEGATION -eq 1 ] then NEGATION=0 if [ "$KEY" = 'allow' ] then KEY='deny' else KEY='allow' fi fi # echo "Check $KEY for acl=$ACLNAME" grep -i '^acl[[:space:]]' "$SQUID_CONF" | grep -i "${ACLNAME}" | sed 's/^acl[[:space:]]*//g' | sed 's/[[:space:]][[:space:]]*/ /g'| while read lineacl do # echo " FOUND acl=$lineacl" ACL_TYPE="`echo $lineacl | cut -d\ -f2`" # echo " TYPE=$ACL_TYPE" if [ "$ACL_TYPE" = "port" ] then PORT="`echo $lineacl | cut -d\ -f3`" # echo " $lineacl port=$PORT" #we dont want allow for port 280 if [ ! -z "`grep ^$PORT,$KEY ${PLUGINS_REP}/squid.ports`" ] then Display --indent 4 --text "Found allowed port $PORT in $ACLNAME" --result BAD --color RED else Display --indent 4 --text "Found allowed port $PORT in $ACLNAME" --result OK --color GREEN fi fi # if [ "$ACL_TYPE" = "dst" ] # then #we dont want that localhost is accessible # DEST="`echo $lineacl | cut -d\ -f3`" # echo " $lineacl dest=$DEST" # fi done # fi done Check_auto_start squid squid any if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] then Display --indent 2 --text "squid is started at boot" --result UNKNOWN --color BLUE else if [ "$RESULTAT" = "yes" ] then Display --indent 2 --text "squid is started at boot" --result YES --color BLUE else Display --indent 2 --text "squid is started at boot" --result NO --color GREEN fi fi Is_installed_via_package_manager squid if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] then Display --indent 2 --text "squid installation" --result UNKNOWN --color BLUE else if [ "$RESULTAT" = "yes" ] then Display --indent 2 --text "squid is installed by package" --result GOOD --color GREEN else Display --indent 2 --text "squid is installed at hand" --result BAD --color ORANGE --advice GLOBAL_PACKAGE_INSTALLED_AT_HAND fi fi return 0; yasat/plugins/php_conf.test0000640000175000017500000001473612457227301016621 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check PHP configuration" apache_find_conf if [ $? -ne 0 ];then return 1 fi > $TEMPYASATDIR/php_ini_list while read apache_conf_one do prepare_apache_conf $apache_conf_one if [ $? -ne 0 ];then Display_error "ERROR: Cannot prepare configuration in $apache_conf_one" fi #find libphp.so and use strings for finding at-compilation-config-choice grep -iE --no-filename '^LoadModule[[:space:]]*php' $TEMPYASATDIR/apache.conf | sed 's,[[:space:]][[:space:]]*, ,g' | cut -d\ -f3| while read libphp_so do if [ ! -e $libphp_so ];then libphp_so="$SERVERROOT/$libphp_so" fi if [ -e $libphp_so ];then Display --indent 4 --text "Found $libphp_so" --result FOUND --color BLUE strings $libphp_so |grep ^/etc/ | while read possible_php_ini do if [ -e "$possible_php_ini/php.ini" ];then Display --indent 4 --text "Found $possible_php_ini/php.ini" --result FOUND --color BLUE echo "$possible_php_ini/php.ini" >> $TEMPYASATDIR/php_ini_list fi done fi done # seek for php.ini in apache config #TODO done < $TEMPYASATDIR/apache_list #find more php.ini find /etc/ -iname php.ini >> $TEMPYASATDIR/php_ini_list check_php_ini() { local PHP_CONF_REP="$1" if [ ! -e "$PHP_CONF_REP/php.ini" ];then return 1 fi Display --indent 2 --text "Checking $PHP_CONF_REP/php.ini" --result INFO --color BLUE if [ -e "${PLUGINS_REP}/php_conf.data" ] ; then for i in `grep -v '^\#' $PLUGINS_REP/php_conf.data` do ldirective=`echo $i | cut -f1 -d\|` lparam=`echo $i | cut -f2 -d\|` loption=`echo $i | cut -f3 -d\|` ltestoptional=`echo $i | cut -f4 -d\|` OPT_ADVICE='' OPT_ADVICE="`echo $i | cut -f5 -d\|`" if [ -z $OPT_ADVICE ] ; then OPT_ADVICE='NONE' fi Debug "check for $ldirective" FindValueOfEqual $PHP_CONF_REP/php.ini $ldirective JUSTTEST VAL="$RESULTAT" if [ -z "$RESULTAT" ] ; then loption='NODEF' fi case $loption in S)#string equal if [ "$VAL" != "$lparam" ] ;then #affiche_rouge "$ldirective pas a $lparam" Display --indent 4 --text "$ldirective ( want $lparam )" --result "$VAL" --color RED --advice $OPT_ADVICE else #affiche_vert "GOOD" Display --indent 4 --text "$ldirective " --result "$VAL" --color GREEN fi ;; s)#string equal casse insensitive VAL=`echo $RESULTAT | tr A-Z a-z` if [ "$VAL" != "$lparam" ] ;then Display --indent 4 --text "$ldirective ( want $lparam )" --result "$VAL" --color RED --advice $OPT_ADVICE else Display --indent 4 --text "$ldirective " --result "$VAL" --color GREEN fi ;; snot)#not string casse insensitive VAL=`echo $RESULTAT | tr A-Z a-z` if [ "$VAL" = "$lparam" ] ;then Display --indent 4 --text "$ldirective ( dont want $lparam )" --result "$VAL" --color RED --advice $OPT_ADVICE else Display --indent 4 --text "$ldirective " --result "$VAL" --color GREEN fi ;; NM)#Numeric max ## FindValueOf $PHP_CONF_REP/php.ini $ldirective if [ -z "$RESULTAT" ] ; then Display --indent 4 --text "Missing declaration of $ldirective " --result WARNING --color RED --advice $OPT_ADVICE else if [ "$RESULTAT" -ge $lparam ] ;then Display --indent 4 --text "$ldirective < $lparam" --result "$VAL" --color RED --advice $OPT_ADVICE else Display --indent 4 --text "$ldirective " --result "$VAL" --color GREEN fi fi ;; C)#contains if [ -z "$RESULTAT" ] ; then Display --indent 4 --text "Missing declaration of $ldirective " --result WARNING --color RED --advice $OPT_ADVICE else #this is ugly but it works RESULTAT="beginline, $RESULTAT, endline" if [ -z "`echo $RESULTAT |grep [,[:space:]]$lparam[,[:space:]]`" ] ;then Display --indent 4 --text "$ldirective without $lparam" --result NOTFOUND --color RED --advice $OPT_ADVICE else Display --indent 4 --text "$ldirective " --result "$lparam" --color GREEN fi fi ;; NODEF) Display --indent 4 --text "No declaration of $ldirective (want $lparam)" --result WARNING --color RED --advice $OPT_ADVICE ;; *) Display --indent 4 --text "Unknown option $loption" --result ERROR --color RED ;; esac done FindValueOfEqual $PHP_CONF_REP/php.ini 'error_log' JUSTTEST if [ -z "$RESULTAT" ] ; then Display --indent 4 --text "Missing declaration de error_log " --result WARNING --color RED else REPLOG="`dirname $RESULTAT`" Display --indent 4 --text "error_log $RESULTAT" --result DEFINED --color GREEN if [ -e "$REPLOG" ] ; then Find_apache_conf_location if [ "$APACHE_CONF_REP" = 'NOTFOUND' ];then prepare_apache_conf $APACHE_CONF_REP APACHE_CONF_LOCATION_TO_TEST="${TEMPYASATDIR}/apache.conf" if [ ! -e "$APACHE_CONF_LOCATION_TO_TEST" ] ; then echo "Error no $APACHE_CONF_LOCATION_TO_TEST" return 1; fi FindValueOf "$APACHE_CONF_LOCATION_TO_TEST" "User" else RESULTAT='root' fi Display --indent 6 --text "$REPLOG " --result FOUND --color GREEN #check rights of apache on $REPLOG if [ `stat $STAT_GROUP $REPLOG` = $RESULTAT ] ; then Display --indent 8 --text "rights of $REPLOG " --result "$RESULTAT" --color GREEN else Display --indent 8 --text "rights of $REPLOG " --result WARNING --color RED fi else Display --indent 6 --text "$REPLOG " --result NOTFOUND --color RED fi fi #TODO error_reporting must be set to ?? else Display --indent 2 --text "ERROR No php_conf.data" --result ERROR --color RED --advice YASAT_BUG fi } cat $TEMPYASATDIR/php_ini_list | sort | uniq | while read php_ini_one do check_php_ini `dirname $php_ini_one` done return 0; yasat/plugins/ntp.advice0000640000175000017500000000044412457227301016071 0ustar montjoiemontjoieEN,NTPD_NO_NTPD=Install an NTP daemon You have two choices NTP http://www.ntp.org/ OpenNTPD http://www.openntpd.org/ If you have an NTP daemon installed but yasat doesn't find it, please let me know. ADVICEEND yasat/plugins/gpg.test0000640000175000017500000000724712466621523015605 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ #experimental return 0 Title "Check GPG" detect_gpg() { if [ $# -le 0 ];then Display --indent 2 --text "Missing parameter to detect_gpg" --result ERROR --color RED return 1 fi if [ ! -e "$1" ];then Display --indent 2 --text "GPG in $1" --result NOTFOUND --color BLUE return 1 fi if [ -e "$1/.gnupg/" ];then RESULTAT="$1/.gnupg/" Display --indent 2 --text "GPG in $1" --result FOUND --color BLUE return 0 fi return 1 } check_gpg_key() { if [ $# -le 0 ];then Display --indent 2 --text "Missing parameter to check_gpg_key" --result ERROR --color RED return 1 fi local readonly GPG_TMP=`mktemp` Display --indent 2 --text "Check GPG key $1" --result INFO gpg --export-options export-minimal --export $1 | gpg --list-packets > $GPG_TMP #grep version $GPG_TMP | sed 's,.*version[[:space:]]*\([0-9]\).*,\1,' local readonly ALGO=`grep -A2 'public key' $GPG_TMP |\ grep 'algo' |\ sed 's,.*algo[[:space:]]*\([0-9][0-9]*\).*,\1,'` local readonly SIZE=`grep -A2 'public key' $GPG_TMP |\ grep 'pkey\[0\]:' |\ sed 's,.*\[\([0-9][0-9]*\) bits\].*,\1,'` case $SIZE in 1024) ;; 2048) ;; 4096) ;; *) Display --indent 2 --text "Invalid size $SIZE" --result ERROR --color RED ;; esac case $ALGO in 1) if [ $SIZE -le 2048 ];then Display --indent 4 --text "RSA with insufficient size $SIZE" --result WARN --color ORANGE else Display --indent 4 --text "RSA $SIZE" --result GOOD --color GREEN fi ;; 17) if [ $SIZE -le 1024 ];then Display --indent 4 --text "DSA with insufficient size $SIZE" --result WARN --color ORANGE else Display --indent 4 --text "DSA $SIZE" --result GOOD --color GREEN fi ;; *) echo "unk" ;; esac #check for signature if [ ! -z "`grep -A 2 signature $GPG_TMP|grep 'digest algo 1,'`" ];then Display --indent 4 --text "Self signatures with MD5" --result FOUND --color ORANGE else Display --indent 4 --text "Self signatures with MD5" --result NOTFOUND --color GREEN fi if [ ! -z "`grep -A 2 signature $GPG_TMP|grep 'digest algo 2,'`" ];then Display --indent 4 --text "Self signatures with SHA1" --result FOUND --color ORANGE else Display --indent 4 --text "Self signatures with SHA1" --result NOTFOUND --color GREEN fi rm $GPG_TMP } check_gpg() { if [ $# -le 0 ];then Display --indent 2 --text "Missing parameter to check_gpg" --result ERROR --color RED return 1 fi local gpgkeyid gpg --homedir $1 -k |grep ^pub | cut -d\/ -f2 | cut -d\ -f1 | while read gpgkeyid do check_gpg_key $gpgkeyid done } my_getent ALLUSER=`grep -v '^#' ${MY_PASSWD} | cut -d\: -f6` for ihome in $ALLUSER do # echo $iuser detect_gpg "$ihome" if [ $? -eq 0 ];then check_gpg $RESULTAT fi done return 0; yasat/plugins/snmpd.advice0000640000175000017500000000031312457227301016404 0ustar montjoiemontjoieEN,SNMPD_SECMODEL_V1=If possible, use only SNMP v2 or v3 ADVICEEND EN,SNMPD_DEFAULT_COMMUNITY=Change the default community public or private is known default community, consider changing it. ADVICEEND yasat/plugins/firewall.test0000640000175000017500000001517312457227301016626 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check firewall configurations" #freebsd pf if [ "$OS_TYPE" = 'other' ] ;then Display --indent 2 --text "Your OS is not supported yet" --result TODO --color BLUE return 1 fi if [ "$OS_TYPE" = 'BSD' ] ;then which pfctl 2>> $ERROR_OUTPUT_FILE > /dev/null if [ $? -ne 0 ] then Display --indent 2 --text "pfctl" --result NOTFOUND --color RED return 1 fi FindValueOfEqual /etc/rc.conf pf_enable JUSTTEST if [ -z "$RESULTAT" -o "$RESULTAT" = no -o "$RESULTAT" = NO ] then Display --indent 2 --text "PF is not enabled in /etc/rc.conf" --result NOTFOUND --color RED --advice FIREWALL_PF_NOT_ENABLED return 1 fi if [ "$RESULTAT" != '"yes"' -a "$RESULTAT" != '"YES"' ] then Display --indent 2 --text "PF is not enabled in /etc/rc.conf" --result DISABLED --color RED --advice FIREWALL_PF_NOT_ENABLED else Display --indent 2 --text "PF is enabled in /etc/rc.conf" --result ENABLED --color GREEN fi if [ ! -e /etc/pf.conf ] then Display --indent 2 --text "/etc/pf.conf" --result NOTFOUND --color RED --advice FIREWALL_PF_NOT_ENABLE else Display --indent 2 --text "/etc/pf.conf" --result FOUND --color GREEN fi YASAT_FW_TMP="${TEMPYASATDIR}/fw" pfctl -s rules > $YASAT_FW_TMP 2>> $ERROR_OUTPUT_FILE if [ -z "`cat $YASAT_FW_TMP`" ] then Display --indent 2 --text "filter rules" --result EMPTY --color RED --advice FIREWALL_PF_NO_RULES else Display --indent 2 --text "Check BSD packet filter" --result TODO --color BLUE fi return 1 fi #linux iptables #TODO we dont detect REJECT-at-end firewall iptables > /dev/null 2>> $ERROR_OUTPUT_FILE if [ $? -eq 127 ] then Display --indent 2 --text "No iptables binary" --result WARNING --color RED return 1; else Display --indent 2 --text "Binary iptables" --result FOUND --color GREEN fi YASAT_FW_TMP="${TEMPYASATDIR}/fw" iptables -L -v -n --line-numbers > $YASAT_FW_TMP if [ $? -ge 1 ] then Display --indent 2 --text "iptables error, stopping tests" --result WARNING --color RED --advice FIREWALL_TEST_ERROR return 1; fi if [ ! -e "$YASAT_FW_TMP" ] then Display --indent 2 --text "iptables error, stopping tests" --result WARNING --color RED --advice FIREWALL_TEST_ERROR return 1; fi #On my SELinux enabled machine, iptables can output nothing (permission denied) if [ "`cat $YASAT_FW_TMP | wc -l`" -eq 0 ] ; then Display --indent 2 --text "iptables error, stopping tests" --result WARNING --color RED --advice FIREWALL_TEST_ERROR return 1 fi POLICY_INPUT="`grep 'Chain INPUT .*policy' $YASAT_FW_TMP | cut -d\ -f4`" if [ "$POLICY_INPUT" = 'DROP' ];then Display --indent 2 --text "Input policy" --result DROP --color GREEN else Display --indent 2 --text "Input policy" --result "$POLICY_INPUT" --color RED --advice FIREWALL_POLICY_INPUT fi POLICY_FORWARD="`grep 'Chain FORWARD.*policy' $YASAT_FW_TMP | cut -d\ -f4`" if [ "$POLICY_FORWARD" = 'DROP' ] then Display --indent 2 --text "Forward policy" --result DROP --color GREEN else Display --indent 2 --text "Forward policy" --result "$POLICY_FORWARD" --color RED --advice FIREWALL_POLICY_FORWARD fi POLICY_OUTPUT="`grep 'Chain OUTPUT.*policy' $YASAT_FW_TMP | cut -d\ -f4`" if [ "$POLICY_OUTPUT" = 'DROP' ] then Display --indent 2 --text "Output policy" --result DROP --color GREEN else Display --indent 2 --text "Output policy" --result "$POLICY_OUTPUT" --color RED --advice FIREWALL_POLICY_OUTPUT fi if [ -e "$YASAT_FW_TMP" ];then rm $YASAT_FW_TMP fi HOST_HAVE_IPV6=0 if [ -e /proc/sys/net/ipv6 ];then Display --indent 2 --text "IPv6" --result ENABLED --color BLUE HOST_HAVE_IPV6=1 else Display --indent 2 --text "IPv6" --result DISABLED --color BLUE fi #linux ip6tables for check IPv6 firewall ip6tables > /dev/null 2>> $ERROR_OUTPUT_FILE if [ $? -eq 127 ] then if [ $HOST_HAVE_IPV6 -eq 1 ] then Display --indent 2 --text "Host have IPv6 but no ip6tables" --result NOTFOUND --color RED --advice FIREWALL_IPV6_NO_FW return 1; else Display --indent 2 --text "No ip6tables binary" --result NOTFOUND --color BLUE fi return 1; else Display --indent 2 --text "Binary ip6tables" --result FOUND --color GREEN fi YASAT_FW_TMP="${TEMPYASATDIR}/fw" ip6tables -L -v -n --line-numbers > $YASAT_FW_TMP if [ $? -ge 1 ];then Display --indent 2 --text "ip6tables error, stopping tests" --result WARNING --color RED --advice FIREWALL_TEST_ERROR return 1; fi if [ ! -e "$YASAT_FW_TMP" ];then Display --indent 2 --text "ip6tables error, stopping tests" --result WARNING --color RED --advice FIREWALL_TEST_ERROR return 1; fi #On my SELinux enabled machine, iptables can output nothing (permission denied) if [ ! -s "$YASAT_FW_TMP" ] ; then Display --indent 2 --text "ipt6ables error, stopping tests" --result WARNING --color RED --advice FIREWALL_TEST_ERROR return 1 fi POLICY_INPUT="`grep 'Chain INPUT.*policy' $YASAT_FW_TMP | cut -d\ -f4`" if [ "$POLICY_INPUT" = 'DROP' ];then Display --indent 2 --text "Input policy for IPv6" --result DROP --color GREEN else Display --indent 2 --text "Input policy for IPv6" --result "$POLICY_INPUT" --color RED --advice FIREWALL_POLICY_INPUT fi POLICY_FORWARD="`grep 'Chain FORWARD.*policy' $YASAT_FW_TMP | cut -d\ -f4`" if [ "$POLICY_FORWARD" = 'DROP' ];then Display --indent 2 --text "Forward policy for IPv6" --result DROP --color GREEN else Display --indent 2 --text "Forward policy for IPv6" --result "$POLICY_FORWARD" --color RED --advice FIREWALL_POLICY_FORWARD fi POLICY_OUTPUT="`grep 'Chain OUTPUT.*policy' $YASAT_FW_TMP | cut -d\ -f4`" if [ "$POLICY_OUTPUT" = 'DROP' ];then Display --indent 2 --text "Output policy for IPv6" --result DROP --color GREEN else Display --indent 2 --text "Output policy for IPv6" --result "$POLICY_OUTPUT" --color RED --advice FIREWALL_POLICY_OUTPUT fi rm $YASAT_FW_TMP yasat/plugins/nfs.data0000640000175000017500000000043412457227301015533 0ustar montjoiemontjoie#nfs option,ADVICE #rw||| subtree_check,NFS_EXPORT_SUBTREE_CHECK no_subtree_check, no_root_squash,NFS_EXPORT_NO_ROOT_SQUASH sync, async, udp,NFS_EXPORT_UDP proto=udp,NFS_EXPORT_UDP tcp, proto=tcp, intr, hard, defaults, noatime, nodiratime, nodev, noexec, nosuid, noac,NFS_CLIENT_NOAC yasat/plugins/ldap.test0000640000175000017500000001322312457227301015733 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ POSSIBLE_OPENLDAP_CONF="/etc/openldap/ldap.conf /usr/local/etc/openldap/ldap.conf" OPENLDAP_CONF="/etc/openldap/ldap.conf" for LOCATION in ${POSSIBLE_OPENLDAP_CONF} do if [ -e "${LOCATION}" ] ; then OPENLDAP_CONF="${LOCATION}" fi done OPENSLAPD_CONF="`dirname $OPENLDAP_CONF`/slapd.conf" Title "Check OPENLDAP" if [ ! -e "$OPENLDAP_CONF" ] ; then return 1; fi Display --indent 2 --text "$OPENLDAP_CONF" --result FOUND --color BLUE #get_simple_right $OPENLDAP_CONF #if [ "$RESULTAT" = '644' ] ; then # Display --indent 4 --text "Right of $OPENLDAP_CONF" --result OK --color GREEN #else # Display --indent 4 --text "Right of $OPENLDAP_CONF" --result "$RESULTAT" --color RED #fi check_a_file "$OPENLDAP_CONF" 2 root root 644 if [ ! -e "$OPENSLAPD_CONF" ] then return 1; fi Display --indent 2 --text "$OPENSLAPD_CONF" --result FOUND --color GREEN #get_simple_right $OPENSLAPD_CONF #if [ "$RESULTAT" = '640' ] ; then # Display --indent 4 --text "Right of $OPENSLAPD_CONF" --result OK --color GREEN #else # Display --indent 4 --text "Right of $OPENSLAPD_CONF" --result "$RESULTAT" --color RED #fi check_a_file "$OPENSLAPD_CONF" 2 root ldap 640 #TLSCertificateFile FindValueOfEqual $OPENSLAPD_CONF TLSCertificateFile JUSTTEST if [ ! -z "$RESULTAT" ] ; then Display --indent 2 --text "TLS cert $RESULTAT" --result OK --color GREEN check_file $RESULTAT 4 CERT else Display --indent 2 --text "No cert TLS" --result ADVICE --color ORANGE --advice LDAP_NO_TLS fi #TLSCACertificateFile FindValueOfEqual $OPENSLAPD_CONF TLSCACertificateFile JUSTTEST if [ ! -z "$RESULTAT" ] ; then Display --indent 2 --text "TLS ca $RESULTAT" --result OK --color GREEN check_file $RESULTAT 4 CERT else Display --indent 2 --text "No ca TLS" --result ADVICE --color ORANGE --advice LDAP_NO_TLS fi #TLSCertificateKeyFile FindValueOfEqual $OPENSLAPD_CONF TLSCertificateKeyFile JUSTTEST if [ ! -z "$RESULTAT" ] ; then Display --indent 2 --text "TLS key $RESULTAT" --result OK --color GREEN check_file $RESULTAT 4 PRIVKEY else Display --indent 2 --text "No TLS key" --result ADVICE --color ORANGE --advice LDAP_NO_TLS fi if [ ! -z "`grep '^[[:space:]]*allow[[:space:]]bind_v2' $OPENSLAPD_CONF`" ] ; then Display --indent 2 --text "allow bind_v2" --result FOUND --color ORANGE --advice LDAP_BINDV2 fi if [ -z "`grep '^[[:space:]]*disallow[[:space:]]bind_anon' $OPENSLAPD_CONF`" ] ; then Display --indent 2 --text "disallow bind_anon" --result NOTFOUND --color ORANGE --advice LDAP_BIND_ANON else Display --indent 2 --text "disallow bind_anon" --result FOUND --color GREEN fi if [ -z "`grep '^[[:space:]]*require[[:space:]]authc' $OPENSLAPD_CONF`" ] ; then Display --indent 2 --text "require authc" --result NOTFOUND --color ORANGE --advice LDAP_REQUIRE_AUTHC else Display --indent 2 --text "require authc" --result FOUND --color GREEN fi #TODO hint for replication #clear password grep rootpw $OPENSLAPD_CONF | while read line do FOUND=0 PASS=`echo $line | sed 's/^.*rootpw[[:space:]]*//g'` if [ `echo $PASS |grep '{SHA}'` ] ; then Display --indent 2 --text "rootpw $PASS" --result SHA --color GREEN FOUND=1 fi if [ `echo $PASS |grep '{SSHA}'` ] ; then Display --indent 2 --text "rootpw $PASS" --result SSHA --color GREEN FOUND=1 fi if [ `echo $PASS |grep '{MD5}'` ] ; then Display --indent 2 --text "rootpw $PASS" --result MD5 --color GREEN FOUND=1 fi if [ `echo $PASS |grep '{SMD5}'` ] ; then Display --indent 2 --text "rootpw $PASS" --result SMD5 --color GREEN FOUND=1 fi if [ `echo $PASS |grep '{CLEARTEXT}'` ] ; then Display --indent 2 --text "rootpw $PASS" --result CLEARTEXT --color RED --advice LDAP_PASSWD_CLEAR FOUND=1 fi if [ `echo $PASS |grep '{CRYPT}'` ] ; then Display --indent 2 --text "rootpw $PASS" --result CRYPT --color GREEN FOUND=1 fi if [ $FOUND -eq 0 ] ; then Display --indent 2 --text "rootpw " --result CLEARTEXT --color RED --advice LDAP_PASSWD_CLEAR fi done #try to find under which user openldap is running LDAPUSER='' LDAPUSER="`ps aux | grep slapd |grep -v grep | cut -d\ -f1`" if [ -z "$LDAPUSER" ] ; then LDAPUSER='ldap' fi #ubuntu use /var/lib/slapd/ #gentoo use /var/lib/openldap-data/ #redhat use /var/lib/ldap for ldapdata in /var/lib/slapd/ /var/lib/openldap-data/ do if [ -e "${ldapdata}" ] ; then Display --indent 2 --text "LDAP DATA $ldapdata" --result FOUND --color GREEN TMP_RESULT="${TEMPYASATDIR}/slapd.cdo" check_directory_owner $ldapdata "$LDAPUSER" $TMP_RESULT 4 TMP_RESULT="${TEMPYASATDIR}/slapd.cdg" check_directory_group $ldapdata "$LDAPUSER" $TMP_RESULT 4 TMP_RESULT="${TEMPYASATDIR}/slapd.cdother" #TODO better advice check_directory_others $ldapdata $TMP_RESULT 4 GLOBAL_FILE_OTHER_READABLE fi done return 0; yasat/plugins/sensors.advice0000640000175000017500000000203412457227301016761 0ustar montjoiemontjoieEN,TEMP_SENSORS=Install lm_sensors to monitor temperature. See www.lm-sensors.org ADVICEEND EN,IPMI_NO_BINARY=Install freeipmi/openipmi/ipmitool on a server If this machine is a server install freeipmi/openipmi/ipmitool for monitoring. See http://www.gnu.org/software/freeipmi/ See http://openipmi.sourceforge.net/ See http://ipmitool.sourceforge.net/ ADVICEEND EN,IPMI_BAD_SNMP_COMM=Change this community string Your community string is a default one, consider changing it. ADVICEEND EN,TEMP_SENSOR_PROGRAM_UNK=I don't know the temperature monitoring program for your OS I know only lm_sensors for Linux, on your OS I do not know any temperature monitoring program. If you know another, please tell me so I can add it to the tests. Thanks. ADVICEEND EN,MCELOG_TOOL=Install mcetool For decoding MCE events you will need the mcelog tool ADVICEEND yasat/plugins/squid.ports0000640000175000017500000000011512457227301016324 0ustar montjoiemontjoie#acl we dont want 70,allow 210,allow 280,allow 488,allow 591,allow 777,allow yasat/plugins/mysql.advice0000640000175000017500000000246512457227301016442 0ustar montjoiemontjoieEN,MYSQL_CONF_BIND=If possible, mysql should listen only on localhost EN,MYSQL_CONF_NO_SLOWQUERY_LOG=Log slow query See http://dev.mysql.com/doc/refman/5.0/en/slow-query-log.html ADVICEEND EN,MYSQL_CONF_BINLOGS=Are the binlogs useful to you ? Binlogs are used for master/slave replication. They can also be used for backups. If you don't use binlogs, disable them. ADVICEEND EN,MYSQL_CONF_NO_EXPIRELOGSDAYS=Set an expire_logs_days Binlogs can fill your storages if they aren't cleaned. Use expire_logs_days to control how much binlogs you want. See http://dev.mysql.com/doc/refman/5.0/en/server-system-variables.html#sysvar_expire_logs_days ADVICEEND EN,MYSQL_RUN_AS_ROOT=mysqld must not be run as root Create a non-root unprivileged user for running mysqld. ADVICEEND EN,MYSQL_USER_HAVE_SHELL=Mysqld user must not have a shell Set a non-shell setting for mysql user, like /bin/false or /bin/nologin ADVICEEND EN,MYSQL_LOG=Disable request log Be aware that this log type is a performance killer. See http://dev.mysql.com/doc/refman/5.0/en/query-log.html ADVICEEND yasat/plugins/network.data0000640000175000017500000000307712457227301016444 0ustar montjoiemontjoie#PATH | value | comparator | advice | NSAG | CCEID net.ipv4.icmp_echo_ignore_broadcasts|1|=|NETWORK_ICMP_ECHO_IGNORE_BROADCASTS|2.5.1.2|3644-2 net.ipv4.tcp_fin_timeout|60|<|NETWORK_FIN_TIMEOUT net.ipv4.icmp_ignore_bogus_error_responses|1|=|NETWORK_IGNORE_BOGUS_ERROR_RESPONSES|2.5.1.2|4133-5 net.ipv4.conf.all.accept_redirects|0|=|NETWORK_CONF_ALL_ACCEPT_REDIRECTS|2.5.1.2|4217-6 net.ipv4.conf.default.accept_redirects|0|=|NETWORK_CONF_DEFAULT_ACCEPT_REDIRECTS|2.5.1.2|4186-3 net.ipv4.tcp_syncookies|1|=|NETWORK_TCP_SYNCOOKIES|2.5.1.2|4265-5 net.ipv4.conf.all.accept_source_route|0|=|NETWORK_CONF_ALL_ACCEPT_SOURCE_ROUTE|2.5.1.2|4236-6 net.ipv4.conf.default.accept_source_route|0|=|NETWORK_CONF_DEFAULT_ACCEPT_SOURCE_ROUTE|2.5.1.2|4091-5 net.ipv4.conf.all.rp_filter|1|=|NETWORK_CONF_ENABLE_IP_SPOOFING_PROTECTION|2.5.1.2|4080-8 net.ipv4.conf.default.rp_filter|1|=|NETWORK_CONF_ENABLE_IP_SPOOFING_PROTECTION|2.5.1.2|3840-6 net.ipv4.conf.default.send_redirects|0|=|NETWORK_CONF_TODO|2.5.1.1|4155-8 net.ipv4.conf.all.send_redirects|0|=|NETWORK_CONF_TODO|2.5.1.1|4151-7 net.ipv4.ip_forward|0|=|NETWORK_CONF_TODO|2.5.1.1|3561-8 net.ipv4.conf.all.secure_redirects|0|=|TODO|2.5.1.2|3472-8 net.ipv4.conf.default.secure_redirects|0|=|TODO|2.5.1.2|3339-9 net.ipv4.conf.all.log_martians|1|=|TODO|2.5.1.2|4320-8 #net.ipv6.conf.default.router_solicitations|0|= #net.ipv6.conf.default.accept_ra_rtr_pref|0|= #net.ipv6.conf.default.accept_ra_pinfo|0|= #net.ipv6.conf.default.accept_ra_defrtr|0|= #net.ipv6.conf.default.autoconf|0|= #net.ipv6.conf.default.dad_transmits|0|= #net.ipv6.conf.default.max_addresses|0|= yasat/plugins/proftpd.test0000640000175000017500000000273612457227301016500 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check Proftpd configurations" #TODO RootLogin a off #TimeoutNoTransfer TimeoutStalled TimeoutIdle Umask SystemLog ExtendedLog TransferLog ServerLog #TODO check TLSPassPhraseProvider script POSSIBLE_PROFTPD_CONF="/etc/proftpd/proftpd.conf /usr/local/etc/proftpd.conf /etc/proftpd.conf" PROFTPD_CONF="/etc/proftpd/proftpd.conf" for LOCATION in ${POSSIBLE_PROFTPD_CONF} do if [ -e "${LOCATION}" ] ; then PROFTPD_CONF="${LOCATION}" fi done yasat/plugins/dns.test0000750000175000017500000002573512466625664015632 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ POSSIBLE_BIND_CONF="/etc/bind/named.conf /etc/named.conf /etc/named/named.conf /var/named/etc/named.conf" #full path to bind conf BIND_CONF='' #directory where bind is chrooted (must end with a /) BIND_CHROOT_DIR='' #full path to filtered bind conf BIND_CONF_LOCATION_TO_TEST='' NAMED_USER='named' #default, under debian it is bind NAMED_GROUP='named' # TODO gentoo: find chroot in /etc/conf.d/named Title "Check dns and bind conf" # we check first all way to find if bind is in a chroot if [ -e /etc/default/bind9 ] ; then NAMED_USER=`grep 'OPTIONS=' /etc/default/bind9 | cut -d\" -f2 |sed 's,.*-u,,g' | cut -d\ -f2` NAMED_GROUP_ID="`grep ^${NAMED_USER}: /etc/passwd|cut -d\: -f4`" if [ ! -z $NAMED_GROUP_ID ];then NAMED_GROUP="`grep :${NAMED_GROUP_ID}: /etc/group | cut -d\: -f1`" fi fi TESTNAME='YASAT_TEST_BIND_PROCESS Check if bind is running' find_process '/usr/.*bin/named' nonroot ret=$? if [ $ret -ge 1 ];then if [ $ret -ge 2 ];then Display --indent 2 --text "Number of bind running is high" --result "$ret" --color ORANGE else NAMED_USER="$FIND_PROCESS_USER" fi TESTNAME='YASAT_TEST_BIND_CHROOT NSAG=3.14.3.2 CCEID=3985-9,4487-5,4258-0 Run DNS Software in a chroot Jail' detect_chroot ret=$? if [ $ret -eq 0 ];then Display --indent 2 --text "Bind is not chrooted" --result INFO --color BLUE Compliance --result KO --plugin dns --nsag 3.14.3.2 --cce 3985-9 --cce 4487-5 --cce 4258-0 else if [ $ret -eq 2 ];then Compliance --result NOTTESTED --plugin dns --nsag 3.14.3.2 --cce 3985-9 --cce 4487-5 --cce 4258-0 else Display --indent 2 --text "Bind is chrooted in $BIND_CHROOT_DIR" --result GOOD --color GREEN Compliance --result OK --plugin dns --nsag 3.14.3.2 --cce 3985-9 --cce 4487-5 --cce 4258-0 fi fi fi for LOCATION in ${POSSIBLE_BIND_CONF} do if [ -e "${SCAN_ROOT}${BIND_CHROOT_DIR}${LOCATION}" ] ;then BIND_CONF="${SCAN_ROOT}${BIND_CHROOT_DIR}${LOCATION}" BIND_CONF_DIR="`dirname $BIND_CONF`" fi done if [ -z "$BIND_CONF" ];then TESTNAME='YASAT_TEST_BIND_DISABLE NSAG=3.14.1 CCEID=3578-2,4219-2 Disable DNS Server if Possible' Compliance --result OK --plugin dns --nsag 3.14.1 --cce 3578-2 --cce 4219-2 return 0 fi prepare_bind_conf "$BIND_CONF" "$BIND_CONF_DIR" if [ $? -ne 0 ];then return 1 fi BIND_CONF_LOCATION_TO_TEST="${TEMPYASATDIR}/named.conf" if [ ! -e "$BIND_CONF_LOCATION_TO_TEST" ] ;then echo "ERROR: no $BIND_CONF_LOCATION_TO_TEST" return 1; fi TESTNAME='YASAT_TEST_BIND_DISABLE NSAG=3.14.1 CCEID=3578-2,4219-2 Disable DNS Server if Possible' if [ "$SCAN_PROFILE" = 'desktop' ];then Display --indent 2 --text "Do you need a DNS server" --result INFO --color ORANGE Compliance --result KO --plugin dns --nsag 3.14.1 --cce 3578-2 --cce 4219-2 else Compliance --result NOTTESTED --plugin dns --nsag 3.14.1 --cce 3578-2 --cce 4219-2 fi TESTNAME='YASAT_TEST_BIND_FIREWALL NSAG=3.14.3.3 Configure Firewalls to Protect the DNS Server' Compliance --result NOTIMPL --plugin dns --nsag 3.14.3.3 TESTNAME='YASAT_TEST_BIND_SEPARATEDNS NSAG=3.14.4.1 Run Separate DNS Servers for External and Internal Queries if Possible' Compliance --result NOTIMPL --plugin dns --nsag 3.14.4.1 TESTNAME='YASAT_TEST_BIND_TODO1 NSAG=3.14.4.2 Use Views to Partition External and Internal Information if Necessary' Compliance --result NOTIMPL --plugin dns --nsag 3.14.4.2 TESTNAME='YASAT_TEST_BIND_DISABLE_ZONE_TRANSFERS NSAG=3.14.4.3 Disable Zone Transfers from the Nameserver if Possible' Compliance --result NOTIMPL --plugin dns --nsag 3.14.4.3 TESTNAME='YASAT_TEST_BIND_AUTH_TRANSFERS NSAG=3.14.4.4 Authenticate Zone Transfers if Necessary' Compliance --result NOTIMPL --plugin dns --nsag 3.14.4.4 TESTNAME='YASAT_TEST_BIND_DISABLE_DYNAMIC_UPDATES NSAG=3.14.4.5 CCEID=4399-2 Disable Dynamic Updates if Possible' #all allow-update must be set to none in_allow_update=0 bind_dynamic_update=0 while read bind_line do if [ $in_allow_update -eq 1 ];then echo $bind_line | grep -v 'none' | grep -q '[a-z0-9A-Z]' if [ $? -eq 0 ];then #echo "ALLOW_UPDATE $bind_line" bind_dynamic_update=1 fi fi if [ "$bind_line" = 'allow-update' ];then #echo "Found allow-update" in_allow_update=1 fi echo $bind_line | grep -q '}' if [ $? -eq 0 ];then in_allow_update=0 fi done < $BIND_CONF_LOCATION_TO_TEST if [ $bind_dynamic_update -eq 0 ];then Display --indent 2 --text "Dynamic Updates are disabled" --result GOOD --color GREEN Compliance --result OK --plugin dns --nsag 3.14.4.5 --cce 4399-2 else Display --indent 2 --text "Dynamic Updates are enabled" --result INFO --color BLUE Compliance --result KO --plugin dns --nsag 3.14.4.5 --cce 4399-2 fi TESTNAME='YASAT_TEST_BIND_VERSION Check that bind hide its version' FindValueOf $BIND_CONF_LOCATION_TO_TEST version JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "Hiding version" --result NOTFOUND --color RED --advice BIND_HIDE_VERSION --comp KO dns else is_equal "$RESULTAT" 'none' -i -f '[[:space:]]*;' -f '"' if [ $? -eq 0 ];then Display --indent 2 --text "Hiding version (set to none)" --result FOUND --color GREEN --comp OK dns else Display --indent 2 --text "Hiding version" --result "$RESULTAT" --color ORANGE --advice BIND_HIDE_VERSION --comp KO dns fi fi TESTNAME='YASAT_TEST_BIND_HOSTNAME Check that bind hide its hostname' FindValueOf $BIND_CONF_LOCATION_TO_TEST hostname JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "Hiding hostname" --result NOTFOUND --color RED --advice BIND_HIDE_HOSTNAME --comp KO dns else is_equal "$RESULTAT" 'none' -i -f '[[:space:]]*;' -f '"' if [ $? -eq 0 ];then Display --indent 2 --text "Hiding hostname (set to none)" --result FOUND --color GREEN --comp OK dns else Display --indent 2 --text "Hiding hostname" --result "$RESULTAT" --color ORANGE --advice BIND_HIDE_HOSTNAME --comp KO dns fi fi TESTNAME='YASAT_TEST_BIND_SERVERID Check that server-id is disabled' #server-id is none by default according to docs FindValueOf $BIND_CONF_LOCATION_TO_TEST server-id JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "Hiding server-id" --result NOTFOUND --color GREEN --comp OK dns else is_equal "$RESULTAT" 'none' -i -f '[[:space:]]*;' if [ $? -eq 0 ];then Display --indent 2 --text "Hiding server-id" --result FOUND --color GREEN --comp OK dns else Display --indent 2 --text "Hiding server-id" --result "$RESULTAT" --color ORANGE --advice BIND_HIDE_SERVERID --comp KO dns fi fi #max-cache-size xxx; FindValueOf $BIND_CONF_LOCATION_TO_TEST max-cache-size JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "Set max-cache-size" --result NOTFOUND --color RED --advice BIND_MAX_CACHE_SIZE else Display --indent 2 --text "max-cache-size set at" --result "$RESULTAT" --color GREEN fi TESTNAME='YASAT_TEST_BIND_RECURSIVE_QUERY Check if the bind server allow recursive query' ALLOW_PUBLIC_RECURSION=1 FindValueOf $BIND_CONF_LOCATION_TO_TEST recursion JUSTTEST if [ "$RESULTAT" = "no" ];then Display --indent 2 --text "Restrict recursive query" --result FOUND --color GREEN --comp OK dns ALLOW_PUBLIC_RECURSION=0 fi RECURSION=0 for i in `cat $BIND_CONF_LOCATION_TO_TEST` do if [ "$i" = "allow-recursion" ] ;then RECURSION=1 ALLOW_PUBLIC_RECURSION=0 Display --indent 2 --text "Restrict recursive query" --result FOUND --color GREEN --comp OK dns fi if [ "$i" = "};" ] ;then RECURSION=0 fi done if [ $ALLOW_PUBLIC_RECURSION -eq 1 ] ; then Display --indent 2 --text "Restrict recursive query" --result ERROR --color RED --advice BIND_DISALLOW_RECURSIVE_QUERY --comp KO dns fi #allow-query-cache {mynetworks;}; #http://www.bortzmeyer.org/fermer-les-recursifs-ouverts.html #additional-from-cache no. TESTNAME='YASAT_TEST_BIND_DNSSEC_ENABLE Check if DNSSEC is enabled' FindValueOf $BIND_CONF_LOCATION_TO_TEST dnssec-enable JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "dnssec-enable" --result NOTFOUND --color ORANGE --advice BIND_ENABLE_DNSSEC_VALIDATION --comp KO dns else is_equal "$RESULTAT" 'yes' -i -f '[[:space:]]*;' if [ $? -eq 0 ];then Display --indent 2 --text "dnssec-enable" --result FOUND --color GREEN --comp OK dns else Display --indent 2 --text "dnssec-enable" --result "$RESULTAT" --color ORANGE --advice BIND_ENABLE_DNSSEC_VALIDATION --comp KO dns fi fi TESTNAME='YASAT_TEST_BIND_DNSSEC_VALIDATION Check if DNSSEC validation is enabled' FindValueOf $BIND_CONF_LOCATION_TO_TEST dnssec-validation JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "dnssec-validation" --result NOTFOUND --color ORANGE --comp KO dns else is_equal "$RESULTAT" 'yes' -i -f '[[:space:]]*;' -2 'auto' if [ $? -eq 0 ];then Display --indent 2 --text "dnssec-validation" --result FOUND --color GREEN --comp OK dns else Display --indent 2 --text "dnssec-validation" --result "$RESULTAT" --color ORANGE --advice BIND_ENABLE_DNSSEC_VALIDATION --comp KO dns fi fi TESTNAME='YASAT_TEST_BIND_PKG Check if bind is installed via a package manager' Is_installed_via_package_manager $BIND_PACKAGE_NAME if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] ; then Display --indent 2 --text "$BIND_PACKAGE_NAME installation" --result UNKNOWN --color BLUE --comp NOTTESTED dns else if [ "$RESULTAT" = "yes" ] then Display --indent 2 --text "$BIND_PACKAGE_NAME is installed by package" --result GOOD --color GREEN --comp OK dns else Display --indent 2 --text "$BIND_PACKAGE_NAME is installed at hand" --result BAD --color ORANGE --advice GLOBAL_PACKAGE_INSTALLED_AT_HAND --comp KO dns fi fi while read named_conf do check_a_file "$named_conf" 2 root $NAMED_GROUP 640 done < "$TEMPYASATDIR/named.filelist" TMP_RESULT="${TEMPYASATDIR}/bind_var.out" #check right of /var/bind/ of /var/named #if [ -d /var/bind/ ] ; then # check_directory_owner /var/bind/ $NAMED_USER $TMP_RESULT 4 #fi #TODO test version with dig @localhost version.bind chaos txt return 0; yasat/plugins/vsftpd.test0000640000175000017500000002221312457720446016330 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ VSFTPD_CONF="/etc/vsftpd/vsftpd.conf" POSSIBLE_VSFTPD_CONF="/etc/vsftpd/vsftpd.conf /etc/vsftpd.conf /usr/local/etc/vsftpd/vsftpd.conf" for LOCATION in ${POSSIBLE_VSFTPD_CONF} do if [ -e "$SCAN_ROOT/${LOCATION}/" ] ;then VSFTPD_CONF="$SCAN_ROOT/${LOCATION}" fi done Title "Check vsftpd" if [ ! -e "$VSFTPD_CONF" ] ;then TESTNAME='YASAT_TEST_VSFTPD NSAG=3.15.1 CCEID=3919-8,14881-7 Disable vsftpd if Possible' Compliance --result OK --plugin vsftpd --nsag 3.15.1 --cce 3919-8 --cce 14881-7 return 1; fi TESTNAME='YASAT_TEST_VSFTPD_TODO NSAG=3.15.1 CCEID=3919-8,14881-7 Disable vsftpd if Possible' Compliance --result NOTTESTED --plugin vsftpd --nsag 3.15.1 --cce 3919-8 --cce 14881-7 TESTNAME='YASAT_TEST_VSFTPD_TODO NSAG=3.15.3.1 CCEID=4549-2 Enable Logging of All FTP Transactions' Compliance --result NOTTESTED --plugin vsftpd --nsag 3.15.1 --cce 3919-8 --cce 14881-7 TESTNAME='YASAT_TEST_VSFTPD_TODO NSAG=3.15.3.2 CCEID=4554-2 Create Warning Banners for All FTP Users' Compliance --result NOTIMPL --plugin vsftpd --nsag 3.15.3.2 --cce 4554-2 TESTNAME='YASAT_TEST_VSFTPD_TODO NSAG=3.15.3.3.1 CCEID=4443-8 Restrict Access to Anonymous Users if Possible' Compliance --result NOTTESTED --plugin vsftpd --nsag 3.15.3.3.1 --cce 4443-8 TESTNAME='YASAT_TEST_VSFTPD_TODO NSAG=3.15.3.3.2 Limit Users Allowed FTP Access if Necessary' Compliance --result NOTIMPL --plugin vsftpd --nsag 3.15.3.3.2 TESTNAME='YASAT_TEST_VSFTPD_TODO NSAG=3.15.3.4 Disable FTP Uploads if Possible' Compliance --result NOTIMPL --plugin vsftpd --nsag 3.15.3.4 --cce 4461-0 TESTNAME='YASAT_TEST_VSFTPD_TODO NSAG=3.15.3.6 Configure Firewalls to Protect the FTP Server' Compliance --result NOTIMPL --plugin vsftpd --nsag 3.15.3.6 TESTNAME='YASAT_TEST_VSFTP1 Check if anonymous access is enabled' FindValueOfEqual $VSFTPD_CONF anonymous_enable JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "anonymous access enabled by default" --result WARNING --color RED --advice VSFTPD_ANONYMOUS_LOGIN else echo $RESULTAT | grep -qi 'yes' if [ $? -eq 1 ] ;then Display --indent 2 --text "no anonymous access" --result OK --color GREEN else Display --indent 2 --text "Anonymous access" --result WARNING --color RED --advice VSFTPD_ANONYMOUS_LOGIN fi fi TESTNAME='YASAT_TEST_VSFTP2 Check if anonymous can upload' FindValueOfEqual $VSFTPD_CONF anon_upload_enable JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "no anon_upload_enable" --result OK --color GREEN else echo $RESULTAT | grep -qi 'yes' if [ $? -eq 1 ] ;then Display --indent 2 --text "no anon_upload_enable" --result OK --color GREEN else Display --indent 2 --text "anon_upload_enable" --result WARNING --color RED --advice VSFTPD_ANONYMOUS_UPLOAD fi fi TESTNAME='YASAT_TEST_VSFTP3 Check if ascii_upload_enable is enabled' FindValueOfEqual $VSFTPD_CONF ascii_upload_enable JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "no ascii_upload_enable" --result OK --color GREEN else echo $RESULTAT | grep -qi 'yes' if [ $? -eq 1 ] ;then Display --indent 2 --text "no ascii_upload_enable" --result OK --color GREEN else Display --indent 2 --text "ascii_upload_enable" --result WARNING --color RED --advice VSFTPD_ANONYMOUS_ASCII fi fi TESTNAME='YASAT_TEST_VSFTP4 Check if ascii_download_enable is enabled' FindValueOfEqual $VSFTPD_CONF ascii_download_enable JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "no ascii_download_enable" --result OK --color GREEN else echo $RESULTAT | grep -qi 'yes' if [ $? -eq 1 ] ;then Display --indent 2 --text "no ascii_download_enable" --result OK --color GREEN else Display --indent 2 --text "ascii_download_enable" --result WARNING --color RED --advice VSFTPD_ANONYMOUS_ASCII fi fi LOGENABLED='NO' TESTNAME='YASAT_TEST_VSFTP5 Check if xferlog is enabled' FindValueOfEqual $VSFTPD_CONF xferlog_enable JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "No xferlog_enable" --result WARNING --color RED --advice VSFTPD_ANONYMOUS_NO_XFERLOG else if [ "$RESULTAT" = "yes" -o "$RESULTAT" = "YES" ] ;then Display --indent 2 --text "xferlog_enable" --result OK --color GREEN LOGENABLED='YES' # else # Display --indent 2 --text "xferlog_enable not enabled" --result WARNING --color RED --advice VSFTPD_ANONYMOUS_NO_XFERLOG fi fi TESTNAME='YASAT_TEST_VSFTP6 Check if syslog_enable is enabled' FindValueOfEqual $VSFTPD_CONF syslog_enable JUSTTEST if [ ! -z "$RESULTAT" ] ;then if [ "$RESULTAT" = "yes" -o "$RESULTAT" = "YES" ] ;then Display --indent 2 --text "syslog_enable" --result OK --color GREEN LOGENABLED='YES' fi fi TESTNAME='YASAT_TEST_VSFTP7 Check if any log system is enabled' if [ $LOGENABLED = 'NO' ] ;then Display --indent 2 --text "No log system" --result WARNING --color RED --advice VSFTPD_ANONYMOUS_NO_XFERLOG fi #FindValueOfEqual $VSFTPD_CONF xferlog_file JUSTTEST #if [ -z "$RESULTAT" ] #then # Display --indent 2 --text "No xferlog_file" --result WARNING --color RED --advice VSFTPD_ANONYMOUS_NO_XFERLOG #else # Display --indent 2 --text "xferlog_file" --result "$RESULTAT" --color GREEN #fi #FindValueOfEqual $VSFTPD_CONF vsftpd_log_file JUSTTEST #if [ -z "$RESULTAT" ] #then # Display --indent 2 --text "No vsftpd_log_file" --result WARNING --color RED --advice VSFTPD_ANONYMOUS_NO_XFERLOG #else # Display --indent 2 --text "vsftpd_log_file" --result "$RESULTAT" --color GREEN #fi TESTNAME='YASAT_TEST_VSFTP8 Check if local user are chrooted' FindValueOfEqual $VSFTPD_CONF chroot_local_user JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 2 --text "no chroot_local_user" --result WARNING --color ORANGE --advice VSFTPD_ANONYMOUS_NOCHROOTLOCAL else if [ "$RESULTAT" = "yes" -o "$RESULTAT" = "YES" ] ;then Display --indent 2 --text "chroot_local_user" --result OK --color GREEN else Display --indent 2 --text "No chroot_local_user" --result WARNING --color RED --advice VSFTPD_ANONYMOUS_NOCHROOTLOCAL fi fi TESTNAME='YASAT_TEST_VSFTP9 Check if a banner_file is present' FindValueOfEqual $VSFTPD_CONF banner_file JUSTTEST if [ ! -z "$RESULTAT" ] ;then Display --indent 2 --text "banner_file" --result FOUND --color GREEN check_file "$RESULTAT" 4 'NORMAL' fi TESTNAME='YASAT_TEST_VSFTP10 Check if a DSA certificate is used' FindValueOfEqual $VSFTPD_CONF dsa_cert_file JUSTTEST if [ ! -z "$RESULTAT" ] ;then Display --indent 2 --text "SSL $RESULTAT" --result FOUND --color GREEN check_certificate $RESULTAT 4 fi TESTNAME='YASAT_TEST_VSFTP11 Check if a DSA private key is used' FindValueOfEqual $VSFTPD_CONF dsa_private_key_file JUSTTEST if [ ! -z "$RESULTAT" ] ;then Display --indent 2 --text "SSL $RESULTAT" --result FOUND --color GREEN check_file $RESULTAT 4 PRIVKEY fi TESTNAME='YASAT_TEST_VSFTP12 Check if a RSA certificate is used' FindValueOfEqual $VSFTPD_CONF rsa_cert_file JUSTTEST if [ ! -z "$RESULTAT" ] ;then Display --indent 2 --text "SSL $RESULTAT" --result FOUND --color GREEN check_certificate $RESULTAT 4 fi TESTNAME='YASAT_TEST_VSFTP13 Check if a RSA private key is used' FindValueOfEqual $VSFTPD_CONF rsa_private_key_file JUSTTEST if [ ! -z "$RESULTAT" ] ;then Display --indent 2 --text "SSL $RESULTAT" --result FOUND --color GREEN check_file "$RESULTAT" 4 PRIVKEY fi TESTNAME='YASAT_TEST_VSFTP14 Check if SSLv2 is enabled' FindValueOfEqual $VSFTPD_CONF ssl_sslv2 JUSTTEST if [ ! -z "$RESULTAT" ] ;then if [ "$RESULTAT" = 'YES' -o "$RESULTAT" = 'yes' ];then Display --indent 2 --text "SSLv2 is enabled" --result FOUND --color RED --advice SSL_PROTOCOL_SSLV2 else Display --indent 2 --text "SSLv2 is disabled" --result NOTFOUND --color GREEN fi else Display --indent 2 --text "SSLv2 is not enabled" --result NOTFOUND --color GREEN fi TESTNAME='YASAT_TEST_VSFTP15 Check if SSLv3 is enabled' FindValueOfEqual $VSFTPD_CONF ssl_sslv3 JUSTTEST if [ ! -z "$RESULTAT" ] ;then if [ "$RESULTAT" = 'YES' -o "$RESULTAT" = 'yes' ];then Display --indent 2 --text "SSLv3 is enabled" --result FOUND --color RED --advice SSL_PROTOCOL_SSLV3 else Display --indent 2 --text "SSLv3 is disabled" --result NOTFOUND --color GREEN fi else Display --indent 2 --text "SSLv3 is not enabled" --result NOTFOUND --color GREEN fi #TODO check all files #TODO enable_ssl #TODO force_local_logins_ssl #TODO force_local_data_ssl #TODO ssl_ciphers default is good return 0; yasat/plugins/puppet.test0000640000175000017500000000404512457227301016332 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ POSSIBLE_PUPPET_CONF="/etc/puppet/puppet.conf /usr/local/etc/puppet/puppet.conf" PUPPET_CONF="/etc/puppet/puppet.conf" for LOCATION in ${POSSIBLE_PUPPET_CONF} do if [ -e "${LOCATION}" ] ;then PUPPET_CONF="${LOCATION}" fi done PUPPET_CONF="`dirname $PUPPET_CONF`/puppet.conf" Title "Check Puppet" if [ ! -e "$PUPPET_CONF" ];then return 1; fi #TODO puppet user Display --indent 2 --text "$PUPPET_CONF" --result FOUND --color GREEN get_simple_right "$PUPPET_CONF" if [ "$RESULTAT" = '640' ];then Display --indent 4 --text "Right of $PUPPET_CONF" --result OK --color GREEN else Display --indent 4 --text "Right of $PUPPET_CONF" --result "$RESULTAT" --color RED --advice GLOBAL_FILE_CHMOD640 fi FindValueOf "$PUPPET_CONF" request_header_max_size JUSTTEST if [ -z "$RESULTAT" ];then RESULTAT=20 fi if [ "$RESULTAT" -le 20 ];then Display --indent 4 --text "request_header_max_size <= 20kb" --result GOOD --color GREEN else Display --indent 4 --text "request_header_max_size > 20kb" --result BAD --color ORANGE fi return 0; yasat/plugins/TODO0000640000175000017500000000202612457227301014601 0ustar montjoiemontjoie- nagios - change definition by declaration (Missing declaration of) - change != by (want value) - Correct my ugly english - Do an entry description on each plugin - Create an option for changing temporary yasat files location (not ~./yasat) (use also yasat_tmp) - Delete all temporary files after execution - Add a criticity parameter to display for future filter - Do a check_directory_owner like check_directory_group - bashims to correct (. instead of source, echo -e) - Variable for blacklist some plugins - Create a log of "bugs/errors" of yasat - check cron.deny at.deny and their .allow - check rpmold dpkg-old dpkg-newrpmnew etc... - Produce a list of commands to correct problems like chmod sed etc.. - All errors must be redirected to ERROR_OUTPUT_FILE (to be finished) - /etc/security/opasswd - /etc/malloc.conf - mixed lowcase/highcase variable name - Use $# instead of lots of -z "$x" - exec script passphrase apache mode test - php admin dir php_init value - Poodle SSLv3 http://seenthis.net/messages/302666 yasat/plugins/snmpd.test0000640000175000017500000001016412457227301016135 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check snmpd configuration" for LOCATION in ${POSSIBLE_SNMP_DAEMON_CONFIG_LOCATION} do if [ -e "${LOCATION}/snmpd.conf" ] ; then SNMPD_CONF_REP="${LOCATION}" fi done if [ ! -d $SNMPD_CONF_REP ] ; then Display --indent 2 --text "$SNMPD_CONF_REP" --result NOTFOUND --color BLUE return 1; fi Display --indent 2 --text "find $SNMPD_CONF_REP/snmpd.conf" --result FOUND --color GREEN #find com2sec for finding password le 3eme champ doit etre != default grep -v '^#' "${SNMPD_CONF_REP}/snmpd.conf" | grep 'com2sec' | while read line do # echo " $line" | sed 's/[[:space:]]/\ /g' SECNAME=`echo $line | cut -d\ -f2` SOURCE=`echo $line | cut -d\ -f3` COMMUNITY="`echo $line | cut -d\ -f4`" if [ -z "`echo $COMMUNITY | grep -iE 'public|private|snmp'`" ] ; then Display --indent 4 --text "COMMUNITY" --result "$COMMUNITY" --color GREEN else Display --indent 4 --text "COMMUNITY" --result "$COMMUNITY" --color RED --advice SNMPD_DEFAULT_COMMUNITY fi if [ "$SOURCE" != "default" ] ; then Display --indent 4 --text "SOURCE" --result "$SOURCE" --color GREEN else Display --indent 4 --text "SOURCE" --result "$SOURCE" --color RED fi done grep -v '^#' "${SNMPD_CONF_REP}/snmpd.conf" | grep '^[[:space:]]*group' | while read line do echo " $line" | sed 's/[[:space:]]/\ /g' SECMODEL=`echo $line | cut -d\ -f3` if [ "$SECMODEL" != "v1" ] then Display --indent 4 --text "SECMODEL" --result "$SECMODEL" --color GREEN else Display --indent 4 --text "SECMODEL" --result "$SECMODEL" --color RED --advice SNMPD_SECMODEL_V1 fi done grep -v '^#' "${SNMPD_CONF_REP}/snmpd.conf" | grep 'access' | while read line do echo " $line" | sed 's/[[:space:]]/\ /g' LEVEL=`echo $line | cut -d\ -f4` WRITE=`echo $line | cut -d\ -f8` if [ "$LEVEL" != "any" -a $LEVEL != "v1" ] then Display --indent 4 --text "LEVEL" --result "$LEVEL" --color GREEN else Display --indent 4 --text "LEVEL" --result "$LEVEL" --color RED fi if [ "$WRITE" != "all" ] then Display --indent 4 --text "WRITE" --result "$WRITE" --color GREEN else Display --indent 4 --text "WRITE" --result "$WRITE" --color RED fi done #TODO check binding of snmpd #TODO Check include of others files Check_auto_start $SNMPD_PACKAGE_NAME if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] then Display --indent 2 --text "$SNMPD_PACKAGE_NAME is started at boot" --result UNKNOWN --color BLUE else if [ "$RESULTAT" = "yes" ] then Display --indent 2 --text "$SNMPD_PACKAGE_NAME is started at boot" --result YES --color BLUE else Display --indent 2 --text "$SNMPD_PACKAGE_NAME is started at boot" --result NO --color GREEN fi fi Is_installed_via_package_manager $SNMPD_PACKAGE_NAME if [ "$RESULTAT" = 'NOTIMPLEMENTED' -o "$RESULTAT" = 'ERROR' ] then Display --indent 2 --text "$SNMPD_PACKAGE_NAME installation" --result UNKNOWN --color BLUE else if [ "$RESULTAT" = "yes" ] then Display --indent 2 --text "$SNMPD_PACKAGE_NAME is installed by package" --result GOOD --color GREEN else Display --indent 2 --text "$SNMPD_PACKAGE_NAME is installed at hand" --result BAD --color ORANGE --advice GLOBAL_PACKAGE_INSTALLED_AT_HAND fi fi return 0; yasat/plugins/squid.advice0000640000175000017500000000222612457227301016415 0ustar montjoiemontjoieEN,SQUID_USER_BAD_SHELL=squid must not have a shell Set a non-shell setting to squid user like /bin/false or /bin/nologin
usermod -s /bin/false squid
ADVICEEND EN,SQUID_HIDE_VERSION=Hide the squid version Enable httpd_suppress_version_string to hide squids version. Add to your squid.conf:
httpd_suppress_version_string on
ADVICEEND EN,SQUID_ALLOW_UNDERSCORE=Deactivate underscore hostname support It says in man squid, that underscore characters are not strictly allowed in Internet hostnames. So deactivate underscore in hostname support. Add to your squid.conf:
allow_underscore off
ADVICEEND EN,SQUID_FTP_SANITYCHECK=Enable FTP sanitycheck
ftp_sanitycheck on
ADVICEEND EN,SQUID_UNKNOWN_NAMESERVER=Enable ignore_unknown_nameservers Add to your squid.conf:
ignore_unknown_nameservers on
ADVICEEND EN,SQUID_CHECK_HOSTNAMES=Enable check_hostname For security and stability reasons squid can check hostnames for Internet standard RFC compliance. Add to your squid.conf:
check_hostname on
ADVICEEND yasat/plugins/dns.advice0000640000175000017500000000337112466360404016060 0ustar montjoiemontjoieEN,BIND_HIDE_VERSION=Hide bind's version Set version to none in the options section of your bind configuration
version none;
See http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html ADVICEEND EN,BIND_HIDE_HOSTNAME=Hide bind's hostname Set hostname to none in the options section of your bind configuration
hostname none;
See http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html ADVICEEND EN,BIND_HIDE_SERVERID=Hide bind's server-id Set server-id to none in the options section of your bind configuration
server-id none;
See http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html ADVICEEND EN,BIND_DISALLOW_RECURSIVE_QUERY=Disallow global access to recursive query Set an ACL to recursive query with a allow-recursion { 127.0.0.1; } for example You can also disable recursion altogether with the recursion no; directive
recursion no;
allow-recursion { 127.0.0.1; }
See http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html ADVICEEND EN,BIND_MAX_CACHE_SIZE=Limit the amount of cache used by bind By default bind can exhausts all memory with its cache. Limit it with max-cache-size.
max-cache-size 4000000;
See http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html ADVICEEND EN,BIND_ENABLE_DNSSEC_VALIDATION=Enable the dnssec validation ADVICEEND yasat/plugins/apache_modules.data0000640000175000017500000000055712457227301017724 0ustar montjoiemontjoiecgi_module ext_filter_module user_dir_module #dir_module ident_module autoindex_module proxy_connect_module proxy_http_module proxy_ftp_module proxy_ajp_module proxy_balancer_module proxy_module status_module info_module dav_module dav_fs_module speling_module cache_module disk_cache_module file_cache_module mem_cache_module actions_module env_module suexec_module yasat/plugins/vsftpd.advice0000640000175000017500000000044512457227301016577 0ustar montjoiemontjoieEN,VSFTPD_ANONYMOUS_LOGIN=Disable anonymous connection if possible EN,VSFTPD_ANONYMOUS_UPLOAD=Disable anonymous upload if possible EN,VSFTPD_ANONYMOUS_ASCII=Disable ASCII mode EN,VSFTPD_ANONYMOUS_NO_XFERLOG=Add an xferlog entry EN,VSFTPD_ANONYMOUS_NOCHROOTLOCAL=Chroot local users if possible yasat/plugins/logwatch.test0000640000175000017500000002365712457227301016637 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # Copyright (C) 2010-2011 Mikal Sande # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ Title "Check logwatch" #YASAT_TEST_LOGWATCH NSAG=2.6.1.4 Check if logwatch is used # Variables CONFIG_PATHS_ETC='/etc/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/logwatch.conf /usr/share/logwatch/default.conf/logwatch.conf' CONFIG_PATH="/etc/logwatch/" CONFIG_FILE='' EXEC_NAMES='logwatch logwatch.pl' EXEC_FILE='' # Default settings used in Logwatch that are tested if the directive # isn't found in the configfile TMPDIR_DEFAULT='/var/cache/logwatch' # Find the executable for FILE in $EXEC_NAMES; do which $FILE > /dev/null 2>&1 if [ $? -eq 0 ]; then EXEC_FILE=`which $FILE` fi done # Find the config file. Look in /etc/logwatch first for FILE in $CONFIG_PATHS_ETC; do if [ -f "$FILE" ]; then CONFIG_FILE=$FILE fi done if [ -z "$CONFIG_FILE" -a ! -e $CONFIG_PATH ] ; then return 0; fi # Look in /etc/logwatch/ to see if there is a config file that is # not in the expected place if [ -z "$CONFIG_FILE" ]; then for FILE in `find $CONFIG_PATH | grep 'logwatch.conf$'`; do if [ -f "$FILE" ]; then CONFIG_FILE=$FILE fi done fi if [ ! -e $CONFIG_FILE ] ; then return 0; fi # all testing is based on the config file, therefore the test skips itself # if the config can't be found if [ -z "$CONFIG_FILE" ]; then Display --indent 2 --text "No logwatch config found" --result SKIPPING --color YELLOW return 1 else Display --indent 2 --text "Config file $CONFIG_FILE" --result FOUND --color BLUE if [ -z "$EXEC_FILE" ]; then Display --indent 2 --text "Couldn't find logwatch.pl $EXEC_FILE" --result NOTFOUND --color ORANGE else Display --indent 2 --text "Executable $EXEC_FILE" --result FOUND --color BLUE fi fi #### # test TmpDir directive #### FindValueOf $CONFIG_FILE tmpdir JUSTTEST INSENSITIVE RESULTAT=`echo $RESULTAT | tr -d " ="` # Check if there is a TmpDir directive in the config, # if not check the default setting if [ ! -z "$RESULTAT" ]; then TMP_DIR=$RESULTAT else # safe default Display --indent 2 --text "TmpDir not found, default setting used" --result INFO --color BLUE --advice LOGWATCH_TMPDIR_DEFAULT TMP_DIR=$TMPDIR_DEFAULT fi # Check the directory if [ -d $TMP_DIR ]; then OCTAL_RIGHTS=`stat -c %a $TMP_DIR` compare_right $OCTAL_RIGHTS 750 YES if [ $? -ne 0 ]; then Display --indent 2 --text "TmpDir = $TMP_DIR" --result WARNING --color RED --advice LOGWATCH_TMPDIR_OTHER_READABLE else Display --indent 2 --text "TmpDir = $TMP_DIR" --result OK --color GREEN fi else Display --indent 2 --text "TmpDir = $TMP_DIR" --result NOTFOUND --color RED --advice LOGWATCH_TMPDIR_NOT_FOUND fi ### # test Save directive ### FindValueOf $CONFIG_FILE save JUSTTEST INSENSITIVE RESULTAT=`echo $RESULTAT | tr -d " ="` if [ ! -z "$RESULTAT" ]; then RESULTAT=`dirname $RESULTAT` if [ -d "$RESULTAT" ]; then OCTAL_RIGHTS=`stat -c %a $RESULTAT` compare_right $OCTAL_RIGHTS 750 YES if [ $? -ne 0 ]; then Display --indent 2 --text "Save = $RESULTAT" --result WARNING --color RED --advice LOGWATCH_SAVE_OTHER_READABLE else Display --indent 2 --text "Save = $RESULTAT" --result OK --color GREEN fi else Display --indent 2 --text "$RESULTAT isn't a directory" --result NOTFOUND --color RED fi else # safe default Display --indent 2 --text "Logwatch reports are not saved" --result INFO --color BLUE --advice LOGWATCH_DEFAULT_SETTING fi ### # test Detail directive ### FindValueOf $CONFIG_FILE detail JUSTTEST INSENSITIVE RESULTAT=`echo $RESULTAT | tr -d " ="` if [ ! -z "$RESULTAT" ]; then RESULTAT=`echo $RESULTAT | tr '[:upper:]' '[:lower:]'` case $RESULTAT in 0|low) Display --indent 2 --text "Detail = $RESULTAT, this is the lowest setting!" --result WARNING --color RED --advice LOGWATCH_LOW_DETAIL_SETTING ;; 1|2|3|4) Display --indent 2 --text "Detail = $RESULTAT, are you sure this is enough?" --result WARNING --color ORANGE --advice LOGWATCH_LOW_DETAIL_SETTING ;; 5|6|7|8|9|10|med|high) Display --indent 2 --text "Detail = $RESULTAT" --result OK --color GREEN ;; *) Display --indent 2 --text "Detail = $RESULTAT, invalid setting" --result INVALID --color RED ;; esac else Display --indent 2 --text "Detail not found, default setting used" --result NOTFOUND --color RED --advice LOGWATCH_LOW_DETAIL_SETTING fi ### # test Range directive ### FindValueOf $CONFIG_FILE range JUSTTEST INSENSITIVE RESULTAT=`echo $RESULTAT | tr -d " ="` if [ ! -z "$RESULTAT" ]; then RESULTAT=`echo $RESULTAT | tr '[:upper:]' '[:lower:]'` case $RESULTAT in all) Display --indent 2 --text "Range = $RESULTAT, might be too much when run on a regual basis" --result WARNING --color RED --advice LOGWATCH_PROBLEMATIC_RANGE_ALL ;; today) Display --indent 2 --text "Range = $RESULTAT, can lead to loss of information" --result WARNING --color ORANGE --advice LOGWATCH_PROBLEMATIC_RANGE_TODAY ;; yesterday) Display --indent 2 --text "Range = $RESULTAT" --result OK --color GREEN ;; *) Display --indent 2 --text "Range = $RESULTAT, invalid/unknown setting" --result INVALID --color RED ;; esac else # safe default setting Display --indent 2 --text "Range not found, default setting used" --result INFO --color BLUE --advice LOGWATCH_DEFAULT_SETTING fi ### # test Service directive ### ALL_SERVICES_FLAG='' # used to test for service level in LogFile test NO_SERVICES_FLAG='' # used to check if any Service directives have been found DISABLED_SERVICES_COUNT='0' LINES=`grep -i '^service' $CONFIG_FILE | sed 's/#.*//'` for line in $LINES; do line=`echo "$line" | tr '[:upper:]' '[:lower:]' | sed 's/service//' | tr -d " =\""` if [ "$line" = "all" ]; then ALL_SERVICES_FLAG='1' # set it so that it can be checked for in the LogFile test else echo $line | grep '^-' > /dev/null if [ $? -eq 0 ]; then DISABLED_SERVICES_COUNT=$(( $DISABLED_SERVICES_COUNT + 1 )) else NO_SERVICES_FLAG='1' # set the flag because a Service directive has been found fi fi done if [ ! -z "$ALL_SERVICES_FLAG" ]; then Display --indent 2 --text "Service = All" --result OK --color GREEN # Check if there are checks that are disabled if [ $DISABLED_SERVICES_COUNT -ne 0 ]; then Display --indent 2 --text "$DISABLED_SERVICES_COUNT service checks are disabled" --result INFO --color BLUE --advice LOGWATCH_DISABLED_SERVICE_CHECK else Display --indent 2 --text "No service checks are disabled" --result OK --color GREEN fi else if [ -z $NO_SERVICES_FLAG ]; then # TODO check what happens when logwatch is run with no Service directive Display --indent 2 --text "No Service directives found" --result WARNING --color RED --advice LOGWATCH_NO_SERVICES_FOUND fi fi ### # test LogDir directive ### LOGDIR='' # is also used in LogFile test FindValueOf $CONFIG_FILE logdir JUSTTEST INSENSITIVE if [ ! -z "$RESULTAT" ]; then LOGDIR=`echo $RESULTAT | tr -d " ="` if [ ! -d $LOGDIR ]; then Display --indent 2 --text "LogDir wasn't found" --result WARNING --color RED --advice LOGWATCH_NO_LOGDIR else Display --indent 2 --text "LogDir = $LOGDIR" --result OK --color GREEN OCTAL_RIGHTS=`stat -c %a $LOGDIR` compare_right $OCTAL_RIGHTS 755 YES if [ $? -ne 0 ]; then Display --indent 2 --text "LogDir permissions" --result WARNING --color RED --advice LOGWATCH_LOGDIR_OTHER_WRITABLE else Display --indent 2 --text "LogDir permissions" --result OK --color GREEN fi fi else Display --indent 2 --text "LogDir wasn't found" --result WARNING --color RED --advice LOGWATCH_NO_LOGDIR fi ### # test LogFile directive ### if [ -z "$ALL_SERVICES_FLAG" ]; then FindValueOf $CONFIG_FILE logfile JUSTTEST INSENSITIVE if [ ! -z "$RESULTAT" ]; then RESULTAT=`echo $RESULTAT | tr -d ' ='` LOGFILE=`echo ${LOGDIR}/${RESULTAT} | sed 's/\/\//\//'` Display --indent 2 --text "Only $LOGFILE is checked." --result WARNING --color ORANGE --advice LOGWATCH_ONLY_ONE_LOGFILE else Display --indent 2 --text "No logfiles are checked!" --result WARNING --color RED --advice LOGWATCH_NO_LOGS_CHECKED fi fi ### # test Archives directive ### FindValueOf $CONFIG_FILE archives JUSTTEST INSENSITIVE if [ ! -z "$RESULTAT" ]; then RESULTAT=`echo $RESULTAT | tr -d ' ='` case $RESULTAT in yes|true|on|1) Display --indent 2 --text "Archives = $RESULTAT" --result OK --color GREEN ;; no|false|off|0) Display --indent 2 --text "Archives = $RESULTAT" --result WARNING --color ORANGE --advice LOGWATCH_ARCHIVES_NOT_CHECKED ;; *) Display --indent 2 --text "Archives = $RESULTAT, invalid/unkown setting" --result WARNING --color RED ;; esac else # safe default Display --indent 2 --text "Archives not found, default setting used" --result INFO --color BLUE --advice LOGWATCH_DEFAULT_SETTING fi ### # test HostLimit directive ### FindValueOf $CONFIG_FILE hostlimit JUSTTEST INSENSITIVE if [ ! -z "$RESULTAT" ]; then RESULTAT=`echo $RESULTAT | tr -d ' ='` case $RESULTAT in yes|true|on|1) Display --indent 2 --text "HostLimit = $RESULTAT" --result INFO --color BLUE ;; no|false|off|0) Display --indent 2 --text "HostLimit = $RESULTAT" --result INFO --color BLUE --advice LOGWATCH_HOSTLIMIT_NO ;; esac fi yasat/plugins/openvpn.test0000640000175000017500000001053012457227301016476 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ POSSIBLE_OPENVPN_CONF="/etc/openvpn /usr/local/etc/openvpn" OPENVPN_CONF_REP="" for LOCATION in ${POSSIBLE_OPENVPN_CONF} do if [ -d "${LOCATION}/" ] then OPENVPN_CONF_REP="${LOCATION}" fi done Title "Check OpenVPN" if [ -z "$OPENVPN_CONF_REP" ] ;then return 1; fi if [ ! -e "$OPENVPN_CONF_REP" ] ;then return 1; fi Display --indent 2 --text "$OPENVPN_CONF_REP" --result FOUND --color GREEN TESTNAME='YASAT_TEST_OPENVPN1 Check that openvpn configuration file is owned by root' RESULTAT=`find $OPENVPN_CONF_REP ! -type l ! -user root -exec ls {} \;` if [ ! -z "$RESULTAT" ] ;then Display --indent 2 --text "owner of $OPENVPN_CONF_REP " --result WARNING --color RED # echo " $RESULTAT" else Display --indent 2 --text "owner of $OPENVPN_CONF_REP " --result OK --color GREEN fi #RESULTAT=`find $OPENVPN_CONF_REP ! -type l ! -group $ROOTGROUP -exec ls {} \;` #if [ ! -z "$RESULTAT" ] #then # Display --indent 2 --text "group of $OPENVPN_CONF_REP " --result WARNING --color RED # echo " $RESULTAT" #else # Display --indent 2 --text "group of $OPENVPN_CONF_REP " --result OK --color GREEN #fi #RESULTAT=`find $OPENVPN_CONF_REP ! -type l -perm $ORWX -exec ls {} \;` #if [ ! -z "$RESULTAT" ] #then # Display --indent 2 --text "Rights of $OPENVPN_CONF_REP " --result WARNING --color RED # echo " $RESULTAT" #else # Display --indent 2 --text "Rights of $OPENVPN_CONF_REP " --result OK --color GREEN #fi TMP_RESULT="${TEMPYASATDIR}/openvpn.tmpresult" TESTNAME='YASAT_TEST_OPENVPN2 Check that openvpn configuration file is under the right group' check_directory_group "$OPENVPN_CONF_REP" $ROOTGROUP "$TMP_RESULT" 2 TESTNAME='YASAT_TEST_OPENVPN3 Check that openvpn configuration file is not readable by others' check_directory_others "$OPENVPN_CONF_REP" "$TMP_RESULT" 2 GLOBAL_FILE_OTHER_READABLE #TODO check that there some .conf file OPENVPN_CONF_LIST=`ls ${OPENVPN_CONF_REP}/*.conf` for i in $OPENVPN_CONF_LIST do Display --indent 2 --text "$i" --result FOUND --color GREEN TESTNAME='YASAT_TEST_OPENVPN4 Check if User is gived' FindValueOf $i 'user' JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 4 --text "User " --result NOTFOUND --color RED else Display --indent 4 --text "User " --result "$RESULTAT" --color GREEN fi TESTNAME='YASAT_TEST_OPENVPN4 Check if a certificate is used' FindValueOf $i 'cert' JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 4 --text "cert " --result NOTFOUND --color RED else Display --indent 4 --text "cert " --result "$RESULTAT" --color GREEN TESTNAME='YASAT_TEST_OPENVPN5 Check the certificate used by openvpn' check_file $RESULTAT 6 CERT fi TESTNAME='YASAT_TEST_OPENVPN6 Check if a CA certificate is used' FindValueOf $i 'ca' JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 4 --text "ca " --result NOTFOUND --color RED else Display --indent 4 --text "ca " --result "$RESULTAT" --color GREEN TESTNAME='YASAT_TEST_OPENVPN7 Check the CA certificate used by openvpn' check_file $RESULTAT 6 CERT fi TESTNAME='YASAT_TEST_OPENVPN8 Check if a private key is used' FindValueOf $i 'key' JUSTTEST if [ -z "$RESULTAT" ] ;then Display --indent 4 --text "key " --result NOTFOUND --color RED else Display --indent 4 --text "key " --result "$RESULTAT" --color GREEN TESTNAME='YASAT_TEST_OPENVPN9 Check the private key used by openvpn' check_file $RESULTAT 6 PRIVKEY fi done return 0; yasat/yasat0000750000175000017500000002700312513206552013476 0ustar montjoiemontjoie#!/bin/sh ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ umask 027 #test SHELL variable and/or /bin/sh link to "set -o nounset" if we are using bash #if [ "$SHELL" = '/bin/bash' ] ; then #echo "Using bash $BASH_VERSINFO" #set -o nounset #fi #TODO use http://wiki.apache.org/httpd/DistrosDefaultLayout for missing APACHE_CONF_REP="/etc/apache2" POSSIBLE_APACHE_CONFIG_LOCATION="/etc/apache2/ /etc/apache22/ /etc/apache13/ /etc/apache/ /usr/local/etc/httpd/ /usr/local/etc/apache22/ /usr/apache22/etc/ /usr/local/apache2/conf /etc/httpd/conf/ /etc/httpd/ /usr/pkg/etc/httpd/ /usr/local/etc/apache2/ /var/www/conf/" POSSIBLE_SNMP_DAEMON_CONFIG_LOCATION="/etc/snmpd /etc/snmp /usr/local/etc/snmpd /usr/local/etc/snmp /usr/local/etc" POSSIBLE_PHP_CONF_REP="/etc/php.ini /etc/php5/apache2/php.ini /private/etc/php.ini /etc/php/apache2-php5/php.ini /usr/local/etc/php.ini /usr/local/lib/php.ini /var/www/conf/php.ini /etc/php/apache2-php5.3/php.ini /etc/php/apache2-php5.4/php.ini" POSSIBLE_MYSQL_CONF_REP="/etc/mysql/my.cnf /usr/local/etc/mysql/my.cnf" POSSIBLE_APACHE_BIN="/usr/sbin/apache2 /usr/local/sbin/httpd /usr/local/sbin/apache2 /usr/sbin/httpd" DEBUG=0 TEMPYASATDIR="`echo ~/.yasat/`" mkdir -p $TEMPYASATDIR HTML_OUTPUT="" HTML_COMPLIANCE_OUTPUT="${TEMPYASATDIR}/compliance.html" HTML_COMPLIANCE_OUTPUT_PREFIX="${TEMPYASATDIR}/compliance" > ${HTML_COMPLIANCE_OUTPUT_PREFIX}_NSAG > ${HTML_COMPLIANCE_OUTPUT_PREFIX}_YASAT HTML_COMPLIANCE_BODY_OUTPUT="${TEMPYASATDIR}/compliance_body.html" > $HTML_COMPLIANCE_BODY_OUTPUT ERROR_OUTPUT_FILE="${TEMPYASATDIR}/yasat.err" REPORT_OUTPUT="${TEMPYASATDIR}/yasat.report" CORRECT_FILE="${TEMPYASATDIR}/yasat_correct.shell" ADVICELANG="EN" PLUGINS_REP="./plugins" SCANTYPE="" NOPAUSE='no' ONEPLUGIN='' SKIPPED_TESTS='' #by default common is on the same place that yasat #but it can be copied to $DESTDIR/$PREFIX/share/yasat/common YASAT_ROOT='.' SCAN_ROOT='/' HIDESR=0 COL_WIDTH=80 #info = 0 green =1 warning,orange=2 red,error =3 PRINT_LEVEL=0 YASAT_VERSION=839 YASAT_STAT_RED=0 YASAT_STAT_ORANGE=0 YASAT_STAT_GREEN=0 YASAT_COMP_GREEN=0 YASAT_COMP_ORANGE=0 YASAT_COMP_RED=0 DO_COMPLIANCE='none' SCAN_PROFILE='server' #or desktop TMP_FILE_CREATED="" if [ -e '/etc/yasat/yasat.conf' ] ;then . /etc/yasat/yasat.conf echo 'Found /etc/yasat/yasat.conf' fi if [ -e '/usr/local/etc/yasat/yasat.conf' ] ;then . /usr/local/etc/yasat/yasat.conf echo 'Found /usr/local/etc/yasat/yasat.conf' fi if [ -e "$TEMPYASATDIR/yasat.conf" ] ;then . $TEMPYASATDIR/yasat.conf echo "Found $TEMPYASATDIR/yasat.conf" fi COMPLIANCE_OUTPUT="$TEMPYASATDIR/compliance" > $COMPLIANCE_OUTPUT if [ -e "$REPORT_OUTPUT" ] ;then rm $REPORT_OUTPUT fi if [ -e "$CORRECT_FILE" ] ;then rm $CORRECT_FILE fi if [ ! -e "${YASAT_ROOT}/common" -a -e '/usr/share/yasat/common' ];then YASAT_ROOT='/usr/share/yasat/' PLUGINS_REP="${YASAT_ROOT}/plugins" fi if [ ! -e "${YASAT_ROOT}/common" ];then echo "ERROR: Cannot find the common file" >&2 exit 1 fi . ${YASAT_ROOT}/common if [ $# -eq 0 ] ;then print_help exit 0; fi trap armageddon INT while [ $# -ge 1 ]; do case $1 in --help) shift print_help exit 0; ;; -h) shift print_help exit 0; ;; --debug) shift DEBUG=1 ;; -d) shift DEBUG=1 ;; --full-scan) shift SCANTYPE='FULL' echo "Enabling FULL SCAN" ;; -f) shift SCANTYPE='FULL' echo "Enabling FULL SCAN" ;; --nopause) shift NOPAUSE='yes' ;; -a) shift NOPAUSE='yes' ;; -s) shift ;; --standard) shift ;; -l) shift if [ -d "$PLUGINS_REP" ] then ls $PLUGINS_REP/ | grep '.test' exit 0; fi ;; --list) shift if [ -d "$PLUGINS_REP" ] then ls $PLUGINS_REP/ | grep '.test' exit 0; fi ;; --desc) shift if [ -z "$1" ] ; then Display_error "Missing parameter for --desc" print_help exit 1; fi print_desc "$1" exit 0 shift ;; --skip) shift for TEST in `echo $1 | sed 's/,/\n/g'`; do if [ -f "${PLUGINS_REP}/${TEST}.test" ]; then SKIPPED_TESTS="${SKIPPED_TESTS}${TEST}" else echo "Invalid test $TEST" echo "see $0 --list for all tests" exit 1 fi done shift ;; --plugin) shift if [ -z "$1" ] ;then echo "Missing parameter for --plugin" print_help exit 1; fi ONEPLUGIN="$1" if [ ! -e "$1" ] ; then if [ ! -e "$PLUGINS_REP/$1" ] ; then if [ ! -e "$PLUGINS_REP/$1.test" ] ; then echo "$1 do not exists" exit 1; else ONEPLUGIN="$PLUGINS_REP/$1.test" fi else ONEPLUGIN="$PLUGINS_REP/$1" fi fi shift ;; -1) shift if [ -z "$1" ] ; then echo "Missing parameter for --plugin" print_help exit 1; fi ONEPLUGIN="$1" if [ ! -e "$1" ] ; then if [ ! -e "$PLUGINS_REP/$1" ] ; then if [ ! -e "$PLUGINS_REP/$1.test" ] ; then echo "plugin $1 do not exists" exit 1; else ONEPLUGIN="$PLUGINS_REP/$1.test" fi else ONEPLUGIN="$PLUGINS_REP/$1" fi fi shift ;; --Plugin) shift if [ -z "$1" ] ;then echo "Missing parameter for --Plugin" print_help exit 1; fi ONEPLUGIN="$PLUGINS_REP/$1" if [ ! -e "$ONEPLUGIN" ] ;then echo "$1 do not exists" exit 1; fi shift ;; -p) shift if [ -z "$1" ] ;then echo "Missing parameter for --Plugin" print_help exit 1; fi ONEPLUGIN="$PLUGINS_REP/$1" if [ ! -e "$ONEPLUGIN" ] ;then echo "$1 do not exists" exit 1; fi shift ;; -H) shift HTML_OUTPUT="`echo ~/.yasat/yasat.html`" echo "Enabling output in $HTML_OUTPUT" ;; --html) shift HTML_OUTPUT="`echo ~/.yasat/yasat.html`" echo "Enabling output in $HTML_OUTPUT" ;; --html-output ) shift if [ "$1x" = "x" ] then echo "Missing parameter for --html-output" print_help exit 1; fi HTML_OUTPUT="$1" shift echo "HTML output is $HTML_OUTPUT" echo "" > "$HTML_OUTPUT" ;; --advice-lang ) shift if [ "$1x" = "x" ] then echo "Missing parameter for --advice-lang" print_help exit 1; fi ADVICELANG=$1 shift echo "ADVICELANG is $ADVICELANG" ;; --print-level) shift if [ -z "$1" ] then echo 'Missing parameter for --print-level' print_help exit 1; fi if [ $1 -ge 4 -o $1 -lt 0 ] then echo 'The level must be between 0 and 3' exit 1 fi PRINT_LEVEL=$1 shift ;; -P) shift if [ -z "$1" ] ;then echo 'Missing parameter for --plugins-dir' print_help exit 1; fi if [ ! -e "$1" ] ; then echo "$1 do not exist" exit 1 fi PLUGINS_REP="$1" shift echo "PLUGINS_REP is now $PLUGINS_REP" ;; --plugins-dir) shift if [ -z "$1" ] ;then echo 'Missing parameter for --plugins-dir' print_help exit 1; fi if [ ! -e "$1" ] ; then echo "$1 do not exist" exit 1 fi PLUGINS_REP="$1" shift echo "PLUGINS_REP is now $PLUGINS_REP" ;; --check-update) shift Check_for_update ;; --send-support) shift send_support ;; --listtest) shift list_all_yasat_test exit 0 ;; --desktop) SCAN_PROFILE="desktop" shift ;; --server) SCAN_PROFILE="server" shift ;; --hidesr) #hidden option for the moment:) shift HIDESR=1 ;; --scanroot) shift if [ -z "$1" ] ;then echo "Missing parameter for --scanroot" exit 1 fi SCAN_ROOT="$1" shift if [ ! -e "$SCAN_ROOT" ] ; then echo "$SCAN_ROOT does not exists" exit 1 fi #TODO SCAN_ROOT must always end with a / ;; -r) shift if [ -z "$1" ] ;then echo "Missing parameter for --scanroot" exit 1 fi SCAN_ROOT="$1" shift if [ ! -e "$SCAN_ROOT" ] ; then echo "$SCAN_ROOT does not exists" exit 1 fi ;; --compliance) shift if [ -z "$1" ] ;then echo "Missing parameter for --compliance" exit 1 fi KNOW_ARG=0 if [ "$1" = 'all' ];then KNOW_ARG=1 DO_COMPLIANCE='cce nsa' fi if [ "$1" = 'cce' ];then KNOW_ARG=1 DO_COMPLIANCE='cce' fi if [ "$1" = 'nsa' ];then KNOW_ARG=1 DO_COMPLIANCE='nsa' fi if [ "$KNOW_ARG" -eq 0 ] ;then echo "Unknown argument $1" exit 1 fi shift ;; -V) echo "yasat $YASAT_VERSION" exit 0 ;; --version) echo "yasat $YASAT_VERSION" exit 0 ;; *) echo "unrecognized option $1" print_help exit 1 ;; esac done #TODO test wring to ERROR_OUTPUT_FILE Display --indent 2 --text "Using YASAT version" --result $YASAT_VERSION --color GREEN if [ "`id -u`" = "0" ] ;then Display --indent 2 --text "Using YASAT with UID=0" --result OK --color GREEN else Display --indent 2 --text "Using YASAT with UID!=0 Some test may fail" --result WARNING --color ORANGE if [ $NOPAUSE = "no" ] then echo "" echo "Press ENTER to continue Ctrl/C to quit" read void fi fi SELINUX_CONTEXT="`id -Z 2> /dev/null`" if [ $? -ne 0 ] then Display --indent 2 --text "Using YASAT without SELinux" --result OK --color BLUE else Display --indent 2 --text "Using YASAT with SELinux context=$SELINUX_CONTEXT" --result OK --color BLUE fi . ${YASAT_ROOT}/osdetection Display --indent 2 --text "Detecting OS... " --result DONE --color GREEN echo " ${LINUX_VERSION} ${OS} $OS_FULLNAME" #tput is not available on embedded devices Check_tool_presence tput if [ "$RESULTAT" = 'notfound' ];then COL_WIDTH=79 else COL_WIDTH="`tput cols`" if [ ! -z "$COL_WIDTH" ] ;then Display --indent 2 --text "Detecting TERM width... " --result "$COL_WIDTH" --color GREEN else COL_WIDTH=79 Display --indent 2 --text "Detecting TERM width... " --result "ERROR" --color RED Debug "TODO" fi fi print_color_chart if [ ! -z "$SKIPPED_TESTS" ]; then echo "Skipped tests" for TEST in `echo $SKIPPED_TESTS`; do echo " $TEST" done echo "" fi if [ ! -z $REPORT_OUTPUT ] then echo "" echo "At the end of the audit, the report will be available at $REPORT_OUTPUT" echo "" fi if [ ! -z "$HTML_OUTPUT" ] ;then echo 'YASAT report'> "${HTML_OUTPUT}" echo "Generated by YASAT $YASAT_VERSION " >> "${HTML_OUTPUT}" cp "${YASAT_ROOT}/yasat.css" "`dirname ${HTML_OUTPUT}`" fi if [ -d "$PLUGINS_REP" ] ; then LISTE_ADVICE="`ls $PLUGINS_REP/*.advice`" cat $LISTE_ADVICE | grep $ADVICELANG > ${YASAT_ROOT}/yasat.advices if [ -z "$ONEPLUGIN" ] ; then Debug "Analyse de $PLUGINS_REP" if [ -z "$SKIPPED_TESTS" ] ; then LISTE_PLUGINS=`ls $PLUGINS_REP/*test` else SKIPPED_TESTS=`echo $SKIPPED_TESTS | tr " " "|"` LISTE_PLUGINS=`ls $PLUGINS_REP/*test | grep -Ev $SKIPPED_TESTS` fi for A_PLUGIN in $LISTE_PLUGINS do . $A_PLUGIN # Title "run $0 --plugin $A_PLUGIN to replay this test" Debug "End of $A_PLUGIN" if [ "$NOPAUSE" = 'no' ] ; then echo "" echo "Press ENTER to continue Ctrl/C to quit" read void fi done else . $ONEPLUGIN fi fi Compliance_result if [ ! -z "$HTML_OUTPUT" ] then echo '' >> "$HTML_OUTPUT" fi yasat/common0000640000175000017500000031622112466624367013665 0ustar montjoiemontjoie################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ # # The display function is originated from lynis Copyright 2007-2009, Michael Boelen (michael@rootkit.nl), The Netherlands # Web site: http://www.rootkit.nl # ################################################################################# # # Common functions for YASAT # ################################################################################# # NORMAL="" WARNING="" YELLOW="" BLUE="" WHITE="" GREEN="" RED="" ORANGE="" NOIRGRAS="" #All results in orange/yellow is a optional warning #All results in red must be corrected ################################################################################ ################################################################################ print_color_chart() { echo "Color chart" echo "$GREEN GREEN $NORMAL is for good configuration or information" echo "$RED RED $NORMAL is for configuration that must be corrected" echo "$ORANGE ORANGE $NORMAL is for optional configuration that can be done" #ugly color, do not use:) # echo "$YELLOW YELLOW $NORMAL is for optional configuration that can be done" echo "$BLUE BLUE $NORMAL is for information" } ################################################################################ ################################################################################ Debug() { if [ $DEBUG -eq 1 ] ; then ECHOCMD="echo -e" if [ "`echo -e plop`" = '-e plop' ] ;then #with /bin/sh or zsh no -e ECHOCMD='echo' fi $ECHOCMD "$1" fi } ################################################################################ ################################################################################ # Display an error, by error I mean internal YASAT error Display_error() { echo "$1" >&2 echo "$1" >> $ERROR_OUTPUT_FILE if [ ! -z "$2" ];then echo "$2" >> $ERROR_OUTPUT_FILE fi } ################################################################################ ################################################################################ # create a tmp file create_tmp() { local suffix="" if [ $# -ge 1 ];then suffix="$1" Debug "DEBUG: Setting suffix to $suffix" fi #TODO check is suffix is handled on all OS if [ -z "$suffix" ];then TMP_FILE="`mktemp --suffix=$suffix`" else TMP_FILE="`mktemp`" fi if [ $? -ne 0 -o ! -e $TMP_FILE ];then Display_error "ERROR: Cannot create a tmp file" return 1 fi Debug "DEBUG: Created tmp $TMP_FILE" TMP_FILE_CREATED="$TMP_FILE_CREATED $TMP_FILE" return 0 } ################################################################################ ################################################################################ Display() { Debug "DEBUG: Display begin" DEBUG_ARGS="$*" if [ -z "$1" ];then Display_error "ERROR: Display need at least one argument" return 1; fi INDENT=0; TEXT=''; RESULT=''; COLOR=''; ADVICE='' ECHOCMD="echo -e" if [ "`echo -e plop`" = '-e plop' ] ;then #with /bin/sh or zsh no -e ECHOCMD='echo' fi while [ $# -ge 1 ]; do case $1 in --color) shift case $1 in GREEN) COLOR=$GREEN;HTMLCOLOR='GREEN' if [ $PRINT_LEVEL -ge 2 ] ;then return 1; fi YASAT_STAT_GREEN=$(($YASAT_STAT_GREEN+1)) ;; RED) COLOR=$RED;HTMLCOLOR='RED' YASAT_STAT_RED=$(($YASAT_STAT_RED+1)) ;; WHITE) COLOR=$WHITE ;; YELLOW) COLOR=$YELLOW;HTMLCOLOR='YELLOW' if [ $PRINT_LEVEL -ge 3 ];then return 1; fi ;; ORANGE) COLOR=$ORANGE;HTMLCOLOR='ORANGE' if [ $PRINT_LEVEL -ge 3 ] ;then return 1; fi YASAT_STAT_ORANGE=$(($YASAT_STAT_ORANGE+1)) ;; BLUE) COLOR=$BLUE;HTMLCOLOR='BLUE' if [ $PRINT_LEVEL -ge 1 ];then return 1; fi ;; *) Display_error "ERROR: unknown color $1 for Display()" return 1; ;; esac ;; --indent) shift INDENT=$1 ;; --no-break | --nobreak | -nb) ECHOCMD="echo -en" ;; --result) shift if [ -z "$1" ];then Display_error "ERROR : missing parameters to --result" return 1; fi RESULT=$1 ;; --advice) shift if [ -z "$1" ];then Display_error "ERROR : missing parameters to --advice" "$DEBUG_ARGS" return 1; fi ADVICE=$1 ;; --text) shift #clean possible double slash TEXT="`echo $1 | sed 's,//,/,g'`" if [ $HIDESR -ge 1 ];then #I use | because it is the only separator that I will be sure to be not present TEXT=`echo $1 | sed "s|$SCAN_ROOT||"` fi ;; --comp) shift if [ -z "$1" -o -z "$2" ];then Display_error "ERROR : missing parameters to --comp" return 1; fi Compliance --result "$1" --plugin "$2" --color "$HTMLCOLOR" --yasatresult "$RESULT" shift ;; *) Display_error "INVALID OPTION (Display): $1, it is usually a bug of yasat (shame on me)" exit 1 ;; esac # Go to next parameter shift done if [ -z "${ADVICE}" -o "${ADVICE}" = 'NONE' ] ;then ADVICEVALUE='' else ADVICEVALUE="`grep ${ADVICE}= ${YASAT_ROOT}/yasat.advices | cut -d\= -f2-`" if [ -z "$ADVICEVALUE" ] ;then Display --indent 2 --text "BUG ADVICEVALUE is empty for ${ADVICE}" --result WARNING --color RED --advice YASAT_BUG fi # if [ -z "`echo ${RESULT} | grep -vEi 'warning$|found$'`" ] ;then # echo "= ${TEXT}" >> $REPORT_OUTPUT # else echo "= ${TEXT} Result=${RESULT}" >> $REPORT_OUTPUT # fi echo " $ADVICEVALUE" >> $REPORT_OUTPUT report_add "${ADVICE}" TEXT $REPORT_OUTPUT fi if [ ! -z "$HTML_OUTPUT" ] ;then echo "${TEXT} ${RESULT}$ADVICEVALUE" >> "$HTML_OUTPUT" if [ ! -z "$ADVICE" ] ;then report_add "${ADVICE}" HTML "$HTML_OUTPUT" fi fi if [ -z "${RESULT}" ];then Display_error 'ERROR: No --result' return 1; fi RESULTPART=" [ ${COLOR}${RESULT}${NORMAL} ]" #size of result is 5 ( [ ]) + 8 (NOTFOUND/WARNING is the greatest result) MAXLINESIZE=67 if [ ! -z "${TEXT}" ] ;then # Display LINESIZE=`echo "${TEXT}" | wc -c | tr -d ' '` #SPACES=`expr ${MAXLINESIZE} - ${INDENT} - ${LINESIZE}` SPACES=$((${MAXLINESIZE}-${INDENT}-${LINESIZE})) if [ "$SPACES" -le 0 ] ;then TEXT1=`echo ${TEXT} | cut -b -50` LINESIZE=`echo "${TEXT1}" | wc -c | tr -d ' '` #SPACES=`expr ${MAXLINESIZE} - ${INDENT} - ${LINESIZE}` SPACES=$((${MAXLINESIZE}-${INDENT}-${LINESIZE})) ${ECHOCMD} "\033[${INDENT}C${TEXT1}\033[${SPACES}C${RESULTPART}\t${ADVICEVALUE}" TEXT2=`echo ${TEXT} | cut -b 51-` ${ECHOCMD} "!!\033[${INDENT}C${TEXT2}" else #SPACES=`expr ${MAXLINESIZE} - ${INDENT} - ${LINESIZE}` SPACES=$((${MAXLINESIZE}-${INDENT}-${LINESIZE})) ADVICE_LINE_SIZE=0 if [ -z "${ADVICEVALUE}" ] ;then FULLLINESIZE=$LINESIZE else ADVICE_LINE_SIZE=`echo "${ADVICEVALUE}" | wc -c | tr -d ' '` #FULLLINESIZE=`expr ${ADVICE_LINE_SIZE} + 80` FULLLINESIZE=$((${ADVICE_LINE_SIZE}+80)) fi Debug "FULL $FULLLINESIZE $LINESIZE $SPACES adv=$ADVICE_LINE_SIZE COL_WIDTH=$COL_WIDTH" if [ $FULLLINESIZE -gt $COL_WIDTH ] then ${ECHOCMD} "\033[${INDENT}C${TEXT}\033[${SPACES}C${RESULTPART}" ${ECHOCMD} "\033[${INDENT}C\t-> ${ADVICEVALUE}" else ${ECHOCMD} "\033[${INDENT}C${TEXT}\033[${SPACES}C${RESULTPART}\t${ADVICEVALUE}" fi fi else echo "ERROR: Display: Missing parameter --text" return 1 fi } ################################################################################ ################################################################################ # does $1 is equal to $2 ? # optionnal parameter [-f filter] [-i] # -f filter: filter $1 # -i case insesitive test but $2 need to be lowercase # -2 add a second value accepted # return 0 if yes # return 1 if no is_equal() { local cmp=$1 local cmp2=$2 local cmp3='' local tmp shift shift if [ $# -ge 1 ];then while [ $# -ge 1 ] do case $1 in -i) tmp=`echo $cmp | tr 'A-Z' 'a-z'` #echo "DEBUG: $cmp to $tmp" cmp=$tmp shift ;; -f) shift if [ -z "$1" ];then Display_error "ERROR: is_equal() -f need an argument" return 2 fi tmp=`echo $cmp | sed "s,$1,,g"` #echo "DEBUG: $cmp to $tmp" cmp=$tmp shift ;; -2) shift if [ -z "$1" ];then Display_error "ERROR: is_equal() -2 need an argument" return 2 fi cmp3="$1" shift ;; *) Display_error "ERROR: invalid arg $1 for is_equal()" return 2 ;; esac done fi if [ "$cmp" = "$cmp2" ];then return 0 fi if [ ! -z "$cmp3" -a "$cmp" = "$cmp3" ];then return 0 fi return 1 } ################################################################################ ################################################################################ report_add() { if [ -z "$1" ] then Display --indent 2 --text "Missing argument #1 for report_add" --result WARNING --color RED --advice YASAT_BUG return -1; fi if [ -z "$2" ] then Display --indent 2 --text "Missing argument #2 (type of output) for report_add" --result WARNING --color RED --advice YASAT_BUG return -1; fi if [ -z "$3" ] then Display --indent 2 --text "Missing argument #3 (name of the output file) for report_add" --result WARNING --color RED --advice YASAT_BUG return -1; fi Debug "report_add() called with $1 $2 $3" # if [ $2 = "TEXT" ] # then # echo "" >> $3 # echo "== `cat yasat.advices |grep $ADVICE | cut -d\= -f2-` ==" >> $3 # echo "" >> $3 # fi if [ $2 = "HTML" ] then echo "" >> "$3" fi ADVICEFOUND=0 LISTE_ADVICE="`ls ${PLUGINS_REP}/*.advice`" cat $LISTE_ADVICE | while read line do if [ "$line" = "ADVICEEND" ] then ADVICEFOUND=0 fi #temporary if [ ! -z "`echo $line |grep ^${ADVICELANG},`" ] then ADVICEFOUND=0 fi if [ $ADVICEFOUND -eq 1 ] then if [ $2 = "TEXT" ] then echo " $line" | sed 's/<[^>]*>//g'>> "$3" fi if [ $2 = "HTML" ] then echo " $line" >> "$3" echo "
" >> "$3" fi fi if [ ! -z "`echo $line |grep ${ADVICELANG},$1`" ] then ADVICEFOUND=1 fi done if [ $2 = "HTML" ] then echo "
" >> "$3" fi } ################################################################################ ################################################################################ #arg 1 is the path to file created by prepare_apache_conf() #arg2 is the value found by FindValueOf Check_apache_user() { export RESULTAT='' export FINDERROR='' if [ -z "$1" ] ; then Display --indent 2 --text "Missing argument #1 for Check_apache_user" --result WARNING --color RED --advice YASAT_BUG return 2; fi if [ -z "$2" ] ; then Display --indent 2 --text "Missing argument #2 for Check_apache_user" --result WARNING --color RED --advice YASAT_BUG return 2; fi if [ "`echo $2 | cut -b1`" = '$' ] ;then Display --indent 2 --text "Apache user is a variable" --result INFO --color BLUE #we ll find the value of this variable (only debian do that, and values can be found in /etc/apache2/envvars) if [ -e /etc/apache2/envvars ] ; then export RESULTAT="`grep APACHE_RUN_USER /etc/apache2/envvars | cut -d\= -f2`" if [ -z "$RESULTAT" ] ; then Display --indent 4 --text "Fallback to www-data" --result INFO --color BLUE export RESULTAT='www-data' fi else #TODO fallback to a common value Display --indent 4 --text "Fallback to www-data" --result INFO --color BLUE export RESULTAT='www-data' fi return 0; Display --indent 2 --text "Apache user is " --result "$RESULTAT" --color BLUE fi export RESULTAT="$2" } ################################################################################ ################################################################################ #arg 1 is the path to file created by prepare_apache_conf() #arg2 is the value found by FindValueOf Check_apache_group() { export RESULTAT='' export FINDERROR='' if [ -z "$1" ] ; then Display --indent 2 --text "Missing argument #1 for Check_apache_group" --result WARNING --color RED --advice YASAT_BUG return 2; fi if [ -z "$2" ] ; then Display --indent 2 --text "Missing argument #2 for Check_apache_group" --result WARNING --color RED --advice YASAT_BUG return 2; fi if [ "`echo $2 | cut -b1`" = '$' ] ; then Display --indent 2 --text "Apache group is a variable" --result INFO --color BLUE #we ll find the value of this variable (only debian do that, and values can be found in /etc/apache2/envvars) if [ -e /etc/apache2/envvars ] ; then export RESULTAT="`grep APACHE_RUN_GROUP /etc/apache2/envvars | cut -d\= -f2`" if [ -z "$RESULTAT" ] ; then Display --indent 4 --text "Fallback to www-data" --result INFO --color BLUE export RESULTAT='www-data' fi else #TODO fallback to a common value Display --indent 4 --text "Fallback to www-data" --result INFO --color BLUE export RESULTAT='www-data' fi return 0; Display --indent 2 --text "Apache group is " --result "$RESULTAT" --color BLUE fi export RESULTAT="$2" } ################################################################################ ################################################################################ #Find value of a directive separated by space "$2 value" # #1 is the file to scan # #2 is the directive to seek # #3 is a sort of error reporting, possible values JUSTTEST(what a bad name choice) and MULTIPLE(allow multiple value) # #4 is case sensitivity flag (nothing = sensitive, INSENSITIVE otherwise) FindValueOf() { export RESULTAT='' export FINDERROR='' if [ -z "$1" ] ; then Display --indent 2 --text "Missing argument FindValueOf() #1 (conf file to scan)" --result WARNING --color RED --advice YASAT_BUG return 2; fi if [ -z "$2" ] ; then Display --indent 2 --text "Missing argument FindValueOf #2 (directive to seek)" --result WARNING --color RED --advice YASAT_BUG return 2; fi TEMP="" Debug "Seek value of $2 in $1" if [ ! -e "$1" ] ;then echo "Error $1 do not exist" return 1; fi #End of checks of parameters DO_INSENSITIVE=0 if [ $# -ge 4 ] ; then if [ "$4" = 'INSENSITIVE' ] ; then DO_INSENSITIVE=1 fi fi if [ $DO_INSENSITIVE -ge 1 ] ; then TEMP=`grep -rih "^[[:space:]]*$2[[:space:]]" $1 |grep -v '^[[:space:]]*#' |tr '[:upper:]' '[:lower:]' |sed "s/^[[:space:]]*$2[[:space:]]*//g" |sed 's/#.*//g'|sed 's,[[:space:]]*,,'` else TEMP=`grep -rih "^[[:space:]]*$2[[:space:]]" $1 |grep -v '^[[:space:]]*#' |sed "s/^[[:space:]]*$2[[:space:]]*//g" |sed 's/#.*//g'|sed 's,[[:space:]]*,,'` fi if [ -z "$TEMP" ] ;then if [ $# -le 2 ] ; then Display --indent 2 --text "No declaration of $2" --result WARNING --color RED else if [ -z "$3" ] ;then Display --indent 2 --text "No declaration of $2" --result WARNING --color RED return 1; fi fi fi if [ `echo "$TEMP" | wc -l` -ge 2 ];then if [ "$3" = 'MULTIPLE' ] ; then # export RESULTAT="`echo $TEMP | sed "s/[[:space:]]*$2[[:space:]]*//g"`" export RESULTAT="$TEMP" return 0; fi Display --indent 2 --text "Error multiple declarations of $2" --result WARNING --color RED --advice GLOBAL_MULTIPLE_DECLARATIONS grep -ri "^[[:space:]]*$2[[:space:]]" $1 |grep -v '^[[:space:]]*#' | while read line do echo " ==> $line" done FINDERROR='MULTIPLE' RESULTAT=`echo "$TEMP" | sort | uniq | head -n 1 |sed "s/^[[:space:]]*$2[[:space:]]*//g" | sed 's/#.*//g'` return 3; fi if [ `echo "$TEMP" | wc -l` -eq 0 ] ; then if [ -z "$3" ] ;then Display --indent 2 --text "No declaration of $2" --result WARNING --color RED return 1; fi fi if [ `echo "$TEMP" | wc -l` -eq 1 ] ;then # export RESULTAT=`echo "${TEMP}" | sed "s/^[[:space:]]*[a-zA-Z0-9][a-zA-Z0-9]*[[:space:]]*//g" | sed 's/#.*//g'` # export RESULTAT=`echo "${TEMP}" | sed "s/^[[:space:]]*$2[[:space:]]*//g" | sed 's/#.*//g'` export RESULTAT="${TEMP}" fi return 0; } #======================================================================================== #======================================================================================== #Find value type "$2 = value" FindValueOfEqual() { RESULTAT='' if [ "$1x" = "x" ] then Display --indent 2 --text "Missing argument #1 (conf file to scan) of FindValueOfEqual" --result WARNING --color RED --advice YASAT_BUG return 2; fi if [ "$2x" = "x" ] then Display --indent 2 --text "Missing argument #2 (directive to scan) of FindValueOfEqual" --result WARNING --color RED --advice YASAT_BUG return 2; fi TEMP="" Debug "cherche la valeur de $2 dans $1" TEMP=`grep -rih "^[[:space:]]*$2[[:space:]]*=" $1` if [ -z "$TEMP" ] then if [ "$3x" = "x" ] then Display --indent 2 --text "No declarations of $2 " --result WARNING --color RED return 1; fi fi if [ `echo "$TEMP" | wc -l` -ge 2 ] then Display --indent 2 --text "Error multiple declarations of $2 " --result WARNING --color RED --advice GLOBAL_MULTIPLE_DECLARATIONS return 3; fi if [ `echo "$TEMP" | wc -l` -eq 0 ] then if [ "$3x" = "x" ] then Display --indent 2 --text "No declarations of $2 " --result WARNING --color RED return 1; fi fi if [ `echo "$TEMP" | wc -l` -eq 1 ] then export RESULTAT=`echo $TEMP | sed "s/^[[:space:]]*$2[[:space:]]*=[[:space:]]*//g" | sed 's/[#;].*//g'` fi return 0; } #======================================================================================== #======================================================================================== #Find value type "$2 : value" FindValueOfDDot() { RESULTAT='' if [ "$1x" = "x" ] then Display --indent 2 --text "Missing argument #1" --result WARNING --color RED --advice YASAT_BUG return 2; fi if [ "$2x" = "x" ] then Display --indent 2 --text "Missing argument #2" --result WARNING --color RED --advice YASAT_BUG return 2; fi TEMP="" Debug "cherche la valeur de $2 dans $1" TEMP=`grep -rih "^[[:space:]]*$2[[:space:]]*:" $1` if [ -z "$TEMP" ] then if [ "$3x" = "x" ] then Display --indent 2 --text "No declarations of $2 " --result WARNING --color RED return 1; fi fi if [ `echo "$TEMP" | wc -l` -ge 2 ] then Display --indent 2 --text "Error multiple declarations of $2 " --result WARNING --color RED --advice GLOBAL_MULTIPLE_DECLARATIONS return 3; fi if [ `echo "$TEMP" | wc -l` -eq 0 ] then if [ "$3x" = "x" ] then Display --indent 2 --text "No declarations of $2 " --result WARNING --color RED return 1; fi fi if [ `echo "$TEMP" | wc -l` -eq 1 ] then export RESULTAT=`echo $TEMP | sed "s/^[[:space:]]*$2[[:space:]]*:[[:space:]]*//g" | sed 's/#.*//g'` fi return 0; } ################################################################################ ################################################################################ CheckPresenceOf() { if [ "$1x" = "x" ] then Display --indent 2 --text "Missing argument #1" --result WARNING --color RED --advice YASAT_BUG fi if [ "$2x" = "x" ] then Display --indent 2 --text "Missing argument #1" --result WARNING --color RED --advice YASAT_BUG fi TEMP="" Debug "cherche si $2 est dans $1" TEMP=`grep -rih "^ *$2" $1` if [ -z "$TEMP" ] then if [ "$3x" = "x" ] then Display --indent 2 --text "No declarations of $2 " --result WARNING --color RED fi fi if [ `echo "$TEMP" | wc -l` -ge 2 ] then Display --indent 2 --text "Error multiple declarations of $2 " --result WARNING --color RED --advice GLOBAL_MULTIPLE_DECLARATIONS fi if [ `echo "$TEMP" | wc -l` -eq 0 ] then if [ "$3x" = "x" ] then Display --indent 2 --text "No declarations of $2 " --result WARNING --color RED fi fi if [ `echo "$TEMP" | wc -l` -eq 1 ] then export RESULTAT=`echo $TEMP | sed "s/^.*$2\ //g" | cut -d\ -f1` ## echo "=>$RESULTAT<=" fi } ################################################################################ ################################################################################ Title() { if [ -z "$1" ] then echo "Error missing parameter for Title()" return 1; fi echo "=== $1 ===" if [ ! -z "$HTML_OUTPUT" ] then echo "

$1


" >> "$HTML_OUTPUT" fi if [ ! -z "$REPORT_OUTPUT" ] then echo '' >> $REPORT_OUTPUT echo "=== $1 ===" >> $REPORT_OUTPUT fi } ################################################################################ ################################################################################ #affiche_rouge() #{ # echo -e "\033[31m $1 \033[0m " #} ################################################################################ ################################################################################ #affiche_vert() #{ # echo -e "\033[0;32m $1 \033[0m " #} ################################################################################ ################################################################################ #affiche_orange() #{ # echo -e "\033[0;33m $1 \033[0m " #} ################################################################################ ################################################################################ print_help() { echo "=====================================" echo "== YASAT ==" echo "== Yet Another Stupid Audit Tool ==" echo "== ==" echo "== Copyright (C) 2008-2015 ==" echo "== LABBE Corentin ==" echo "============================================================" echo "|Available options |" echo "| |" echo "| --standard (-s) Do standard test =====" echo "| --list (-l) List plugins available |" echo "| --debug (-d) print debug informations |" echo "| --help (-h) show this help =====" echo "| --html (-H) export YASAT 's results in html |" echo "| default to ~/yasat/yasat.html |" echo "| --html-output PATH PATH is the name of html file to write |" echo "| --advice-lang LANG LANG is the 2letter digit of the lang |" echo "| (default is EN ) |" echo "| --full-scan (-f) Do extra (long) tests (lots of find) |" echo "| --plugins-dir PATH (-P) Set the path to the plugins to use |" echo "| (default is ./plugins ) |" echo "| --nopause (-a) Do not make a pause after plugin's end |" echo "| --plugin PATH (-1) Just use the plugin pointed by PATH |" echo "| --Plugin NAME (-p) Just use the plugin named NAME |" echo "| --scanroot PATH (-r) Scan PATH instead of / (WorkInProgress)|" echo "| --compliance type Check for a specific compliance. |" echo "| type could be cce, nsa or all |" echo "| --print-level X Just print infos equal or above the |" echo "| level X (All = 0 (default), infos = 1 |" echo "| warnings(orange) = 2, errors(red) = 3 |" echo "| --skip Test(s) to skip, without the .test |" echo "| (ex: --skip nfs,ntp) comma separated |" echo "| --check-update Check if an update of YASAT exists |" echo "| --send-support Same as --check-support but you will |" echo "| send also your OS version as parameter |" echo "| --desktop Use the desktop profile |" echo "| --server Use the server profile |" echo "| --version (-V) Print yasat version |" echo "| |" echo "| Thanks for using YASAT. |" echo "| |" echo "====================================================================" } ################################################################################ ################################################################################ #compare 2 right #example compare_right 666 640 YES said bad #example compare_right 666 640 YES said bad #example compare_right 400 640 NO said bad #example compare_right 400 640 YES said good #if arg #3 is NO, we want that $1 and $2 is strictly equal compare_right() { # RESULTAT='ERROR' if [ -z "$1" ] ; then echo "ERROR compare_right() missing arg #1 (right to test)" return 1; fi if [ -z "$2" ] ; then echo "ERROR compare_right() missing arg #2 (right wanted)" return 1; fi if [ -z "$3" ] ; then echo "ERROR compare_right() missing arg #3 (accept or not more restricted right)" return 1; fi WANT_U="`echo $2 | cut -c1`" TEST_U="`echo $1 | cut -c1`" WANT_G="`echo $2 | cut -c2`" TEST_G="`echo $1 | cut -c2`" WANT_O="`echo $2 | cut -c3`" TEST_O="`echo $1 | cut -c3`" # echo "$WANT_U vs $TEST_U" if [ $TEST_U -gt $WANT_U ] ; then return 2 else if [ "$3" = 'NO' -a $TEST_U -lt $WANT_U ]; then return 3 fi fi # echo "$WANT_G vs $TEST_G" if [ $TEST_G -gt $WANT_G ] ; then return 2 else if [ "$3" = 'NO' -a $TEST_G -lt $WANT_G ]; then return 3 fi fi # echo "$WANT_O vs $TEST_O" if [ $TEST_O -gt $WANT_O ] ; then return 2 else if [ "$3" = 'NO' -a $TEST_O -lt $WANT_O ]; then return 3 fi fi # RESULTAT='GOOD' return 0 } ################################################################################ ################################################################################ check_whiteliste_cert() { if [ ! -e "$1" ] ; then echo "ERROR check_certificate() $1 do not exist" return 1; fi FINGERPRINT="` openssl x509 -in \"$1\" -fingerprint -noout | cut -d\= -f2`" if [ -z "`grep $FINGERPRINT certdata.txt`" ];then echo "$FINGERPRINT $1 $line" >> xp-cert.out else echo "$FINGERPRINT $1 $line" >> xp-cert.in fi return 0; TMPF=`mktemp` openssl x509 -in "$1" -text > $TMPF CERT_CN="`grep 'Subject:.*CN=' $TMPF | sed 's,.*CN=,,' |sed 's/,.*//' |sed 's,/emailAddress=.*,,'`" if [ ! -z "$CERT_CN" ];then echo "$CERT_CN" >> xp-cert.log echo "Found xxx${CERT_CN}xxx" if [ -z "`grep \"CN=${CERT_CN},\" certdata.txt`" ];then echo "$line" >> xp-cert.out else echo "$line" >> xp-cert.in fi else CERT_OU="`grep 'Subject:.*OU=' $TMPF | sed 's,.*\,[[:space:]]*OU=,,' | sed 's,/emailAddress=.*,,'`" echo "$CERT_OU" >> xp-cert.log echo "Found xxx${CERT_OU}xxx" if [ -z "`grep \"OU=${CERT_OU},\" certdata.txt`" ];then echo "$line" >> xp-cert.out else echo "$line" >> xp-cert.in fi fi rm $TMPF } ################################################################################ ################################################################################ #864000s = 1DAY #2592000 = 30DAYS check_certificate() { RESULTAT='GOOD' if [ ! -e "$1" ] ; then echo "ERROR check_certificate() $1 do not exist" return 1; fi if [ -z "$2" ] ; then echo "ERROR check_certificate() missing #2 indent" return 1; fi INDENT="$2" CHECK_CERT_NAME="$1" if [ ! -z "$3" ] ; then CHECK_CERT_NAME="$3" fi #check_whiteliste_cert "$1" #command not found return error code 127 openssl version> /dev/null 2>> $ERROR_OUTPUT_FILE if [ $? -eq 127 ] ; then Display --indent $INDENT --text "No openssl binary" --result WARNING --color RED return 1; fi Display --indent $INDENT --text "Check $CHECK_CERT_NAME" --result INFO --color BLUE INDENT=$(($INDENT+2)) $ECHOCMD -n "\033[${INDENT}C" && openssl x509 -in $1 -noout -enddate BADTIME=1000000 for check_time in 0 604800 2592000 do PERIOD_NAME='now' if [ $check_time -eq 604800 ] ; then PERIOD_NAME='week' fi if [ $check_time -eq 2592000 ] ; then PERIOD_NAME='month' fi openssl x509 -in $1 -noout -checkend $check_time if [ $? -eq 1 ] ; then if [ $BADTIME -eq 1000000 ] ; then if [ $check_time -eq 0 ] ; then Display --indent $INDENT --text "Cert is outdated " --result WARNING --color RED --advice CERTIFICATE_OUTDATED else Display --indent $INDENT --text "Cert < 1 $PERIOD_NAME " --result WARNING --color RED --advice CERTIFICATE_OUTDATED fi RESULTAT='BAD' BADTIME=$check_time fi fi done if [ $BADTIME -eq 1000000 ] ; then Display --indent $INDENT --text "Cert expiration date > 1 month " --result OK --color GREEN fi #Get signature algorithm, we do not want MD5 hash http://www.win.tue.nl/hashclash/rogue-ca/ #md2WithRSAEncryption is bad #md5WithRSAEncryption is bad #sha1WithRSAEncryption is good #sha256WithRSAEncryption is good #ecdsa-with-SHA384 is ? #dsaWithSHA1 ? CERT_TMP_RESULT="${TEMPYASATDIR}/cert.out" openssl x509 -in $1 -text > $CERT_TMP_RESULT MINIMUM_KEY_SIZE=2048 SIGN_ALGO="`grep 'Signature Algorithm:' $CERT_TMP_RESULT | cut -d\: -f2 | sort | uniq`" if [ ! -z "$SIGN_ALGO" ] ; then for signalgo in $SIGN_ALGO do if [ ! -z "`echo $signalgo |grep -iE 'md5WithRSAEncryption|md2WithRSAEncryption'`" ] ; then Display --indent $INDENT --text "Signature Algorithm: $signalgo" --result BAD --color RED --advice GLOBAL_UNSECURE_SIGN_ALGO RESULTAT='BAD' else Display --indent $INDENT --text "Signature Algorithm: $signalgo" --result GOOD --color GREEN fi if [ "$signalgo" = 'ecdsa-with-SHA384' ] ; then MINIMUM_KEY_SIZE=384 fi done fi #get Public-Key: size PUBKEYSIZE="`grep 'Public.Key:' $CERT_TMP_RESULT | cut -d\( -f2 | cut -d\ -f1`" if [ -z "$PUBKEYSIZE" -a "$SIGN_ALGO" = 'ecdsa-with-SHA384' ] ; then PUBKEYSIZE=384 fi if [ -z "$PUBKEYSIZE" ] ; then Display --indent $INDENT --text "Cannot get Key size" --result BUG --color RED echo "Cannot read keysize in $1" >> $ERROR_OUTPUT_FILE else if [ "$PUBKEYSIZE" -lt $MINIMUM_KEY_SIZE ] ; then Display --indent $INDENT --text "Key size: $PUBKEYSIZE" --result BAD --color RED --advice GLOBAL_RSA_KEY_SIZE RESULTAT='BAD' else Display --indent $INDENT --text "Key size: $PUBKEYSIZE" --result GOOD --color GREEN fi fi } ################################################################################ ################################################################################ #check that a private key is well owned (generally root:root 600) #check also if it is password protected # arg1 is the file to be tested # arg2 is the indent for display # arg3 is the application type (optional) # arg4 is the owner (optional) # arg5 is the group (optional) check_private_key() { if [ ! -e "$1" ] ; then Display_error "ERROR: check_private_key() $1 do not exist" return 1; fi if [ -z "$2" ] ; then Display_error "ERROR: check_private_key() missing #2 (indent)" return 1; fi #TODO 600 is perhaps a bit too much, some OS have a sslcert/sslpriv group (and also ldap, mail) if [ $# -ge 3 ] ; then if [ "$3" = 'ssh' ] ; then check_a_file "$1" "$2" "$4" "$5" 600 else if [ "$3" = 'sshd' ];then SSH_KEYS_GROUP="$ROOTGROUP" if [ "$LINUX_VERSION" = 'Fedora' ];then SSH_KEYS_GROUP='ssh_keys' fi if [ -z "`grep ^${SSH_KEYS_GROUP}: $SCAN_ROOT/etc/group`" ];then SSH_KEYS_GROUP="$ROOTGROUP" fi check_a_file "$1" "$2" root "$SSH_KEYS_GROUP" 600 else check_a_file "$1" "$2" root "$ROOTGROUP" 600 fi fi fi if [ ! -z "`grep 'SSH PRIVATE KEY FILE FORMAT 1.1' $1`" ];then # I do not found a way to easily found informations stored in this format Display --indent $2 --text "SSH PRIVATE KEY FILE FORMAT 1.1" --result INFO --color BLUE return 0; fi Check_tool_presence openssl LOCAL if [ $? -ne 0 ] ; then Display --indent $2 --text "No openssl binary" --result INFO --color BLUE return 1; fi #for the moment, I just test for this Proc-Type: 4,ENCRYPTED to know if a private key is password protected if [ -z "`grep 'Proc-Type: 4,ENCRYPTED' $1`" ] ; then PASSWORD_PROTECTED='no' else PASSWORD_PROTECTED='yes' #check for encryption type ENCRYPT_METHOD="`grep '^DEK-Info:' $1 |cut -d\ -f2 | cut -d\, -f1`" if [ "$ENCRYPT_METHOD" = 'DES-CBC' ];then Display --indent $2 --text "$1 encryption method" --result $ENCRYPT_METHOD --color RED else Display --indent $2 --text "$1 encryption method" --result $ENCRYPT_METHOD --color GREEN fi fi #sshd could not use password protected key if [ "$3" != 'sshd' -a "$3" != 'ssh' ] ; then if [ "$PASSWORD_PROTECTED" = 'no' ];then Display --indent $2 --text "$1 is not password protected" --result BAD --color ORANGE --advice GLOBAL_PRIVATE_KEY_NOT_PASSWORD_PROTECTED else Display --indent $2 --text "$1 is password protected" --result OK --color GREEN fi fi TMP_RESULT="${TEMPYASATDIR}/ssl.out" KEYTYPE="`grep 'BEGIN.*PRIVATE KEY-----' $1 | cut -d\ -f2`" if [ "$KEYTYPE" = 'PRIVATE' ] ; then #ok, we have a file with no information, try with that openssl x509 -in $1 -text > "$TMP_RESULT" 2>> $ERROR_OUTPUT_FILE if [ $? -ne 0 ] ; then openssl rsa -in $1 -text > "$TMP_RESULT" 2>> $ERROR_OUTPUT_FILE fi if [ ! -z "`grep -i rsa $TMP_RESULT`" ] ; then KEYTYPE='RSA' fi rm "${TMP_RESULT}" fi if [ "$KEYTYPE" = 'RSA' ] ; then if [ "$PASSWORD_PROTECTED" = 'no' ] ; then openssl rsa -in $1 -text 2>> $ERROR_OUTPUT_FILE > $TMP_RESULT if [ $? -eq 0 ] ; then KEYSIZE="`grep 'Private-Key' $TMP_RESULT |cut -d\ -f2 | cut -d\( -f2`" if [ $KEYSIZE -lt 2048 ] ; then Display --indent $2 --text "$1 keysize" --result $KEYSIZE --color RED --advice GLOBAL_RSA_KEY_SIZE else Display --indent $2 --text "$1 keysize" --result $KEYSIZE --color GREEN fi else Display --indent $2 --text "openssl error on $1" --result 'ERROR' --color RED --advice YASAT_BUG fi else Display --indent $2 --text "Cannot check size" --result 'SKIP' --color BLUE fi # else #it is a DSA or EC key #DSA key is 1024bits, so useless to test its size fi return $? } ################################################################################ ################################################################################ check_user_cron() { if [ -z "$1" ] then echo 'Erreur manque argument de check_user_cron()' fi if [ -e "/var/spool/cron/$1" ]; then RESULTAT="YES" else RESULTAT="NO" fi } ################################################################################ ################################################################################ check_user_crontab() { if [ -z "$1" ] then echo 'Erreur manque argument de check_user_cron()' fi RESULTAT=`crontab -l |grep -v 'no crontab for'` } ################################################################################ ################################################################################ #not finished check_system_cron() { grep -v '^#' /etc/crontab | while read line do # echo "$line" RESULTAT=`echo $line | awk '{print $7 }'` if [ ! -z "$RESULTAT" ] then TMP_CRONUSER=`echo $line | awk '{print $6 }'` echo "$line" echo "$TMP_CRONUSER" fi done } ################################################################################ ################################################################################ #Check file for # # $1 is the path to the file # $2 is the indent # $3 is the owner (or NULL) # $4 is the group (or NULL) # $5 is right check_a_file() { GOT_ERROR=0 if [ -z "$1" ] ; then echo "ERROR check_a_file() missing parameter #1 (path to the file)" return 1; fi if [ ! -e "$1" ] ; then echo "ERROR check_a_file() $1 do not exists" return 1; fi if [ -z "$2" ] ; then echo "ERROR check_a_file() missing parameter #2" return 1; fi if [ -z "$3" ] ; then echo "ERROR check_a_file() missing parameter #3 (owner)" return 1; fi if [ -z "$4" ] ; then echo "ERROR check_a_file() missing parameter #4" return 1; fi if [ -z "$5" ] ; then echo "ERROR check_a_file() missing parameter #5" return 1; fi if [ "$3" != 'NULL' ] ; then USER="`stat $STAT_USER $1`" if [ "$USER" != "$3" ] ; then Display --indent $2 --text "$1 is not $3 owned" --result WARNING --color RED GOT_ERROR=1 fi fi if [ "$4" != 'NULL' ] ; then GROUP="`stat $STAT_GROUP $1`" if [ "$GROUP" != "$4" ] ; then Display --indent $2 --text "$1 is not $4 grouped" --result WARNING --color RED GOT_ERROR=1 fi fi if [ "$5" != 'NULL' ] ; then RIGHT="`stat $STAT_RIGHT $1`" compare_right $RIGHT $5 YES if [ $? -ne 0 ] ; then # if [ "$RIGHT" != "$5" ] ; then Display --indent $2 --text "$1 is not $5 but $RIGHT" --result WARNING --color RED add_correction "chmod $5 $1" GOT_ERROR=1 fi fi if [ $GOT_ERROR -eq 0 ] ; then Display --indent $2 --text "$1 is $3:$4 $RIGHT" --result GOOD --color GREEN fi return $GOT_ERROR } ################################################################################ ################################################################################ #Check file for # - Not writable by others # - Info when suid or other things # - Not root:root owned # # $1 is the path to the file # $2 is the indent # $3 is the type (NORMAL PRIVKEY BINARY CERT etc..) # check_file() { if [ "$1x" = "x" ] ; then echo "ERROR check_file() missing parameter #1" return 1; fi BINARY_TO_CHECK="$1" if [ "$2x" = "x" ] ; then echo "ERROR check_file() missing parameter #2" return 1; fi if [ "$3x" = "x" ] ; then echo "ERROR check_file() missing parameter #3" return 1; fi if [ ! -e "$1" ] ; then echo "ERROR check_file() $1 do not exist" return 1; fi if [ -L $1 ] ; then TARGET="`readlink $1`" # if [ "$TARGET" = "`basename $TARGET`" ] ; then if [ ! -z "`echo $TARGET |grep '\./' `" ] ; then BINARY_TO_CHECK="`dirname $1`/`readlink $1`" else BINARY_TO_CHECK="$TARGET" fi echo "Warning $1 is a link using $BINARY_TO_CHECK" fi GOOD=1 USER="`stat $STAT_USER $BINARY_TO_CHECK`" GROUP="`stat $STAT_GROUP $BINARY_TO_CHECK`" RIGHT="`stat $STAT_RIGHT $BINARY_TO_CHECK`" RIGHT_L="`echo $RIGHT | wc -c`" if [ "$USER" != 'root' ] ; then Display --indent $2 --text "$BINARY_TO_CHECK is not root owned" --result WARNING --color RED --advice GLOBAL_FILE_MUST_BE_OWNED_BY_ROOT GOOD=0 add_correction "chown root $BINARY_TO_CHECK" fi #TODO on OpenBSD 5.6 bins are under bin group, do something betther than this hack if [ "$GROUP" != "$ROOTGROUP" -a "$GROUP" != "bin" ] ;then Display --indent $2 --text "$BINARY_TO_CHECK is not $ROOTGROUP (group) owned" --result WARNING --color RED --advice GLOBAL_FILE_MUST_BE_GROUPED_BY_ROOT GOOD=0 fi if [ "$3" = "CERT" ] ; then check_certificate $BINARY_TO_CHECK $2 fi if [ "$3" = "PRIVKEY" ] ; then check_private_key $BINARY_TO_CHECK $2 if [ $? -ne 0 ] ; then GOOD=0 fi fi if [ $RIGHT_L -ge 5 ] ; then #not common right RIGHT_O="`echo $RIGHT | cut -b 4`" Display --indent $2 --text "$BINARY_TO_CHECK is a spetial binary (suid etc)" --result WARNING --color RED #TODO check what is spetial else #common right RIGHT_O="`echo $RIGHT | cut -b 3`" case $3 in PRIVKEY) if [ $RIGHT_O -ge 1 ] ; then Display --indent $2 --text "$BINARY_TO_CHECK is other accessible" --result WARNING --color RED --advice GLOBAL_FILE_OTHER_READABLE GOOD=0 fi ;; NORMAL) if [ $RIGHT_O -eq 7 -o $RIGHT_O -eq 6 ] ; then Display --indent $2 --text "$BINARY_TO_CHECK is other writable" --result WARNING --color RED --advice GLOBAL_FILE_OTHER_WRITABLE GOOD=0 fi ;; CERT) if [ $RIGHT_O -eq 7 -o $RIGHT_O -eq 6 ] ; then Display --indent $2 --text "$BINARY_TO_CHECK is other writable" --result WARNING --color RED --advice GLOBAL_FILE_OTHER_WRITABLE GOOD=0 fi ;; BINARY) if [ $RIGHT_O -eq 7 -o $RIGHT_O -eq 6 ] ; then Display --indent $2 --text "$BINARY_TO_CHECK is other writable" --result WARNING --color RED --advice GLOBAL_FILE_OTHER_WRITABLE fi #how about non-linux ? Check_tool_presence readelf if [ "$RESULTAT" = 'notfound' ];then Display --indent $2 --text "readelf tool" --result NOTFOUND --color BLUE else if [ -z "`readelf -h $BINARY_TO_CHECK 2>/dev/null| grep 'Type:'`" ] ; then Display --indent $2 --text "$BINARY_TO_CHECK isnt a binary according to readelf" --result BAD --color ORANGE else #check for SSP and PIE #__stack_smash_handler for OpenBSD #__stack_chk_fail for Linux / FreeBSD readelf -s $BINARY_TO_CHECK | grep -qE '__stack_chk_fail|__stack_smash_handler' if [ $? -eq 0 ] ; then Display --indent $2 --text "$BINARY_TO_CHECK have SSP" --result GOOD --color GREEN else Display --indent $2 --text "$BINARY_TO_CHECK havent SSP" --result BAD --color ORANGE --advice GLOBAL_BINARY_SSP fi readelf -h $BINARY_TO_CHECK | grep -q 'Type:[[:space:]]*DYN' if [ $? -eq 0 ] ; then Display --indent $2 --text "$BINARY_TO_CHECK is PIE" --result GOOD --color GREEN else Display --indent $2 --text "$BINARY_TO_CHECK isnt PIE" --result BAD --color ORANGE --advice GLOBAL_BINARY_PIE fi fi fi GOOD=0 ;; *) echo "ERROR unrecognized type" ;; esac fi if [ $GOOD -eq 1 ] ; then Display --indent $2 --text "$BINARY_TO_CHECK $USER $GROUP $RIGHT" --result OK --color GREEN fi } ################################################################################ ################################################################################ # Check dir owner # Param #1 is the PATH to be checked # Param #2 is the user that must own the directory # Param #3 is the file that get output of this function # Param #4 is the indent value for print info # Param #5 is the advice to be displayed in case of non-conformity check_directory_owner() { Debug "DEBUG: check_directory_owner begin" if [ -z "$1" ]; then Display_error 'ERROR: missing parameter #1 (PATH) for check_directory_owner()' return 1; fi if [ ! -e $1 ]; then Display_error "ERROR: check_directory_owner() $1 do not exist" return 1; fi if [ -z "$2" ]; then Display_error 'ERROR: missing parameter #2 (owner id) for check_directory_owner()' return 1; fi if [ -z "$3" ]; then Display_error 'ERROR: missing parameter #3 (path to the output) for check_directory_owner()' return 1; fi if [ -z "$4" ]; then Display_error 'ERROR: missing parameter #4 (indent) for check_directory_owner()' return 1; fi if [ -z "$5" ]; then Display_error 'ERROR: missing parameter #5 (advice) for check_directory_owner()' return 1; fi find "$1" ! -user $2 > $3 RESULTAT=`cat $3 | wc -l` if [ $RESULTAT -eq 0 ];then Display --indent $4 --text "Owner of $1" --result OK --color GREEN else Display --indent $4 --text "$RESULTAT files have invalid owning != $2 in $1" --result WARNING --color RED --advice $5 fi } ################################################################################ ################################################################################ #Check that a directory is group-ed by a group # Param #1 is the PATH to be checked # Param #2 is the group that must own the directory # Param #3 is the file that get output of this function # Param #4 is the indent value for print info check_directory_group() { if [ -z "$1" ] ;then echo 'Error missing parameter #1 (PATH) for check_directory_group()' return 1; fi if [ ! -e "$1" ] ;then echo "check_directory_group() Error $1 do not exist" return 1; fi if [ -z "$2" ] ;then echo 'Error missing parameter #2 (group) for check_directory_group()' return 1; fi if [ -z "$3" ] ;then echo 'Error missing parameter #3 (path to the output) for check_directory_group()' return 1; fi if [ -z "$4" ] ;then echo 'Error missing parameter #4 (indent) for check_directory_group()' return 1; fi ADVICE="--advice $5" if [ -z "$5" ] ; then ADVICE='' fi find "$1" ! -group "$2" > "$3" RESULTAT=`cat "$3" | wc -l` if [ $RESULTAT -eq 0 ] ;then Display --indent $4 --text "Group of $1" --result OK --color GREEN else Display --indent $4 --text "$RESULTAT files have invalid group owning != $2 in $1" --result WARNING --color RED $ADVICE fi } ################################################################################ ################################################################################ #Check that a directory do not have right for the world # Param #1 is the PATH to be checked # Param #2 is the file that get output of this function # Param #3 is the indent value for print info # Param #4 is the advice check_directory_others() { Debug "DEBUG: check_directory_others begin" if [ -z "$1" ] ;then echo 'Error missing parameter #1 (PATH) for check_directory_others()' return 1; fi if [ ! -e "$1" ] ;then echo "check_directory_others() Error $1 do not exist" return 1; fi if [ -z "$2" ] ;then echo 'Error missing parameter #2 (path to the output) for check_directory_others()' return 1; fi if [ -z "$3" ] ;then echo 'Error missing parameter #3 (indent) for check_directory_others()' return 1; fi if [ -z "$4" ] ;then echo 'Error missing parameter #4 (advice) for check_directory_others()' return 1; fi NSAGID=0 CCEID=0 if [ ! -z "$5" ] ; then NSAGID="$5" fi if [ ! -z "$6" ] ; then CCEID="$6" fi find "$1" ! -type l -perm $ORWX > $2 RESULTAT=`cat $2 | wc -l` if [ $RESULTAT -eq 0 ] ;then Display --indent $3 --text "Rights of $1" --result OK --color GREEN Compliance --result 'OK' --plugin notknown --nsag $NSAGID --cce $CCEID else Display --indent $3 --text "$RESULTAT files have invalid others rights in $1" --result WARNING --color RED --advice $4 add_correction "chmod -R $CORRECT_ORWX $1" Compliance --result 'NOK' --plugin notknown --nsag $NSAGID --cce $CCEID fi } ################################################################################ ################################################################################ #Check dir check_directory_writable_by_group() { if [ -z "$1" ] then echo 'Error missing parameter #1 (PATH) for check_directory_writable_by_group()' return 1; fi if [ ! -e "$1" ] then echo "check_directory_writable_by_group() Error $1 do not exist" return 1; fi if [ -z "$2" ] then echo 'Error missing parameter #2 (group) for check_directory_writable_by_group()' return 1; fi if [ -z "$3" ] then echo 'Error missing parameter #3 (path to the output) for check_directory_writable_by_group()' return 1; fi if [ -z "$4" ] then echo 'Error missing parameter #4 (indent) for check_directory_writable_by_group()' return 1; fi find "$1" ! -type l -perm $PERM_GW > $3 RESULTAT=`cat $3 | wc -l` if [ $RESULTAT -eq 0 ] then Display --indent $4 --text "$2 cannot write $1" --result OK --color GREEN else Display --indent $4 --text "$2 can write $RESULTAT files in $1" --result WARNING --color RED --advice $5 fi } ################################################################################ ################################################################################ prepare_kernel_config() { if [ -e "${TEMPYASATDIR}/kernel_config" ] ;then rm "${TEMPYASATDIR}/kernel_config" fi #config can be found at /boot/config-`uname -r` if [ -e "/boot/config-`uname -r`" ] ;then Display --indent 2 --text "/boot/config-`uname -r`" --result FOUND --color GREEN cat "/boot/config-`uname -r`" > "${TEMPYASATDIR}/kernel_config" fi # if user give me the path to a .config, I wont read /proc/config.gz if [ -z ${YASAT_PATH_TO_KERNEL_CONFIG:-""} ] ;then YASAT_PATH_TO_KERNEL_CONFIG='/usr/src/linux/.config' if [ -e /proc/config.gz ] ;then Display --indent 2 --text "/proc/config.gz" --result FOUND --color GREEN zcat /proc/config.gz > ${TEMPYASATDIR}/kernel_config else if [ -e "${TEMPYASATDIR}/kernel_config" ] ;then #we have already found .config elsewhere Display --indent 2 --text "/proc/config.gz" --result NOTFOUND --color BLUE else Display --indent 2 --text "/proc/config.gz" --result NOTFOUND --color ORANGE --advice KERNEL_NO_CONFIG fi fi fi if [ ! -e "${TEMPYASATDIR}/kernel_config" ] ;then if [ -e "$YASAT_PATH_TO_KERNEL_CONFIG" ] ;then Display --indent 2 --text "$YASAT_PATH_TO_KERNEL_CONFIG" --result FOUND --color GREEN cat "$YASAT_PATH_TO_KERNEL_CONFIG" > ${TEMPYASATDIR}/kernel_config else Display --indent 2 --text "$YASAT_PATH_TO_KERNEL_CONFIG" --result NOTFOUND --color ORANGE --advice KERNEL_NO_CONFIG fi fi } ################################################################################ ################################################################################ # Find where the apache config is # No argument Find_apache_conf_location() { for LOCATION in ${POSSIBLE_APACHE_CONFIG_LOCATION} do if [ -e "$SCAN_ROOT/${LOCATION}/apache.conf" -o -e "$SCAN_ROOT/${LOCATION}/httpd.conf" -o "$SCAN_ROOT/${LOCATION}/apache2.conf" ] ;then export APACHE_CONF_REP="`echo $SCAN_ROOT/${LOCATION} | sed 's,//*,/,g'`" return 0; fi done export APACHE_CONF_REP='NOTFOUND' return 1; } ################################################################################ ################################################################################ # Having multiple apache is rare, and for the moment not handled apache_I_want_only_one() { if [ ! -e $TEMPYASATDIR/apache_list ];then return 1 fi if [ `cat $TEMPYASATDIR/apache_list | wc -l` -ge 2 ];then Display --indent 2 --text "I will scan only the first apache" --result WARN --color ORANGE fi export APACHE_CONF_REP=`head -n1 $TEMPYASATDIR/apache_list | sed 's,//*,/,g'` } ################################################################################ ################################################################################ # Produce a list of apache directory in $TEMPYASATDIR/apache_list # if something wrong or no apache foudn return 1 apache_find_conf() { local apache_conf if [ -e "$TEMPYASATDIR/apache_list" ] ; then rm "$TEMPYASATDIR/apache_list" fi NB_APACHE_CONF=0 POSSIBLE_APACHE_CONFIG_LOCATION="$POSSIBLE_APACHE_CONFIG_LOCATION /home/svn/rekup/yasat/tests/fakeroot/etc/apache2/" for apache_conf in $POSSIBLE_APACHE_CONFIG_LOCATION do if [ -e "$SCAN_ROOT/$apache_conf/httpd.conf" -o -e "$SCAN_ROOT/$apache_conf/apache2.conf" ];then Display --indent 2 --text "Apache configuration $SCAN_ROOT/$apache_conf" --result FOUND --color BLUE echo "$SCAN_ROOT/$apache_conf" >> $TEMPYASATDIR/apache_list NB_APACHE_CONF=$(($NB_APACHE_CONF+1)) fi done Display --indent 2 --text "Found $NB_APACHE_CONF apache configuration" --result FOUND --color BLUE if [ $NB_APACHE_CONF -eq 0 ];then return 1 fi } ################################################################################ ################################################################################ # agregate all httpd conf in one file prepare_apache_conf() { if [ $# -ne 1 ];then Display_error 'Error: missing parameter #1 (apache directory) for prepare_apache_conf()' return 1; fi if [ ! -d "$1" ];then Display_error "prepare_apache_conf() Error: $1 is not a directory" return 1; fi Display --indent 2 --text "Prepare analysis of $1" --result INFO --color BLUE if [ -e "$TEMPYASATDIR/apache.conf" ] ; then rm "$TEMPYASATDIR/apache.conf" fi if [ -e "$TEMPYASATDIR/apache.conf.found" ] ; then rm "$TEMPYASATDIR/apache.conf.found" fi if [ -e "$1/apache2.conf" ] ; then grep -v '^[[:space:]]*#' $1/apache2.conf > "$TEMPYASATDIR/apache.conf" echo "$1/apache2.conf" >> "$TEMPYASATDIR/apache.conf.found" fi if [ -e "$1/httpd.conf" ] ; then grep -v '^[[:space:]]*#' $1/httpd.conf >> "$TEMPYASATDIR/apache.conf" echo "$1/httpd.conf" >> "$TEMPYASATDIR/apache.conf.found" fi if [ -e "$1/httpd2.conf" ] ;then grep -v '^[[:space:]]*#' $1/httpd2.conf >> "$TEMPYASATDIR/apache.conf" echo "$1/httpd2.conf" >> "$TEMPYASATDIR/apache.conf.found" fi if [ ! -e "$TEMPYASATDIR/apache.conf" ] ;then Display --indent 2 --text "I cannot find apache configuration" --result WARNING --color RED return 1; fi FindValueOf "$TEMPYASATDIR/apache.conf" "ServerRoot" if [ -z "$RESULTAT" ] ; then Display --indent 2 --text "No ServerRoot found, defaulting to /etc/apache2" --result WARNING --color BLUE SERVERROOT='/etc/apache2' else SERVERROOT=`echo $RESULTAT | sed 's/^\"//' | sed 's/\"$//'` fi grep -i '^[[:space:]]*include' "$TEMPYASATDIR/apache.conf" | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]][[:space:]]*//g' | sort | uniq | while read TMP_FILES do # TMP_FILES="`echo \"$line\" | sed 's/^[[:space:]]*include[[:space:]]*//gI'`" # echo "$TMP_FILES" #Check for relative files FIRST_CHAR=`echo $TMP_FILES | cut -b 1` if [ "$FIRST_CHAR" != "/" ];then # echo "Debug relative path" TMP_FILES="$SERVERROOT/$TMP_FILES" fi if [ -d "$TMP_FILES" ];then Debug "$TMP_FILES has no wildward" TMP_FILES="$TMP_FILES/*" fi Debug "Add $TMP_FILES" echo "$TMP_FILES" >> "$TEMPYASATDIR/apache.conf.found" #-s for be sure that on a minimal config with no modules/*.conf no errors would be printed grep -vsh '^[[:space:]]*#' $TMP_FILES > "$TEMPYASATDIR/apache.conf.tmp" grep -vsh '^[[:space:]]*#' $TMP_FILES >> "$TEMPYASATDIR/apache.conf" #check recursivly for additional includes grep -ih '^[[:space:]]*include' "$TEMPYASATDIR/apache.conf.tmp" | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]][[:space:]]*//g' | sort | uniq | while read TMP_FILESS do # echo "$TMP_FILESS" grep -vh '^[[:space:]]*#' $TMP_FILESS >> "$TEMPYASATDIR/apache.conf" done done mv "$TEMPYASATDIR/apache.conf" "$TEMPYASATDIR/apache.conf.orig" #clean the file grep -v '^[[:space:]]*$' "$TEMPYASATDIR/apache.conf.orig" | sed 's,^[[:space:]]*,,' | sed 's,#.*,,' > "$TEMPYASATDIR/apache.conf" } ################################################################################ ################################################################################ # filter content from $1 in $2 prepare_bind_conf_add() { local in_comment=0 if [ ! -e "$1" -o -d "$1" ];then return 1 fi if [ $# -ne 2 ];then Display_error "ERROR: Not enought parameter to prepare_bind_conf_add()" return 1 fi #TODO filter ending ';' ? grep -v '^[[:space:]]*#' "$1" | sed 's,^[[:space:]]*,,' | grep -v '^[[:space:]]*$' \ | grep -v '^[[:space:]]*//' \ | sed 's,[[:space:]]{[[:space:]]*,\n{,' \ | sed 's,{[a-z0-9],\n&,' \ | sed 's,;,\n,g' \ | grep -v '^$' \ | while read line do echo "$line" | grep -q '/\*' if [ $? -eq 0 ];then #if [ ! -z `echo "$line" | grep '/\*'` ];then #echo "MATCH begin $line" in_comment=1 fi if [ $in_comment -eq 0 ];then echo "$line" >> "$2" fi echo "$line" | grep -q '\*/' #if [ ! -z "`echo $line | grep '\*/'`" ];then if [ $? -eq 0 ];then #echo "MATCH end $line" in_comment=0 fi done } ################################################################################ ################################################################################ # prepare a bind configuration to be parsed # arg1 is the full path to bind conf # arg2 is bind_conf_rep prepare_bind_conf() { if [ $# -ne 2 ];then Display_error 'ERROR: prepare_bind_conf: missing parameter #1 (named configuration)' return 1; fi if [ ! -e "$1" ];then Display_error "ERROR: prepare_bind_conf() ERROR: prepare_bind_conf: Cannot find $1" return 1; fi if [ -e "$TEMPYASATDIR/named.conf" ]; then rm "$TEMPYASATDIR/named.conf" fi > "$TEMPYASATDIR/named.conf" echo "$1" > "$TEMPYASATDIR/named.filelist" prepare_bind_conf_add "$1" "$TEMPYASATDIR/named.conf" if [ ! -e "$TEMPYASATDIR/named.conf" ]; then Display --indent 2 --text "I cannot find bind configuration" --result WARNING --color RED return 1; fi local bind_base_dir="$2" # Check if directory is present FindValueOf "$TEMPYASATDIR/named.conf" 'directory' JUSTTEST if [ ! -z "$RESULTAT" ];then bind_base_dir="${BIND_CHROOT_DIR}`echo $RESULTAT | sed 's,\",,g'| sed 's,;,,'`" fi #now include all includes:) grep -i '^[[:space:]]*include' "$TEMPYASATDIR/named.conf" | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]][[:space:]]*//g' | sed 's/";*//g' | sort | uniq | while read bind_conf_include do local FIRST_CHAR=`echo $bind_conf_include | cut -b 1` if [ "$FIRST_CHAR" != "/" ];then echo "$bind_base_dir/$bind_conf_include" >> "$TEMPYASATDIR/named.filelist" prepare_bind_conf_add "$bind_base_dir/$bind_conf_include" "$TEMPYASATDIR/named.conf" else echo "$BIND_CHROOT_DIR/$bind_conf_include" >> "$TEMPYASATDIR/named.filelist" prepare_bind_conf_add "$BIND_CHROOT_DIR/$bind_conf_include" "$TEMPYASATDIR/named.conf" fi done return 0 } ################################################################################ ################################################################################ # filter content from $1 in $2 prepare_dovecot_conf_add() { if [ ! -e "$1" -o -d "$1" ];then return 1 fi if [ $# -ne 2 ];then Display_error "ERROR: Not enought parameter to prepare_dovecot_conf_add()" return 1 fi grep -v '^[[:space:]]*#' "$1" | sed 's,^[[:space:]]*,,' | grep -v '^[[:space:]]*$' \ | grep -v '^[[:space:]]*//' \ | sed 's,[[:space:]]{[[:space:]]*,\n{,' \ | sed 's,{[a-z0-9],\n&,' \ | sed 's,;,\n,g' \ | grep -v '^$' \ | while read line do echo "$line" >> "$2" done } ################################################################################ ################################################################################ prepare_dovecot_conf() { if [ $# -ne 2 ];then Display_error 'ERROR: prepare_dovecot_conf: missing parameter #1 (named configuration)' return 1; fi if [ ! -e "$1" ];then Display_error "ERROR: prepare_dovecot_conf() ERROR: prepare_dovecot_conf: Cannot find $1" return 1; fi if [ -e "$TEMPYASATDIR/dovecot.conf" ]; then rm "$TEMPYASATDIR/dovecot.conf" fi > "$TEMPYASATDIR/dovecot.conf" echo "$1" > "$TEMPYASATDIR/dovecot.filelist" prepare_dovecot_conf_add "$1" "$TEMPYASATDIR/dovecot.conf" grep -i '^[[:space:]]*!include[[:space:]]' "$TEMPYASATDIR/dovecot.conf" | cut -d\ -f2 | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]][[:space:]]*//g' | sed 's/";*//g' | sort | uniq | while read dovecot_conf_include do for include_file in `ls $2/$dovecot_conf_include` do prepare_dovecot_conf_add $include_file "$TEMPYASATDIR/dovecot.conf" done done return 0 } ################################################################################ ################################################################################ # with a initial config file, generate a parseable config file # add all files with include # similar to prepare_apache_conf prepare_generic_conf() { if [ -z "$1" ] then echo 'Error missing parameter #1 (initial config file) for prepare_generic_conf()' return 1; fi if [ ! -e $1 ] then echo "prepare_generic_conf() Error $1 is not a config file" return 1; fi if [ -z "$2" ] then echo "prepare_generic_conf() Missing parameter #2 (output file)" return 1; fi if [ -e "$2" ] then cp "$2" "$2.bak" rm "$2" fi grep -v '^[[:space:]]*#' $1 | grep -v '^[[:space:]]*$' | grep -v '^;' > "$2" if [ ! -e "$2" ] then Display --indent 2 --text "I cannot find output configuration" --result WARNING --color RED return 1; fi grep -i '^[[:space:]]*include' "$2" | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]][[:space:]]*//g' | sed 's/";*//g' | sort | uniq | while read TMP_FILES do #Check for relative files FIRST_CHAR=`echo $TMP_FILES | cut -b 1` if [ "$FIRST_CHAR" != "/" ] then # echo "Debug relative path" TMP_FILES="$1/$TMP_FILES" fi if [ -d "$TMP_FILES" ] then Debug "$TMP_FILES has no wildward" TMP_FILES="$TMP_FILES/*" fi Debug "Add $TMP_FILES" grep -vh '^[[:space:]]*#' $TMP_FILES > "$2.tmp" grep -vh '^[[:space:]]*#' $TMP_FILES >> "$2" #check recursivly for additional includes grep -ih '^[[:space:]]*include' "$2.tmp" | sed 's/^[[:space:]]*[a-zA-Z][a-zA-Z]*[[:space:]][[:space:]]*//g' | sed 's/";*//g' | sort | uniq | while read TMP_FILESS do # echo "$TMP_FILESS" grep -vh '^[[:space:]]*#' $TMP_FILESS | grep -v '^[[:space:]]*$' | grep -v '^/'>> "$2" done done } ################################################################################ ################################################################################ #return the options of the partition #we could do the same with mount but bsd do not print the same infos # TODO I dont like all thoses if for ids check_partition() { if [ -z "$1" ] ; then echo "ERROR check_partition() Missing arg #1 (mount point)" return 1; fi RESULTAT='' EL_MOUNT=`grep -v '^#' ${SCAN_ROOT}/etc/fstab |grep "$1/*[[:space:]]"` if [ "$2" = 'SEPARATE' ] ; then T_CCEID='' T_NSAGID='' if [ "$1" = '/tmp' ] ; then T_CCEID='14161-4' ; T_NSAGID='2.1.1.1.1'; fi if [ "$1" = '/var' ] ; then T_CCEID='14777-7' ; T_NSAGID='2.1.1.1.2'; fi if [ "$1" = '/var/log' ] ; then T_CCEID='14011-1' ; T_NSAGID='2.1.1.1.3'; fi if [ "$1" = '/var/log/audit' ] ; then T_CCEID='14171-3' ; T_NSAGID='2.1.1.1.4'; fi if [ "$1" = '/home' ] ; then T_CCEID='14559-9' ; T_NSAGID='2.1.1.1.5'; fi if [ -z "$EL_MOUNT" ] ; then Display --indent 2 --text "$1 is not on a separate partition" --result NOTFOUND --color RED --advice PARTITION_SEPARATE_PART if [ ! -z "$T_CCEID" ] ;then Compliance --result 'NOK' --plugin 'partition' --type 'CCE' --cid $T_CCEID --type 'NSAG' --cid $T_NSAGID fi else Display --indent 2 --text "$1 is on a separate partition" --result FOUND --color GREEN if [ ! -z "$T_CCEID" ] ;then Compliance --result 'OK' --plugin 'partition' --type 'CCE' --cid $T_CCEID --type 'NSAG' --cid $T_NSAGID fi RESULTAT=`echo $EL_MOUNT | sed 's/[[:space:]]/ /g' | cut -d\ -f4` if [ $# -ge 3 ] ; then PART_NAME="$1" shift shift for wflag in "$@" do T_CCEID='' T_NSAGID='' PART_ADV='PARTITION_NOSUID' if [ $wflag = 'nosuid' ] ; then if [ $PART_NAME = '/mnt/cdrom' -o $PART_NAME = '/mnt/floppy' ] ;then T_NSAGID='2.2.1.2'; T_CCEID='4042-8' fi if [ $PART_NAME = '/tmp' ] ;then T_NSAGID='2.2.1.3.1'; T_CCEID='14940-1' ;fi if [ $PART_NAME = '/dev/shm' ] ;then T_NSAGID='2.2.1.3.2'; T_CCEID='14306-5' ;fi fi if [ $wflag = 'nodev' ] ; then PART_ADV='PARTITION_NODEV' if [ $PART_NAME = '/var' -o $PART_NAME = '/var/log' -o $PART_NAME = '/home' ] ; then T_CCEID='4249-9' ;T_NSAGID='2.2.1.1' fi if [ $PART_NAME = '/mnt/cdrom' -o $PART_NAME = '/mnt/floppy' ] ;then T_NSAGID='2.2.1.2'; T_CCEID='3522-0' fi if [ $PART_NAME = '/tmp' ] ;then T_NSAGID='2.2.1.3.1'; T_CCEID='14412-1' ;fi if [ $PART_NAME = '/dev/shm' ] ;then T_NSAGID='2.2.1.3.2'; T_CCEID='15007-8' ;fi fi if [ $wflag = 'noexec' ] ; then PART_ADV='PARTITION_NOEXEC' if [ $PART_NAME = '/mnt/cdrom' -o $PART_NAME = '/mnt/floppy' ] ;then T_NSAGID='2.2.1.2'; T_CCEID='4275-4' fi if [ $PART_NAME = '/tmp' ] ;then T_NSAGID='2.2.1.3.1'; T_CCEID='14927-8' ;fi if [ $PART_NAME = '/dev/shm' ] ;then T_NSAGID='2.2.1.3.2'; T_CCEID='14703-3' ;fi fi if [ -z "`echo $RESULTAT | grep -i $wflag`" ] ;then Display --indent 4 --text "$PART_NAME dont have $wflag" --result NOTFOUND --color ORANGE --advice $PART_ADV if [ ! -z "$T_CCEID" ] ;then Compliance --result 'NOK' --plugin "partition_${PART_NAME}_$wflag" --cce $T_CCEID --nsag $T_NSAGID fi else Display --indent 4 --text "$PART_NAME have $wflag" --result FOUND --color GREEN if [ ! -z "$T_CCEID" ] ;then Compliance --result 'OK' --plugin "partition_${PART_NAME}_$wflag" --cce $T_CCEID --nsag $T_NSAGID fi fi done fi fi return 0; fi if [ -z "$EL_MOUNT" ] ; then # Display --indent 2 --text "$1 is not on a separate partition" --result NOTFOUND --color RED --advice PARTITION_SEPARATE_PART export RESULTAT='ERROR_NO_PARTITION' return 1; fi RESULTAT=`echo $EL_MOUNT | sed 's/[[:space:]]/ /g' | cut -d\ -f4` # Display --indent 2 --text "$1 is on a separate partition" --result FOUND --color GREEN } ################################################################################ ################################################################################ # # must produce a 4 digits results get_full_right() { if [ "$1x" = "x" ] then echo "ERROR get_right() missing parameter #1" return 1; fi if [ ! -e "$1" ] then echo "ERROR $1 do not exists" return 1; fi if [ "$OS" = "FreeBSD" ] then RESULTAT=`stat -f %Mp%Lp $1` else RESULTAT=`stat --format=%a $1` fi } ################################################################################ ################################################################################ # get the right of a file # must produce a 3 digits results get_simple_right() { RESULTAT='Error' if [ "$1x" = "x" ] then echo "ERROR get_simple_right() missing parameter #1 (file to be stated)" return 1; fi if [ ! -e "$1" ] then echo "ERROR $1 do not exists" return 1; fi if [ "$OS" = "FreeBSD" ] then RESULTAT=`stat -f %Lp $1` else RESULTAT=`stat --format=%a $1` fi } ################################################################################ ################################################################################ #For the fun draw_apache_tree() { if [ -z "$1" ] ;then echo "ERROR: draw_apache_tree() missing parameter #1" return 1; fi NUMINDENT=0 #echo '' #echo "Draw apache tree (still in development)" #echo '' while read line do # echo $line if [ ! -z "`echo $line | grep -i '^VHOST'`" ] then echo "|-V- $line" | sed 's/VHOST=//g' NUMINDENT=2 fi if [ ! -z "`echo $line | grep -i '^ENDHOST'`" ] then echo "|" NUMINDENT=0 fi if [ ! -z "`echo $line | grep -i '^ALIAS'`" ] then if [ $NUMINDENT -ge 2 ] then echo "| |-A- $line" | sed 's/ALIAS=//g' else echo "|-A- $line" | sed 's/ALIAS=//g' fi fi if [ ! -z "`echo $line | grep -i '^PASSWORD'`" ] then if [ $NUMINDENT -ge 2 ] then echo '| | |--- PASSWORD' else echo '| |--- PASSWORD' fi fi if [ ! -z "`echo $line | grep -i '^DENYFROMALL'`" ] then if [ $NUMINDENT -ge 2 ] then echo '| | |--- DENYFROMALL' else echo '| |--- DENYFROMALL' fi fi if [ ! -z "`echo $line | grep -i '^AUTHFILE'`" ] then if [ $NUMINDENT -ge 2 ] then echo "| | |-P- $line" | sed 's/AUTHFILE=//g' else echo "| |-P- $line" | sed 's/AUTHFILE=//g' fi fi if [ ! -z "`echo $line | grep -i '^DIRECTORY'`" ] then if [ $NUMINDENT -ge 2 ] then echo "| |-D- $line" | sed 's/DIRECTORY=//g' else echo "|-D- $line" | sed 's/DIRECTORY=//g' fi fi if [ ! -z "`echo $line | grep -i '^LOCATION'`" ] then if [ $NUMINDENT -ge 2 ] then echo "| |-L- $line" | sed 's/LOCATION=//g' else echo "|-L- $line" | sed 's/LOCATION=//g' fi fi if [ ! -z "`echo $line | grep -i '^HLOC'`" ] then if [ $NUMINDENT -ge 2 ] then echo "| |-H- $line" | sed 's/HLOC=//g' else echo "|-H- $line" | sed 's/HLOC=//g' fi fi if [ ! -z "`echo $line | grep -i '^PROXY'`" ] then if [ $NUMINDENT -ge 2 ] then echo "| |-Pr- $line" | sed 's/PROXY=//g' else echo "|-Pr- $line" | sed 's/PROXY=//g' fi fi if [ ! -z "`echo $line | grep -i '^JKMOUNT'`" ] then if [ $NUMINDENT -ge 2 ] then echo "| |-J- $line" | sed 's/JKMOUNT=//g' else echo "|-J- $line" | sed 's/JKMOUNT=//g' fi fi if [ ! -z "`echo $line | grep -i '^SERVERNAME'`" ] then if [ $NUMINDENT -ge 2 ] then echo "| |-SN- $line" | sed 's/SERVERNAME=//g' else echo "|-SN- $line" | sed 's/SERVERNAME=//g' fi fi if [ ! -z "`echo $line | grep -i '^DEFLATE'`" ] ; then if [ $NUMINDENT -ge 2 ] ; then echo "| |-mD- $line" | sed 's/DEFLATE=//g' else echo "|-mD- $line" | sed 's/DEFLATE=//g' fi fi if [ ! -z "`echo $line | grep -i '^PHP_ADMIN_VALUE'`" ] ; then if [ $NUMINDENT -ge 2 ] ; then echo "| |-PHP- $line" | sed 's/PHP_ADMIN_VALUE=//g' else echo "|-PHP- $line" | sed 's/PHP_ADMIN_VALUE=//g' fi fi if [ ! -z "`echo $line | grep -i '^SSL=1'`" ] ; then if [ $NUMINDENT -ge 2 ] ; then echo '| |-SSL-' else echo '|-SSL-' fi fi done < $1 echo '' echo '-D- Directory -L- Location -V- vhost -A- alias -J- JKmount -mD- ModDeflate -PHP- PHP specific value' } ################################################################################ ################################################################################ #extract path from get_path_from_apache_directives() { if [ -z "$1" ] then echo "Missing parameter #1 (line to proceed) for get_path_from_apache_directives()" return 1; fi #echo "->$1" export RESULTAT=`echo $1 | sed 's/^[[:space:]]*<[[:space:]]*[a-zA-Z0-9][a-zA-Z0-9]*[[:space:]]*//g'| sed 's/[[:space:]]*>.*//g' | cut -d\" -f2` #echo $1 | sed 's/^[[:space:]]*<[[:space:]]*//g' #export $RESULTAT return 0; } ################################################################################ ################################################################################ #extract path from armageddon() { echo "EXit via Ctrl-C" exit 1; } ################################################################################ ################################################################################ Do_the_host_is_a_virtual_machine() { HOST_IS_VIRTUAL_MACHINE=0 if [ "$OS_TYPE" = 'Linux' ] ;then CPUMODEL="`cat /proc/cpuinfo |grep QEMU`" if [ ! -z "$CPUMODEL" ] ;then export HOST_IS_VIRTUAL_MACHINE=1 else export HOST_IS_VIRTUAL_MACHINE=0 fi return 0; fi if [ "$OS_TYPE" = 'BSD' ] ;then CPUMODEL="`sysctl -a | grep -i 'hw.model' |grep QEMU`" if [ ! -z "$CPUMODEL" ] ;then export HOST_IS_VIRTUAL_MACHINE=1 else export HOST_IS_VIRTUAL_MACHINE=0 fi return 0; fi #unrecognized export HOST_IS_VIRTUAL_MACHINE=0 } ################################################################################ ################################################################################ check_service_compliance_result() { if [ -z "$1" ] ;then Display_error "ERROR check_service_compliance_result() missing parameter #1: service name" return 1; fi if [ -z "$2" ] ;then Display_error "ERROR check_service_compliance_result() missing parameter #2: plugin name" return 1; fi if [ -z "$3" ] ;then Display_error "ERROR check_service_compliance_result() missing parameter #3: yes/no" return 1; fi if [ "$3" != 'yes' -a "$3" != 'no' -a "$3" != 'any' ] ;then Display_error 'ERROR #3 must be yes or no' return 1; fi NSAID='0' CCEID='0' if [ ! -z "$4" ];then NSAID="$4" fi if [ ! -z "$5" ];then CCEID="$5" fi RESULT='ABSENT' if [ "$RESULTAT" = 'yes' ] ;then RESULT='ENABLED' fi if [ "$RESULTAT" = 'ERROR' ] ;then RESULT='ERROR' fi if [ "$RESULTAT" = 'NOTIMPLEMENTED' ] ;then RESULT='NOTIMPLEMENTED' Display --indent 2 --text "$1 service" --result $RESULT --color BLUE Compliance --result NOTIMPL --plugin "$2" --nsag $NSAID --cce $CCEID return 0; fi if [ $DEBUG -ge 1 ];then echo "DEBUG check_service_compliance_result RESULTAT=$RESULTAT NEED=$3" fi if [ "$RESULTAT" = "$3" -o "$3" = 'any' ] ;then Display --indent 2 --text "$1 service" --result $RESULT --color GREEN Compliance --result OK --plugin "$2" --nsag $NSAID --cce $CCEID return 0; fi if [ "$RESULTAT" != "$3" ] ;then Display --indent 2 --text "$1 service" --result $RESULT --color RED Compliance --result NOK --plugin "$2" --nsag $NSAID --cce $CCEID return 0; fi } ################################################################################ ################################################################################ # #1 is package name # #2 is plugin name # #3 is status wanted check_package_compliance_result() { if [ -z "$1" ] ;then echo "ERROR check_package_compliance_result() missing parameter #1: package name" return 1; fi if [ -z "$2" ] ;then # echo "ERROR check_package_compliance_result() missing parameter #2: plugin name" return 1; fi if [ -z "$3" ] ;then return 1; fi if [ "$3" != 'yes' -a "$3" != 'no' ] ;then echo "ERROR #3 must be yes or no, got $3" return 1; fi NSAID='0' CCEID='0' if [ ! -z "$4" ];then NSAID="$4" fi if [ ! -z "$5" ];then CCEID="$5" fi RESULT='ABSENT' if [ "$RESULTAT" = 'yes' ] ;then RESULT='PRESENT' fi if [ "$RESULTAT" = 'NOTIMPLEMENTED' ] ;then RESULT='NOTIMPLEMENTED' Display --indent 2 --text "$1 service" --result $RESULT --color BLUE Compliance --result NOTIMPL --plugin "$2" --nsag $NSAID --cce $CCEID return 0; fi if [ $DEBUG -ge 1 ];then echo "DEBUG check_service_compliance_result RESULTAT=$RESULTAT NEED=$3" fi if [ "$RESULTAT" = "$3" ] ;then Display --indent 2 --text "$1 package" --result $RESULT --color GREEN Compliance --result OK --plugin "$2" --nsag $NSAID --cce $CCEID return 0; fi if [ "$RESULTAT" != "$3" ] ;then Display --indent 2 --text "$1 package" --result $RESULT --color GREEN Compliance --result NOK --plugin "$2" --nsag $NSAID --cce $CCEID return 0; fi } ################################################################################ ################################################################################ # Check if a program is installed via the package manager or at hand # # $1 is the package to be searched # # RESULTAT is yes or no or NOTIMPLEMENTED or ERROR # RESULTAT_VERSION is the version number # use LIST_PKG for finding package, (rpm, dpkg, emerge) Is_installed_via_package_manager() { export RESULTAT='ERROR' if [ -z "$1" ] ;then echo "ERROR Is_installed_via_package_manager() missing parameter #1" return 1; fi if [ "$LIST_PKG" = "dpkg" -o "$LIST_PKG" = "apt-get" ] ;then PKGLIST="`dpkg -l |grep ^ii |grep -i $1`" if [ -z "$PKGLIST" ] ;then export RESULTAT='no' else export RESULTAT='yes' fi check_package_compliance_result "$1" "$2" "$3" "$4" "$5" return 0; fi if [ "$LIST_PKG" = "rpm" ] ;then PKGLIST="`rpm -qa |grep ^$1`" if [ -z "$PKGLIST" ] ;then export RESULTAT='no' else export RESULTAT='yes' fi check_package_compliance_result "$1" "$2" "$3" "$4" "$5" return 0; fi if [ "$LIST_PKG" = "emerge" ] ;then #TODO could be better PKGLIST="`equery -C -q l $1`" if [ -z "$PKGLIST" ] ;then export RESULTAT='no' else export RESULTAT='yes' fi check_package_compliance_result "$1" "$2" "$3" "$4" "$5" return 0; fi if [ "$LIST_PKG" = "pacman" ] ;then PKGLIST="`pacman -Q | grep ^$1`" if [ -z "$PKGLIST" ] ;then export RESULTAT='no' else export RESULTAT='yes' fi check_package_compliance_result "$1" "$2" "$3" "$4" "$5" return 0; fi if [ "$LIST_PKG" = 'pkg_' ];then if [ -z "`pkg_info |grep ^${1}-`" ];then export RESULTAT='no' else export RESULTAT='yes' fi return 0; fi Display --indent 2 --text "Package manager $LIST_PKG" --result 'NOTIMPLEMENTED' --color BLUE export RESULTAT='NOTIMPLEMENTED' return 1; } ################################################################################ ################################################################################ # Check if a service is auto started # $1 is the service to be checked # RESULTAT is the result yes or no or NOTIMPLEMENTED or ERROR # RESULTAT_VERSION is the version number Check_auto_start() { export RESULTAT='ERROR' AUTO_START_DO_COMPLIANCE=1 # while [ $# -ge 1 ]; do # case $1 in # --nocompliance) # AUTO_START_DO_COMPLIANCE=0 # shift # ;; # esac # done if [ "$1" = '--nocompliance' ];then AUTO_START_DO_COMPLIANCE=0 shift fi if [ -z "$1" ] ;then echo "ERROR Check_auto_start() missing parameter #1: service name" return 1; fi if [ "$SCAN_ROOT" != '/' ] ; then #CentOS if [ -e "$SCAN_ROOT/etc/rc.d" ] ; then if [ -z "`find $SCAN_ROOT/etc/rc.d |grep $1`" ] ;then RESULTAT='no' else RESULTAT='yes' fi if [ $AUTO_START_DO_COMPLIANCE -eq 1 ];then check_service_compliance_result "$1" "$2" "$3" "$4" "$5" fi return 0; fi #Gentoo if [ -e "$SCAN_ROOT/etc/runlevels/" ] ; then if [ -z "`find $SCAN_ROOT/etc/runlevels |grep $1`" ] ;then RESULTAT='no' else RESULTAT='yes' fi if [ $AUTO_START_DO_COMPLIANCE -eq 1 ];then check_service_compliance_result "$1" "$2" "$3" "$4" "$5" fi return 0; fi #Debian if [ -e "$SCAN_ROOT/etc/rc2.d/" ] ; then if [ -z "`find $SCAN_ROOT/etc/rc2.d |grep $1`" ] ;then RESULTAT='no' else RESULTAT='yes' fi if [ $AUTO_START_DO_COMPLIANCE -eq 1 ];then check_service_compliance_result "$1" "$2" "$3" "$4" "$5" fi return 0; fi if [ $AUTO_START_DO_COMPLIANCE -eq 1 ];then check_service_compliance_result "$1" "$2" "$3" "$4" "$5" fi return 1; fi if [ "$LINUX_VERSION" = 'Red Hat' -o "$LINUX_VERSION" = 'CentOS' -o "$LINUX_VERSION" = 'Fedora' ] ;then chkconfig $1 > /dev/null if [ $? -eq 0 ] ;then export RESULTAT='yes' else export RESULTAT='no' fi if [ $AUTO_START_DO_COMPLIANCE -eq 1 ];then check_service_compliance_result "$1" "$2" "$3" "$4" "$5" fi return 0; fi if [ "$LINUX_VERSION" = "Debian" -o "$LINUX_VERSION" = "Ubuntu" ] ;then #could be better if [ ! -z "`find /etc/rc* |grep -i $1`" ] then export RESULTAT='yes' else export RESULTAT='no' fi if [ $AUTO_START_DO_COMPLIANCE -eq 1 ];then check_service_compliance_result "$1" "$2" "$3" "$4" "$5" fi return 0; fi if [ "$LINUX_VERSION" = "Gentoo" ] ; then # RUNLEVEL="`rc-update show 2>> $ERROR_OUTPUT_FILE | grep $1 `" # if [ $? -ne 0 ] ; then # export RESULTAT='ERROR' # return 1; # fi if [ -e "/etc/runlevels/boot/$1" -o -e "/etc/runlevels/default/$1" ] ; then RESULTAT='yes' else RESULTAT='no' fi if [ $AUTO_START_DO_COMPLIANCE -eq 1 ];then check_service_compliance_result "$1" "$2" "$3" "$4" "$5" fi return 0; fi if [ "$OS_TYPE" = 'BSD' ];then if [ -e /etc/rc.conf ];then if [ ! -z "`grep $1_enable= /etc/rc.conf |grep YES`" ];then RESULTAT='yes' else RESULTAT='no' fi if [ $AUTO_START_DO_COMPLIANCE -eq 1 ];then check_service_compliance_result "$1" "$2" "$3" "$4" "$5" fi return 0; fi fi export RESULTAT='NOTIMPLEMENTED' if [ $AUTO_START_DO_COMPLIANCE -eq 1 ];then check_service_compliance_result "$1" "$2" "$3" "$4" "$5" fi return 1; } ################################################################################ ################################################################################ Check_for_update() { RET=0 wget -nv "http://yasat.sourceforge.net/get_last_yasat_version.php?current=$YASAT_VERSION" -O latest if [ $? -ne 0 -o ! -e latest ];then echo "Error with wget" rm latest exit 2 fi LAST_VERSION="`cat latest`" echo "You have yasat version $YASAT_VERSION and the latest is $LAST_VERSION" if [ "$YASAT_VERSION" -eq "$LAST_VERSION" ];then echo "You have already the latest version of YASAT" fi if [ "$YASAT_VERSION" -lt "$LAST_VERSION" ];then echo "A new version is available at http://yasat.sourceforge.net/" RET=1 fi rm latest exit $RET } ################################################################################ ################################################################################ send_support() { . ${YASAT_ROOT}/osdetection RET=0 SYSTEME="${LINUX_VERSION}${OS}$OS_FULLNAME" wget -nv "http://yasat.sourceforge.net/get_last_yasat_version.php?current=$YASAT_VERSION&systeme=$SYSTEME" -O latest if [ $? -ne 0 -o ! -e latest ] ;then echo "Error with wget" rm latest exit 2 fi LAST_VERSION="`cat latest`" echo "You have yasat version $YASAT_VERSION and the latest is $LAST_VERSION" if [ "$YASAT_VERSION" -eq "$LAST_VERSION" ];then echo "You have already the latest version of YASAT" fi if [ "$YASAT_VERSION" -lt "$LAST_VERSION" ];then echo "A new version is available at http://yasat.sourceforge.net/" RET=1 fi rm latest exit $RET } ################################################################################ ################################################################################ #Try to identify which technology is behind a vhost or a directory #example PHP mod_perl JAVA/JK # for the moment test a very simple case:) # # param $1 is the directory to scan # param $2 (optional) identify_web_tech_in_dir() { WEBTECH='unknown' if [ -z "$1" ] ; then echo "ERROR identify_web_tech_dir missing parameter #1" return 1; fi #check if $1 contain a * if [ ! -z "`echo $1 |grep '*'`" ] ; then return ; fi if [ "$1" = '/' ] ; then return ; fi if [ -e "$1/index.php" ] ; then #echo "PHP" export WEBTECH="PHP" return ; fi if [ $# -ge 2 ] ; then if [ "$2" = "recursive" ] ; then find "$1" -maxdepth 2 -type f |grep -i '.php$' > "${TEMPYASATDIR}/find.tmp" if [ -s "${TEMPYASATDIR}/find.tmp" ] ; then export WEBTECH="PHP" return 0; fi fi fi } ################################################################################ ################################################################################ qa_test() { if [ "$1" != "$2" ] ; then echo "BAD got $1 not $2" else echo "GOOD (result is $1)" fi } ################################################################################ ################################################################################ # find witch file have a specific directive find_file_with_directive() { export RES_FILE_WITH_DIRECTIVE='/tmp/nonexistent' if [ -z "$1" ] ; then echo 'Error missing parameter #1 directory for find_file_with_directive()' return 1; fi if [ -z "$2" ] ; then echo 'Error missing parameter #2 directive for find_file_with_directive()' return 1; fi RES_FILE_WITH_DIRECTIVE="`grep -rli $2 $1 | head -n 1`" #manpage said that -l return only one line but it seems false } ################################################################################ ################################################################################ # add_correction() { echo "$1" >> "$CORRECT_FILE" } ################################################################################ ################################################################################ # list all test comment. In the future we could list by reference id (by CCE ID for example) list_all_yasat_test() { grep -h '#YASAT_TEST' ${PLUGINS_REP}/*.test | sed 's/^[[:space:]]*//g' } ################################################################################ ################################################################################ #check_value value_tested value_wanted bad_if_empty? text colour advice check_value() { if [ -z "$2" ] ; then echo 'Error missing parameter #2 value_wanted for check_value()' return 1; fi if [ -z "$3" ] ; then echo 'Error missing parameter #3 bad_if_empty? for check_value()' return 1; fi if [ -z "$4" ] ; then echo 'Error missing parameter #4 text for check_value()' return 1; fi if [ -z "$5" ] ; then echo 'Error missing parameter #5 colour for check_value()' return 1; fi if [ -z "$6" ] ; then echo 'Error missing parameter #5 advice for check_value()' return 1; fi NSAGID=0 CCEID=0 if [ ! -z "$7" ];then NSAGID="$7" fi if [ ! -z "$8" ];then CCEID="$8" fi if [ -z "$1" ] ; then if [ "$3" = 'true' ] ; then Display --indent 2 --text "$4" --result "NOTFOUND" --color $5 --advice $6 Compliance --result KO --plugin notknown --nsag $NSAGID --cce $CCEID else Display --indent 2 --text "$4" --result "NOTFOUND" --color GREEN Compliance --result OK --plugin notknown --nsag $NSAGID --cce $CCEID fi return 0; fi if [ "$1" != "$2" ]; then Display --indent 2 --text "$4" --result "$1" --color $5 --advice $6 Compliance --result KO --plugin notknown --nsag $NSAGID --cce $CCEID else Display --indent 2 --text "$4" --result "$1" --color GREEN Compliance --result OK --plugin notknown --nsag $NSAGID --cce $CCEID fi } ################################################################################ ################################################################################ #get the value after i"$1" in a line #used for apache_vhosts, we assume $1 is present get_value_in_string() { if [ -z "$1" ] ; then echo 'Error missing parameter #1 value_wanted for get_value_in_string()' return 1; fi if [ -z "$2" ] ; then echo 'Error missing parameter #2 string to be seeked for get_value_in_string()' return 1; fi export RESULTAT="`echo $2 | sed 's/^[[:space:]]*//' | sed 's,#.*,,' | sed 's,[[:space:]][[:space:]]*, ,g' | cut -d\ -f2`" } ################################################################################ ################################################################################ # check SSLProtocol # arg1 is indent # arg2 is the sslprotocol list # TODO do the same for gnutls # return 0 on problem # return 1 if list is good # return 2 if list is bad check_ssl_protocol_openssl() { if [ $# -le 1 ];then Display_error "ERROR: not enought parameter to check_ssl_protocol_openssl" return 1 fi #first question does all is in it, if yes check for sslv2/sslv3 disabled local ssl_protocol_all_found=0 local ssl_protocol_sslv2_found=0 local ssl_protocol_sslv3_found=0 local ssl_protocol_sslv2_disabled=0 local ssl_protocol_sslv3_disabled=0 local c_proto for c_proto in $2 do #TODO check if ALL is first is_equal "$c_proto" 'all' -i if [ $? -eq 0 ];then ssl_protocol_all_found=1 fi is_equal "$c_proto$" 'sslv2' -i if [ $? -eq 0 ];then ssl_protocol_sslv2_found=1 fi is_equal "$c_proto" 'sslv3' -i if [ $? -eq 0 ];then ssl_protocol_sslv3_found=1 fi is_equal "$c_proto" '-sslv2' -i if [ $? -eq 0 ];then ssl_protocol_sslv2_disabled=1 fi is_equal "$c_proto" '-sslv3' -i if [ $? -eq 0 ];then ssl_protocol_sslv3_disabled=1 fi done if [ $ssl_protocol_all_found -eq 1 ];then if [ $ssl_protocol_sslv2_disabled -eq 1 ];then Display --indent $1 --text "SSLv2 is disabled" --result GOOD --color GREEN else Display --indent $1 --text "SSLv2 is not disabled" --result BAD --color RED --advice SSL_PROTOCOL_SSLV2 fi if [ $ssl_protocol_sslv3_disabled -eq 1 ];then Display --indent $1 --text "SSLv3 is disabled" --result GOOD --color GREEN else Display --indent $1 --text "SSLv3 is not disabled" --result BAD --color RED --advice SSL_PROTOCOL_SSLV3 fi else if [ $ssl_protocol_sslv2_found -eq 1 ];then Display --indent $1 --text "SSLv2 is enabled" --result BAD --color RED --advice SSL_PROTOCOL_SSLV2 else Display --indent $1 --text "SSLv2 is not enabled" --result GOOD --color GREEN fi if [ $ssl_protocol_sslv3_found -eq 1 ];then Display --indent $1 --text "SSLv3 is enabled" --result BAD --color RED --advice SSL_PROTOCOL_SSLV3 else Display --indent $1 --text "SSLv3 is not enabled" --result GOOD --color GREEN fi fi return 0 } ################################################################################ ################################################################################ # check a cipher suite check_cipher_list() { if [ -z "$1" ] ; then Display_error 'Error missing parameter #1 indent' return 1; fi if [ -z "$2" ] ; then Display_error 'Error missing parameter #2 cipherlist' return 1; fi for ciph in LOW NULL SSLv2 SSLv3 EXP aNULL do if [ -z "`echo $2 | grep -Ei \"!${ciph}(:|$)\"`" ] ; then Display --indent $1 --text "Cipher $ciph" --result ACTIVE --color ORANGE else Display --indent $1 --text "Cipher $ciph" --result DISACTIVE --color GREEN fi done # export RESULTAT="`echo $2 | sed 's/^[[:space:]]*//' | sed 's,#.*,,' | sed 's,[[:space:]][[:space:]]*, ,g' | cut -d\ -f2`" } ################################################################################ ################################################################################ # this function assume that the tools certutil is present # Use Check_tool_presence certutil for veryfying it check_nss_certificate() { if [ -z "$1" ] ; then Display_error 'ERROR: missing parameter #1 indent' return 1; fi if [ -z "$2" ] ; then Display_error 'ERROR: missing parameter #2 profile directory' return 1 fi PROFILDIR="$2" certutil -L -d $PROFILDIR | sed 's/[[:space:]][[:space:]]*[Pu]*,[cpu]*,[u]*[[:space:]]*$//' | grep -vE '^[[:space:]]*$|^Certificate|SSL,S/MIME,JAR/XPI$' |sort |uniq > $TMP_LIST if [ $? -ne 0 ] ; then Display --indent $1 --text "certutil error" --result ERROR --color RED return 1; fi while read line do echo "" Display --indent $1 --text "$line" --result 'INFO' --color BLUE certutil -L -d $PROFILDIR -n "$line" -a > $TMP_CERT check_certificate $TMP_CERT $1 "$line" done < $TMP_LIST } ################################################################################ ################################################################################ #Add a compliance result #The result must be present first, then the plugin name Compliance() { if [ -z "$1" ] ; then Display_error 'ERROR: Compliance: missing parameter #1' return 1 fi if [ -z "$TESTNAME" ];then echo "WARNING: TESTNAME is not set debug: $@" TESTNAME_ID='NOTSET' TESTNAME_TEXT='NOTSET' else TESTNAME_ID="`echo $TESTNAME | cut -d\ -f1`" TESTNAME_TEXT="`echo $TESTNAME | cut -d\ -f2- | sed 's/[A-Z][A-Z]*ID=[0-9,-]*[[:space:]]//' | sed 's/NSAG=[0-9,\.-]*[[:space:]]//'`" fi echo "" >> ${COMPLIANCE_OUTPUT} echo "$TESTNAME" >> ${COMPLIANCE_OUTPUT} COMP_RESULT='UNK' COMP_TYPE='CCE' COMP_ID='0' COMP_PLUGIN="" COMPLIANCE_COLOR='lightgreen' while [ $# -ge 1 ]; do if [ "$COMP_RESULT" = 'UNK' ];then COMPLIANCE_COLOR='blue' fi if [ "$COMP_RESULT" = 'NOTIMPL' ];then COMPLIANCE_COLOR='lightgrey' fi if [ "$COMP_RESULT" = 'NOTTESTED' ];then COMPLIANCE_COLOR='lightgrey' fi if [ "$COMP_RESULT" = 'NOK' ];then COMPLIANCE_COLOR='red' fi if [ "$COMP_RESULT" = 'OK' ];then COMPLIANCE_COLOR='lightgreen' fi case $1 in --result) shift if [ -z "$1" ] ; then echo "Missing parameter to result" return 1 fi COMP_RESULT="$1" echo "$TESTNAME_ID,$COMP_RESULT" >> "${COMPLIANCE_OUTPUT}" shift ;; --cid) shift if [ -z "$1" ] ; then echo "Missing parameter to cid" return 1; fi COMP_ID="$1" echo "${COMP_TYPE},${COMP_ID},${COMP_RESULT},${COMP_PLUGIN}" >> ${COMPLIANCE_OUTPUT} if [ "${COMP_TYPE}" = 'NSAG' ];then echo " " >> ${HTML_COMPLIANCE_OUTPUT_PREFIX}_NSAG fi shift ;; --type) shift if [ -z "$1" ] ; then echo "Missing parameter" return 1; fi COMP_TYPE="$1" shift ;; --nsag) shift if [ -z "$1" ] ; then echo "Missing parameter to nsag" return 1; fi if [ $1 != '0' ] ; then echo "NSAG,$1,${COMP_RESULT},${COMP_PLUGIN}" >> ${COMPLIANCE_OUTPUT} echo " " >> ${HTML_COMPLIANCE_OUTPUT_PREFIX}_NSAG fi shift ;; --cce) shift if [ -z "$1" ] ; then echo "Missing parameter to cce" return 1; fi #TODO check if multiple id is gived with ',' if [ $1 != '0' ] ; then echo "CCE,$1,${COMP_RESULT},${COMP_PLUGIN}" >> ${COMPLIANCE_OUTPUT} fi shift ;; --plugin) shift if [ -z "$1" ] ; then Display_error "Missing parameter to --plugin" return 1; fi COMP_PLUGIN="$1" shift ;; --color) shift if [ -z "$1" ] ; then Display_error "ERROR: Missing parameter to --color" return 1; fi YASAT_COLOR="$1" if [ "$1" = 'green' -o "$1" = 'GREEN' ];then YASAT_COLOR='lightgreen' YASAT_COMP_GREEN=$(($YASAT_COMP_GREEN+1)) fi if [ "$1" = 'orange' -o "$1" = 'ORANGE' ];then YASAT_COMP_ORANGE=$(($YASAT_COMP_ORANGE+1)) fi if [ "$1" = 'red' -o "$1" = 'RED' ];then YASAT_COMP_RED=$(($YASAT_COMP_RED+1)) fi if [ "$1" = 'blue' -o "$1" = 'BLUE' ];then YASAT_COLOR='lightblue' fi shift ;; --yasatresult) shift if [ -z "$1" ] ; then Display_error "ERROR: Missing parameter to --color" return 1; fi echo " " >> ${HTML_COMPLIANCE_OUTPUT_PREFIX}_YASAT shift ;; *) Display_error "ERROR: Unknown option $1" return 1; ;; esac done TESTNAME='' } ################################################################################ ################################################################################ Compliance_result() { if [ -e "${HTML_COMPLIANCE_OUTPUT_PREFIX}_NSAG" ];then echo "
$TESTNAME_ID $1 $COMP_RESULT $TESTNAME_TEXT
$TESTNAME_ID $1 $COMP_RESULT $TESTNAME_TEXT
$TESTNAME_ID $1 $TESTNAME_TEXT
`cat ${HTML_COMPLIANCE_OUTPUT_PREFIX}_NSAG`
" > ${HTML_COMPLIANCE_OUTPUT_PREFIX}_NSAG.html fi if [ -e "${HTML_COMPLIANCE_OUTPUT_PREFIX}_YASAT" ];then echo " `cat ${HTML_COMPLIANCE_OUTPUT_PREFIX}_YASAT`
" > ${HTML_COMPLIANCE_OUTPUT_PREFIX}_YASAT.html fi if [ ! -z "`echo $DO_COMPLIANCE |grep -iE 'CCE|all'`" ];then NBCCE=`grep ^CCE $COMPLIANCE_OUTPUT | sort | uniq | wc -l` NBCCE_REAL=`grep ^CCE $COMPLIANCE_OUTPUT | grep 'OK,' | sort | uniq | wc -l` NBCCE_OK=`grep ^CCE $COMPLIANCE_OUTPUT | grep ',OK,' | sort | uniq | wc -l` NBCCE_NOTIMPL=`grep ^CCE $COMPLIANCE_OUTPUT | grep ',NOTIMPL,' | sort | uniq | wc -l` NBCCE_NOTTESTED=`grep ^CCE $COMPLIANCE_OUTPUT | grep ',NOTTESTED,' | sort | uniq | wc -l` if [ $NBCCE -ge 1 ] ; then echo "You have passed CCE $NBCCE_OK of $NBCCE tests ($(($NBCCE_OK*100/$NBCCE))%)" fi echo "but $NBCCE_NOTTESTED are not tested and $NBCCE_NOTIMPL are not implemented" if [ $NBCCE_REAL -eq 0 ] ; then NBCCE_REAL=1 fi echo "So your real score is CCE $NBCCE_OK of $NBCCE_REAL $(($NBCCE_OK*100/$NBCCE_REAL))%" fi if [ ! -z "`echo $DO_COMPLIANCE |grep -iE 'NSA|all'`" ];then NBNSAG=`grep ^NSAG $COMPLIANCE_OUTPUT | sort | uniq | wc -l` NBNSAG_REAL=`grep ^NSAG $COMPLIANCE_OUTPUT | grep 'OK,' | sort | uniq | wc -l` NBNSAG_OK=`grep ^NSAG $COMPLIANCE_OUTPUT | grep ',OK,' | sort | uniq | wc -l` NBNSAG_NOK=`grep ^NSAG $COMPLIANCE_OUTPUT | grep ',NOK,' | sort | uniq | wc -l` NBNSAG_NOTIMPL=`grep ^NSAG $COMPLIANCE_OUTPUT | grep ',NOTIMPL,' | sort | uniq | wc -l` NBNSAG_NOTTESTED=`grep ^NSAG $COMPLIANCE_OUTPUT | grep ',NOTTESTED,' | sort | uniq | wc -l` if [ $NBNSAG -ge 1 ] ; then echo "You have passed $NBNSAG_OK of $NBNSAG tests ($(($NBNSAG_OK*100/$NBNSAG))%) of thee NSA guide" fi echo "but $NBNSAG_NOTTESTED are not tested and $NBNSAG_NOTIMPL are not implemented" if [ $NBNSAG_REAL -eq 0 ] ; then NBNSAG_REAL=1 fi if [ $NBNSAG -eq 0 ];then PERCENT_OK=0 PERCENT_NOK=0 PERCENT_NOTIMPL=0 PERCENT_NOTTESTED=0 else PERCENT_OK=$(($NBNSAG_OK*100/$NBNSAG)) PERCENT_NOK=$(($NBNSAG_NOK*100/$NBNSAG)) PERCENT_NOTIMPL=$(($NBNSAG_NOTIMPL*100/$NBNSAG)) PERCENT_NOTTESTED=$(($NBNSAG_NOTTESTED*100/$NBNSAG)) fi echo "So your real score is $NBNSAG_OK of $NBNSAG_REAL $(($NBNSAG_OK*100/$NBNSAG_REAL))%" if [ -e "${HTML_COMPLIANCE_OUTPUT_PREFIX}_NSAG" ];then echo "
 
 OK
$PERCENT_OK%
 
 KO
$PERCENT_NOK%
 
 not implemented
$PERCENT_NOTIMPL%
 
 not tested
$PERCENT_NOTTESTED%
" >> ${HTML_COMPLIANCE_OUTPUT_PREFIX}_NSAG.html fi fi if [ ! -z "`echo $DO_COMPLIANCE |grep -iE 'yasat|all'`" ];then echo "RED $YASAT_STAT_RED ORANGE $YASAT_STAT_ORANGE GREEN $YASAT_STAT_GREEN" fi if [ -e "${HTML_COMPLIANCE_OUTPUT_PREFIX}_YASAT" ];then YASAT_TOTAL_TEST=$(($YASAT_COMP_RED+$YASAT_COMP_ORANGE+$YASAT_COMP_GREEN)) if [ $YASAT_TOTAL_TEST -eq 0 ];then YASAT_TOTAL_TEST=1 fi PERCENT_GREEN=$(($YASAT_COMP_GREEN*100/$YASAT_TOTAL_TEST)) PERCENT_ORANGE=$(($YASAT_COMP_ORANGE*100/$YASAT_TOTAL_TEST)) PERCENT_RED=$(($YASAT_COMP_RED*100/$YASAT_TOTAL_TEST)) echo "
 
 GREEN
$PERCENT_GREEN% ($YASAT_COMP_GREEN of $YASAT_TOTAL_TEST)
 
 ORANGE
$PERCENT_ORANGE% ($YASAT_COMP_ORANGE of $YASAT_TOTAL_TEST)
 
 RED
$PERCENT_RED% ($YASAT_COMP_RED of $YASAT_TOTAL_TEST)
" >> ${HTML_COMPLIANCE_OUTPUT_PREFIX}_YASAT.html fi # echo " # `cat $HTML_COMPLIANCE_BODY_OUTPUT` #
# " > $HTML_COMPLIANCE_OUTPUT } ################################################################################ ################################################################################ # Since sysctl value could be found in /etc/sysctl.conf and in /etc/sysctl.d/*.conf Get_sysctl() { RESULTAT='notfound' if [ -z "$1" ] ; then echo 'Error missing parameter #1: value searched' return 1; fi Get_sysctl_tmp="$TEMPYASATDIR/getsysctl" > "$Get_sysctl_tmp" if [ -e "$SCAN_ROOT/etc/sysctl.conf" ] ; then grep -v '^#' $SCAN_ROOT/etc/sysctl.conf >> "$Get_sysctl_tmp" fi if [ -e "$SCAN_ROOT/etc/sysctl.d" ] ; then grep -v '^#' "$SCAN_ROOT/etc/sysctl.d/*.conf" >> "$Get_sysctl_tmp" 2> /dev/null fi RESULTAT="`grep ^$1 $Get_sysctl_tmp | sed 's,^.*=[[:space:]]*,,'`" rm "$Get_sysctl_tmp" } ################################################################################ ################################################################################ Get_limits_conf() { RESULTAT='notfound' if [ -z "$1" ] ; then echo 'Error missing parameter #1: hard/soft' return 1; fi if [ -z "$2" ] ; then echo 'Error missing parameter #2: key' return 1; fi Get_limits_tmp="$TEMPYASATDIR/getlimitsconf" > "$Get_limits_tmp" if [ -e "$SCAN_ROOT/etc/security/limits.conf" ] ; then grep -v '^#' $SCAN_ROOT/etc/security/limits.conf >> "$Get_limits_tmp" fi if [ -e "$SCAN_ROOT/etc//security/limits.d" ] ; then grep -v '^#' "$SCAN_ROOT/etc/security/limits.d/*.conf" >> "$Get_limits_tmp" 2> /dev/null fi RESULTAT=`grep "$1[[:space:]][[:space:]]*$2" $Get_limits_tmp |sed 's/[[:space:]][[:space:]]*/ /g' | cut -d\ -f4` rm "$Get_limits_tmp" } ################################################################################ ################################################################################ # Check_tool_presence check for a binary, if found, store the full path in RESULTAT # if not found, RESULTAT is set to notfound # parameter 1 is the tool name # parameter 2 (optional) could be LOCAL, meaning we want to search for a tool in the host in case of SCAN_ROOT Check_tool_presence() { Debug "DEBUG: FUNCTION CALL Check_tool_presence $*" RESULTAT='notfound' if [ $# -eq 0 ] ; then Display_error 'Error missing parameter #1: binary name' return 1; fi # which is not present on minimum CentOS, local readonly POSSIBLE_PATH_FOR_WHICH="/usr/bin /bin /usr/sbin /sbin" local ppath local FOUND_WHICH=0 for ppath in $POSSIBLE_PATH_FOR_WHICH do if [ -x ${ppath}/which ];then FOUND_WHICH=1 fi done if [ $FOUND_WHICH -eq 1 ];then #TODO SCAN_ROOT PATH_TO_TOOL="`which $1 2>> $ERROR_OUTPUT_FILE`" if [ $? -ne 0 ];then return 1; fi RESULTAT="$PATH_TO_TOOL" return 0; else POSSIBLE_PATH="`echo $PATH | tr \: \ `" for ppath in $POSSIBLE_PATH do if [ -x ${ppath}/$1 ];then RESULTAT="${ppath}/$1" return 0; fi done fi return 1; } ################################################################################ ################################################################################ # getent is not available on some platform (OpenWrt) # getent cannot be used with SCAN_ROOT my_getent() { MY_PASSWD="${TEMPYASATDIR}/my_passwd" if [ -z "$SCAN_ROOT" -o "$SCAN_ROOT" = '/' ];then Check_tool_presence getent if [ "$RESULTAT" = 'notfound' ];then cat /etc/passwd > $MY_PASSWD return 0; else getent passwd > $MY_PASSWD return 0; fi else if [ -e "$SCAN_ROOT/etc/passwd" ];then cat $SCAN_ROOT/etc/passwd > $MY_PASSWD return 0; else Display_error "Error: $SCAN_ROOT/etc/passwd cannot be found" > $MY_PASSWD return 1; fi fi } ################################################################################ ################################################################################ print_desc() { if [ ! -e "$PLUGINS_REP/$1.test" ];then Display_error "ERROR: cannot find plugin $1" return 1; fi #TODO plugin desc variable grep 'YASAT_TEST' "$PLUGINS_REP/$1.test" | sed 's,^[[:space:]]*,,' } ################################################################################ ################################################################################ ################################################################################ ################################################################################ # find a runinng process # arg1 is a regex to find the process with ps # arg2 is [root|nonroot|any] for checking user running the process # return 1+ if process found # return 0 if process not found # export all data in $TEMPYASATDIR/find_process.tmp find_process() { local found=0 if [ $# -le 1 ];then Display_error "ERROR: Not enought parameter to find_process (got $#)" return 0 fi create_tmp if [ $? -ne 0 ];then return 0 fi #TODO non linux ps ? #TODO use pgrep ps aux |grep "$1" |grep -v grep | sed 's,[[:space:]][[:space:]]*, ,g' > "$TEMPYASATDIR/find_process.tmp" if [ -s "$TEMPYASATDIR/find_process.tmp" ];then found=0 Display --indent 2 --text "Process $1" --result FOUND --color BLUE FIND_PROCESS_USER="`cut -d\ -f1 $TEMPYASATDIR/find_process.tmp`" for find_process_user in $FIND_PROCESS_USER do found=$(($found+1)) case $2 in root) if [ "$find_process_user" = 'root' ];then Display --indent 4 --text "Process $1 running as" --result "$find_process_user" --color GREEN else Display --indent 4 --text "Process $1 running as" --result "$find_process_user" --color RED fi ;; nonroot) if [ "$find_process_user" != 'root' ];then Display --indent 4 --text "Process $1 running as" --result "$find_process_user" --color GREEN else Display --indent 4 --text "Process $1 running as" --result "$find_process_user" --color RED fi ;; any) Display --indent 4 --text "Process $1 running as" --result $find_process_user --color BLUE ;; *) Display_error "ERROR: invalid arg#2 to find_process" ;; esac done fi return $found } ################################################################################ ################################################################################ # check /proc/xxx/root # return 0 if not chrooted # return 1 if chrooted # TODO for the moment expect only one process detect_chroot() { if [ ! -e "$TEMPYASATDIR/find_process.tmp" ];then Display_error "ERROR: detect_chroot need to be launched after find_process" return 2 fi if [ ! -e /proc ];then Display_error "ERROR: Testing system without /proc is not implemented yet" return 2 fi local pid local inum local chroot_tgt pid="`cut -d\ -f2 $TEMPYASATDIR/find_process.tmp`" chroot_tgt=`readlink /proc/$pid/root` inum="`stat --format=%i $chroot_tgt`" if [ $? -ne 0 ];then Display_error "ERROR: Cannot stat $chroot_tgt" return 2 fi Debug "DEBUG: detect_chroot: Found $inum for $pid" if [ $inum -ne 2 ];then BIND_CHROOT_DIR="$chroot_tgt" return 1 fi #TODO try to detect -t return 0 } ################################################################################ ################################################################################ yasat/osdetection0000640000175000017500000002555412466412450014707 0ustar montjoiemontjoie################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ # # This function is originated from Copyright 2007-2009, Michael Boelen (michael@rootkit.nl), The Netherlands # Web site: http://www.rootkit.nl # ################################################################################# # # Operating System detection # ################################################################################# # #default value ORWX="/o=rwx" CORRECT_ORWX="o-rwx" PERM_GW="/g=w" PERM_GX="/g=x" PERM_OW="/o+w" STAT_RIGHT="--format=%a" STAT_FULL_RIGHT="--format=%a" STAT_USER="--format=%U" STAT_GROUP="--format=%G" FIND_SETUID="+06000" SNMPD_CONF_REP="/etc/snmpd/" ROOTGROUP="root" BSD_SYSCTL='sysctl' #OS_TYPE is Linux BSD other OS_TYPE='unknown' OS_NICKNAME="unknown" DEFAULT_APACHE_DOCROOT="/var/www/" #package names SNMPD_PACKAGE_NAME='net-snmp' APACHE_PACKAGE_NAME='apache' MYSQLD_PACKAGE_NAME='mysql-server' BIND_PACKAGE_NAME='bind' # Check operating system case `uname` in # IBM AIX AIX) OS="AIX" OS_NAME="AIX" OS_TYPE='other' OS_FULLNAME=`uname -s -r` OS_VERSION=`uname -r` CPU=`uname -p` HARDWARE=`uname -M` FIND_BINARIES="whereis -b" ;; # Mac OS X Darwin) OS="MacOS" OS_TYPE='other' if [ -x /usr/bin/sw_vers ]; then OS_NAME=`/usr/bin/sw_vers -productName` OS_VERSION=`/usr/bin/sw_vers -productVersion` OS_FULLNAME="${OS_NAME} ${OS_VERSION}" else # Fall back to pretty safe name OS_NAME="Mac OS X" OS_FULLNAME=`uname -s -r` OS_VERSION=`uname -r` fi HARDWARE=`uname -m` HOMEDIRS="/Users" FIND_BINARIES="whereis" OS_KERNELVERSION=`uname -r` ;; # FreeBSD FreeBSD) OS="FreeBSD" OS_TYPE='BSD' OS_NAME="FreeBSD" OS_FULLNAME=`uname -s -r` OS_VERSION=`uname -r` HARDWARE=`uname -m` HOMEDIRS="/home /root" FIND_BINARIES="whereis -q -a -b" OS_KERNELVERSION=`uname -i` ORWX="+007" PERM_GW="+020" PERM_GX="+010" PERM_OW='+002' STAT_RIGHT="-f %Lp" STAT_FULL_RIGHT="-f %Mp%Lp" STAT_USER="-f %Su" STAT_GROUP="-f %Sg" ROOTGROUP="wheel" LIST_PKG="pkg_" BSD_SYSCTL='sysctl -e' ;; # HP-UX HP-UX) OS="HP-UX" OS_NAME="HP-UX" OS_TYPE='other' OS_FULLNAME=`uname -s -r` OS_VERSION=`uname -r` HARDWARE=`uname -m` FIND_BINARIES="whereis -b" ;; # Linux Linux) OS="Linux" OS_TYPE='Linux' OS_NAME="Linux" OS_FULLNAME="" OS_VERSION=`uname -r` LINUX_VERSION="" LINUX_PKG="" HARDWARE=`uname -m` HOMEDIRS="/home" FIND_BINARIES="whereis -b" OS_KERNELVERSION=`uname -r` # Cobalt if [ -e "/etc/cobalt-release" ]; then OS_FULLNAME=`cat /etc/cobalt-release`; fi # CPUBuilders Linux if [ -e "/etc/cpub-release" ]; then OS_FULLNAME=`cat /etc/cpub-release`; fi if [ -e "/etc/debian_version" -a ! -e /etc/lsb-release ] ;then LIST_PKG="apt-get" OS_VERSION=`cat /etc/debian_version` LINUX_VERSION="Debian" SNMPD_PACKAGE_NAME='snmpd' APACHE_PACKAGE_NAME='apache2' BIND_PACKAGE_NAME='bind9' #under debian my.cnf is owned by mysql-common MYSQLD_PACKAGE_NAME='mysql-common' if [ ! -z `echo $OS_VERSION |grep '^5[\.0-9]*'` ] ;then OS_NICKNAME="Lenny" OS_FULLNAME="Debian Lenny ${OS_VERSION}" fi if [ ! -z `echo $OS_VERSION |grep '^4[\.0-9]*'` ] ;then OS_NICKNAME="Etch" OS_FULLNAME="Debian Etch ${OS_VERSION}" fi if [ ! -z `echo $OS_VERSION |grep '^6[\.0-9]*'` ] ;then OS_NICKNAME="Squeeze" OS_FULLNAME="Debian Squeeze ${OS_VERSION}" fi if [ ! -z "`echo $OS_VERSION |grep '^7[\.0-9]*'`" -o ! -z "`echo $OS_VERSION |grep -i wheezy`" ] ;then OS_NICKNAME="Wheezy" OS_FULLNAME="Debian Wheezy ${OS_VERSION}" fi if [ ! -z `echo $OS_VERSION |grep 'jessie'` ];then OS_NICKNAME="Jessie" OS_FULLNAME="Debian Jessie ${OS_VERSION}" fi fi # Debian/Ubuntu if [ -e "/etc/debian_version" -a -e /etc/lsb-release ]; then LIST_PKG="apt-get" OS_VERSION=`cat /etc/debian_version` SNMPD_PACKAGE_NAME='snmpd' APACHE_PACKAGE_NAME='apache2' BIND_PACKAGE_NAME='bind9' #under debian my.cnf is owned by mysql-common MYSQLD_PACKAGE_NAME='mysql-common' FIND=`grep "^DISTRIB_ID=" /etc/lsb-release | cut -d '=' -f2` if [ "${FIND}" = "Ubuntu" ]; then #OS_NAME="Ubuntu" OS_VERSION=`grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2` OS_FULLNAME="Ubuntu ${OS_VERSION}" LINUX_VERSION="Ubuntu" else #OS_NAME="Debian" LINUX_VERSION="Debian" OS_FULLNAME="Debian ${OS_VERSION}" if [ ! -z `echo $OS_VERSION |grep '^5[\.0-9]*' ` ] ;then OS_NICKNAME="Lenny" OS_FULLNAME="Debian Lenny ${OS_VERSION}" fi if [ ! -z `echo $OS_VERSION |grep '^4[\.0-9]*' ` ];then OS_NICKNAME="Etch" OS_FULLNAME="Debian Etch ${OS_VERSION}" fi if [ ! -z `echo $OS_VERSION |grep 'jessie'` ];then OS_NICKNAME="Jessie" OS_FULLNAME="Debian Jessie ${OS_VERSION}" fi fi # Ubuntu test (optional) `cat /proc/version | grep "[Uu]buntu"` fi # E-smith if [ -e "/etc/e-smith-release" ]; then OS_FULLNAME=`cat /etc/e-smith-release`; fi # Gentoo if [ -e "/etc/gentoo-release" ]; then OS_FULLNAME=`cat /etc/gentoo-release | awk '{ print $5 }' | cut -d '.' -f1,2`; LINUX_VERSION="Gentoo" ; LIST_PKG="emerge" APACHE_PACKAGE_NAME='apache' MYSQLD_PACKAGE_NAME='mysql' DEFAULT_APACHE_DOCROOT="/var/www/localhost/htdocs/" fi # Red Hat and others # I test /etc/debian_version because installing rpm under debian put the /etc/redhat-release file if [ -e "/etc/redhat-release" -a ! -e "/etc/debian_version" ]; then LIST_PKG="rpm" APACHE_PACKAGE_NAME='httpd' # CentOS FIND=`grep "CentOS" /etc/redhat-release` if [ ! "${FIND}" = "" ]; then # OS_NAME="CentOS" OS_FULLNAME=`cat /etc/redhat-release | grep "CentOS"` LINUX_VERSION="CentOS" OS_VERSION="${OS_FULLNAME}" fi # Fedora FIND=`grep "Fedora" /etc/redhat-release` if [ ! "${FIND}" = "" ]; then # OS_NAME="Fedora" OS_FULLNAME=`cat /etc/redhat-release | grep "Fedora"` OS_VERSION="${OS_FULLNAME}" LINUX_VERSION="Fedora" fi # Oracle Enterprise Linux FIND=`grep "Enterprise Linux Enterprise Linux Server" /etc/redhat-release` if [ ! "${FIND}" = "" ]; then OS_NAME="Oracle Enterprise Linux"; OS_FULLNAME=`cat /etc/redhat-release | grep "Enterprise Linux"`; OS_VERSION="${OS_FULLNAME}"; fi # Red Hat FIND=`grep "Red Hat" /etc/redhat-release` if [ ! "${FIND}" = "" ]; then # OS_NAME="Red Hat" OS_FULLNAME=`cat /etc/redhat-release | grep "Red Hat"` OS_VERSION="${OS_FULLNAME}" LINUX_VERSION="Red Hat" fi fi if [ -e "/etc/SLOX-release" ]; then OS_FULLNAME=`cat /etc/SLOX-release | grep "SuSE Linux"`; fi # Slackware if [ -e "/etc/slackware-version" ]; then OS_FULLNAME=`cat /etc/slackware-version`; LINUX_VERSION="Slackware"; fi # SuSE if [ -e "/etc/SuSE-release" ]; then OS_VERSION=`cat /etc/SuSE-release | head -n 1`; LINUX_VERSION="SuSE"; fi # Turbo Linux if [ -e "/etc/turbolinux-release" ]; then OS_FULLNAME=`cat /etc/turbolinux-release`; fi # YellowDog if [ -e "/etc/yellowdog-release" ]; then OS_FULLNAME=`cat /etc/yellowdog-release`; fi if [ -e "/etc/arch-release" ] ;then #/etc/arch-release is empty LINUX_VERSION="arch" OS_FULLNAME="ArchLinux" LIST_PKG="pacman" fi if [ -e "/etc/openwrt_release" ];then LINUX_VERSION='openwrt' OS_FULLNAME=`grep DISTRIB_DESCRIPTION /etc/openwrt_release | cut -d\= -f2 | cut -d\" -f2` OS_VERSION=`grep DISTRIB_RELEASE /etc/openwrt_release | cut -d\= -f2 | cut -d\" -f2` OS_NICKNAME=`grep DISTRIB_CODENAME /etc/openwrt_release | cut -d\= -f2 | cut -d\" -f2` fi # If Linux version is unknown, use uname value if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=`uname -s -r`; fi ;; # NetBSD NetBSD) OS="NetBSD" OS_TYPE='BSD' OS_NAME="NetBSD" OS_FULLNAME=`uname -s -r` OS_KERNELVERSION=`uname -v` OS_VERSION=`uname -r` HARDWARE=`uname -m` FIND_BINARIES="whereis" LIST_PKG="pkg_" ;; # OpenBSD OpenBSD) OS="OpenBSD" OS_TYPE='BSD' OS_NAME="OpenBSD" OS_FULLNAME=`uname -s -r` OS_KERNELVERSION=`uname -v` OS_VERSION=`uname -r` HARDWARE=`uname -m` FIND_BINARIES="whereis" LIST_PKG="pkg_" ORWX="-007" PERM_GW="-020" PERM_GX="-010" PERM_OW='-002' STAT_RIGHT="-f %Lp" STAT_FULL_RIGHT="-f %Mp%Lp" STAT_USER="-f %Su" STAT_GROUP="-f %Sg" ROOTGROUP="wheel" FIND_SETUID="-06000" ;; # Solaris / OpenSolaris SunOS) OS="Solaris" OS_TYPE='other' OS_NAME="Sun Solaris" OS_FULLNAME=`uname -s -r` OS_VERSION=`uname -r` HARDWARE=`uname -m` if [ -x /usr/bin/isainfo ]; then # Returns 32, 64 OS_MODE=`/usr/bin/isainfo -b` fi ;; # Unknown or unsupported systems *) echo "[ ${WARNING}WARNING${NORMAL} ]" echo "${WARNING}Error${NORMAL}: ${WHITE}Unknown OS found. No support available for this OS or platform...${NORMAL}" exit 1 ;; esac # Testing for old find version (4.1.20) # BSD do not have --version if [ "$OS_TYPE" = 'Linux' ] ;then if [ "$LINUX_VERSION" = 'openwrt' ];then #find is busybox Display --indent 2 --text "find is Busybox" --result INFO --color BLUE ORWX="+007" PERM_GW="-020" PERM_GX="-010" PERM_OW='-002' else if [ ! -z "`find --version | grep ' 4.1.20'`" ];then Display --indent 2 --text "Old find detected" --result WARNING --color BLUE ORWX='+o=rwx' fi fi fi Debug "OS_TYPE=$OS_TYPE" Debug "OS_NAME=$OS_NAME" Debug "OS_FULLNAME=$OS_FULLNAME" Debug "OS_KERNELVERSION=$OS_KERNELVERSION" Debug "OS_VERSION=$OS_VERSION" Debug "OS_NICKNAME=$OS_NICKNAME" Debug "HARDWARE=$HARDWARE" Debug "LINUX_VERSION=$LINUX_VERSION" #detect hardware # generic name x86 x86_64 arm HARDWARE_GEN=`uname -m` if [ "$HARDWARE_GEN" = 'i686' -o "$HARDWARE_GEN" = 'i486' -o "$HARDWARE_GEN" = 'i586' ];then HARDWARE_GEN=x86 fi if [ "$HARDWARE_GEN" = 'amd64' ];then HARDWARE_GEN=x86_64 fi if [ "$HARDWARE_GEN" = 'armv7l' ];then HARDWARE_GEN=arm fi if [ "$HARDWARE_GEN" = 'armv7j' ];then HARDWARE_GEN=arm fi yasat/CHANGELOG0000640000175000017500000001077712513206366013657 0ustar montjoiemontjoie* 15 April 2015 839 - Fix crashes when /etc/apache2/envvars is absent. Solve debian bug #756840 - Add more setuid to binaries database. Solve debian bug #756839 - Add jessie to osdetection - Some internal rewriting of apache plugins (merging of apache_user in apache_conf) - The firewall plugin could badly detect default policy - accounting plugin now know blowfish - Add dovecot plugin - dovecot plugin test cipherlist and ssl protocols - dns plugin test for chrooted bind - dns plugin test if dynamic update are enabled - dns plugin test if dnssec validation is enabled - dns plugin now handle better file inclusion - And still lots of minor enhancement * 30 April 2014 755 - Fix the "cant shift that many" bug - Fix the make test - Lots of internal rewritting * 08 July 2013 YASAT 700 - Check_certificate check for unsecured algorithms like md5 - Check_certificate test RSA key size - Check certificate used by apache - Fix debian bug #690636 (logwatch plugin) - Check cipher list of cyrus - Check all certificate in firefox/thunderbird certificate store - Check all certificate in java certificate store - Check all certificate in openssl - Handle very old find (4.1.20) - Begin of work for adding the scanroot options - New plugin for testing package repository - New option (--compliance) for printing compliance to the NSA Guide - New plugin SELinux - Add the testing of yum repositories - Check hash methods for system password - Check for SamHain presence - Test the crypt method of password protected keys - Handle better embedded system with less or different binaries (tput, expr, ...) but still lots of work like for OpenWrt - Detection of OpenWrt - General enhancement of all plugins * 21 May 2012 YASAT 526 - Now test the SSLCipherSuite for apache - Enhancement: Check size of private key - bug: The availability of echo -e was badly tested - bug: apache_vhost tested certificate as private key instead of certificate filetype - bug: apache_vhost could badly analyze order by clause - typo some advice links was bad - internal: link tester for advices - Enhancement: ssh test - Enhancement: vsftpd test - Fix some remaining bashism - Check the presence of Firewire kernel modules - Correction of some problems with dash and some empty variables (shift: cant shift that many) - Renamed yasat.sh to yasat - Lots of spelling fix - Enhancement: now correctly find the user running bind9 under debian - Lots of small fix for future Debian Wheezy * 29 December 2011 YASAT 456 - add chronyd to known ntpd servers - add CONFIG_DEBUG_SET_MODULE_RONX to kernel test - add logwatch test from Mr Sande - add password encryption test for shadow - add the list of command needed to correct problems reported by YASAT in yasat_correct.shell - More kernel checks - Check for remote syslog logging - Check for auditd daemon - Arch Linux detection and pacman support - Lots of misc enhancement * 14 June 2011 YASAT 421 - Skip option patch from Mr Sande - Misc enhancement from Mr Didier - Lots of known location added to apache_vhosts - Typo in partition.test - Misc enhancement - POSIX CAPS test for setuid binaries * 07 March 2011 YASAT 400 - YASAT incorrectly searched umask value (thanks to Mikal Sande for report and patch) - YASAT now have a manpage - The CheckFile function will now check if the binary tested have SSP and PIE - Lots of advice spell checking and enhancement by Mikal Sande. * 04 January 2011 YASAT 385 - Misc modifications of PHP, apache, LDAP, SSH, MySQL - Initial test of security options of firefox - Better BIND server test - Basic support of checking technology behind a vhost (like PHP for testing php_admin_values like open_basedir) - Test of NFS mount options and NFSD exports options - Basic test if private key is password protected * 02 August 2010 YASAT 351 - Minor corrections for FreeBSD - yasat.sh is no longer /bin/bash (all bashisms seems fixed) * 12 July 2010 YASAT 347 - Add CUPS tests - Add Squid tests - Add Samba tests - more tests for mysql, kernel, bind, cyrus - Minor improvement for apache, package, network, snmp tests - Add the check-update option to YASAT - Add a css to html report for better HTML report (add div command and div conf) - Add test for password visible in mysql_history - Added Debian Lenny to binaries checks - And still lots of minor bugs corrections and improvements * 03 June 2010 YASAT 286 - Correct makefile * 26 May 2010 YASAT 280 - Better support of OpenBSD (securelevel, encrypted swap, etc...) - apache mod_deflate tests - more kernel test - Inetd basic support * 02 March 2010 YASAT 247 - Better support of RedHat yasat/COPYRIGHT0000640000175000017500000000157112513207042013720 0ustar montjoiemontjoieFor all files: Copyright (c) 2008-2015 LABBE Corentin All rights reserved. Except for some part of the osdetection file and the common file what are Copyright (c) Michael Boelen (michael@rootkit.nl) (original project lynis) This file is part of YASAT. YASAT is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. YASAT is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with YASAT. If not, see . yasat/LICENCE0000640000175000017500000010451311502432340013410 0ustar montjoiemontjoie GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . yasat/Makefile0000640000175000017500000000341611751712024014071 0ustar montjoiemontjoieDESTDIR= PREFIX=/usr/local/ SYSCONFDIR=${PREFIX}/etc DATADIR=${PREFIX}/share MANDIR=${PREFIX}/share/man/man8/ #http://www.freebsd.org/doc/en/books/porters-handbook/porting-prefix.html nothing: @exit test: test_todo test_display_without_advice real_test exit test_todo: @echo "Number of TODO `grep -ri TODO * | grep -v '.svn' | wc -l`" test_display_without_advice: @echo "Number of error display without advice `grep -r Display * | grep RED |grep -v advice |grep -v .svn | wc -l`" @echo "Number of warning display without advice `grep -r Display * | grep ORANGE |grep -v advice | grep -v .svn |wc -l`" #dont work :'( #test_space_end: # @echo "`grep -nri \"[[:space:]][[:space:]]*$\" .`" real_test: chmod +x ./tests/test.test ./tests/test.test #test will check # # display without advice # check functions # plugins without advice files # check lines more 80(120) characters # numbers of todo # that PLUGINS_REP must be within {} # -e -d etc have "" after install: chmod +x ./tests/*.test chmod +x ./plugins/*.test chmod +x ./yasat mkdir -p ${DESTDIR}/${PREFIX}/bin cp yasat ${DESTDIR}/${PREFIX}/bin/yasat mkdir -p ${DESTDIR}/${DATADIR}/yasat/ cp -R plugins ${DESTDIR}/${DATADIR}/yasat/ cp yasat.css ${DESTDIR}/${DATADIR}/yasat/ cp common ${DESTDIR}/${DATADIR}/yasat/ cp osdetection ${DESTDIR}/${DATADIR}/yasat/ mkdir -p ${DESTDIR}/${SYSCONFDIR}/yasat/ echo "YASAT_ROOT=/${DATADIR}/yasat/" > ${DESTDIR}/${SYSCONFDIR}/yasat/yasat.conf echo "PLUGINS_REP=/${DATADIR}/yasat/plugins/" >> ${DESTDIR}/${SYSCONFDIR}/yasat/yasat.conf installman: mkdir -p ${DESTDIR}/${MANDIR}/ cp man/yasat.8 ${DESTDIR}/${MANDIR}/ bzip2 -f -9 ${DESTDIR}/${MANDIR}/yasat.8 deinstall: rm ${DESTDIR}/${PREFIX}/bin/yasat rm -rf ${DESTDIR}/${DATADIR}/yasat rm -rf ${DESTDIR}/${SYSCONFDIR}/etc/yasat yasat/README0000640000175000017500000000615512163030213013303 0ustar montjoiemontjoieHello, Thanks for using Y.A.S.A.T. 1 PRESENTATION YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool. Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut) Second goal is to document each test with maximum information and links to official documentation. It do many tests for checking security configuration issue or others good practice. You may think that some test is pedantic, useless or too paranoiac, sorry for that, it is just my point of view of I want to check. Don't forget that YASAT is not the only audit tool, you can also use tiger, lynis, sectool, nessus, openvas, Debian's checksecurity, etc... for checking your systems 2 INSTALLATION, CONFIGURATION Dependencies: sed, cut, grep. YASAT will use also openssl for some tests. Latest version can be found at http://yasat.sourceforge.net 2.1 On-my-home installation Simply untar the yasat tarball tar xvzf yasat-version.tar.gz Change directory to yasat directory cd yasat and type ./yasat for having the list of options. 2.2 On the FS installation Just do make install and type yasat You can configure override some variable of yasat by using /etc/yasat/yasat.conf or /usr/local/etc/yasat/yasat.conf or ~/.yasat/yasat.conf (Priority in this order) Example 1: if you are under Linux kernel and dont have compiled CONFIG_IKCONFIG_PROC, you can provided .config through YASAT_PATH_TO_KERNEL_CONFIG . Example 2: You can give to YASAT the path to a manual installation of apache through POSSIBLE_APACHE_CONFIG_LOCATION . 3 USAGE For standard test, type ./yasat -s 4 PATCHS, CRITICS Patch, contributions, critics ( even bad:) ) are welcome. You can mail me at clabbe.montjoie@gmail.com with, and if possible, a subject beginning by [YASAT]. You can also perhaps find me on channel #yasat on Freenode IRC servers. 5 CONTENTS, PLUGIN WRITING (TO FINISH) ./tests/ In this directory, you will find all scripts for testing yasat (non regressions, etc... ) ./plugins/ In this directory, you will find plugins. A plugin is segmented in 3 files: plugin.test : All test to do for this plugin plugin.data : All data necessary for the plugin (ex: all directives to check ) plugin.advice : List of advice for each check made by the plugin For writing plugins you have many functions at your disposal get_simple_right() get_full_right() get_path_from_apache_directives() check_file() check_directory_group() check_directory_others() check_directory_writable_by_group() FindValueOf() FindValueOfEqual() FindValueOfDDot() CheckPresenceOf() Title() For referencing tests done by YASAT, now use the following comment. Put external reference like PCIDSS RedHat compliance etc... #CCE http://cce.mitre.org/lists/cce_list.html #YASAT_TEST_name_of_test [RH=xxx] [PCIDSS=xx] [CCEID=xxx] [NSAG=xxx] description of the test 6 THANKS thanks to all alpha/betatesters ptipimousse cain khali Etienne JC Eldwin Celius Raphink Damien B. Mikal Sande Richard Dumais Renard Olivier Renard Christophe Marot Nicolas yasat/yasat.css0000640000175000017500000000055212171770647014276 0ustar montjoiemontjoiediv.central { background-color: #FFFFFF; padding: 0.5em; } div.conf { background-color: #999999; padding: 0.5em; } div.command { background-color: #999999; padding: 0.5em; } h1 { border-bottom: 1px solid; } table.resultats { border: 1px solid; } table.resultats td { border: 1px solid; width: 40px; height: 100px; vertical-align: bottom; text-align: center; } yasat/BUGS0000640000175000017500000000046212457227364013126 0ustar montjoiemontjoieBUG1 on OpenBSD makefile dont work (SOLVED) BUG2 on OpenBSD sed 's///gI' dont work (SOLVED) BUG3 testing sslprotocol result in export 209 bad variable name reported in 700 since 0 solved in 710 BUG4 infinite loop in test solved in ?? BUG5 cant shift that many reported in 526/700 solved in 744 yasat/man/0000750000175000017500000000000012513206412013173 5ustar montjoiemontjoieyasat/man/yasat.80000640000175000017500000000612612513206412014413 0ustar montjoiemontjoie.TH YASAT 8 "15 April 2015" "839" "YASAT 839" .SH "NAME" \fB \fB \fB YASAT \fP\- simple stupid audit tool \fB .SH "SYNOPSIS" \fByasat .RB [\-\-standard(\-s)] .RB [\-\-list(\-l)] .RB [\-\-debug(\-d)] .RB [\-\-help(\-h)] .RB [\-\-html(\-H)] .RB [\-\-html-output .IR PATH ] .RB [\-\-advice-lang .IR LANG ] .RB [\-\-full-scan(\-f)] .RB [\-\-plugins-dir(\-P) .IR PATH ] .RB [\-\-nopause(\-a)] .RB [\-\-plugin(\-1) .IR PATH] .RB [\-\-scanroot(\-r) .IR PATH] .RB [\-\-Plugin(\-p) .IR NAME] .RB [\-\-print-level .IR X] .RB [\-\-check-update] .SH "DESCRIPTION" \fBYASAT\fP (Yet Another Stupid Audit Tool) is a simple stupid audit tool. Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut) Second goal is to document each test with maximum information and links to official documentation. It do many tests for checking security configuration issue or others good practice. .PP It checks many software configurations like: Apache, Bind DNS, CUPS, PHP, kernel configuration, MySQL, network configuration, openvpn, Packages update, samba, snmpd, squid, tomcat, user accounting, vsftpd, xinetd, .SH "OPTIONS" .TP .B \-\-standard (or \-a) YASAT will performs a standard check of the system, printing out the results of each test to stdout. A log is also created in ~/.yasat/yasat.result by default .TP .B \-\-list (or \-l) List all plugins available .TP .B \-\-html (or \-H) YASAT will export results in html (default to ~/yasat/yasat.html) .TP .B \-\-html-output PATH With -H, this option permit to change the file where to store html output. .TP .B \-\-advice-lang LANG By default, YASAT print message in english (EN), you can change the displayed lang with this option. LANG is the 2letter digit of the lang you want. For the moment only EN is supported. .TP .B \-\-full-scan (or \-f) YASAT will do extra (long) tests (lots of find). .TP .B \-\-plugins-dir PATH (or \-P) Set the path where YASAT can find plugins to use. (default is ./plugins ) .TP .B \-\-nopause (or \-a) By default, YASAT made a pause after each plugin. For automatize tests you can use this. .TP .B \-\-plugin PATH (or \-1) YASAT will just use the plugin pointed by PATH (ex: yasat -1 kernel) .TP .B \-\-scanroot PATH (or \-r) YASAT will scan PATH instead of / (ex: yasat -r /mnt/centos6) .TP .B \-\-compliance TYPE YASAT will check for a specific compliance (nsa, cce, or all) and will print the compliance results. .TP .B \-\-print-level x (or \-1) YASAT will print infos equal or above the level X (All = 0 (default), infos = 1 warnings(orange) = 2, errors(red) = 3 .TP .B \-\-skip TEST A comma separated list of tests to skip without the .test (ex: --skip nfs,ntp). See yasat --list for all tests. .TP .B \-\-check\-update Check if an update of YASAT exists .TP .B \-\-send\-support Like \-\-check\-update, but it will send also as parameter your OS version for statistics. In the future, perhaps also a sort of send_bugs. .SH "LICENSING" YASAT is licensed under the GPL v3 license and under development by LABBE Corentin. .SH "CONTACT INFORMATION" All contacts informations could be found at http://yasat.sourceforge.net/ yasat/tests/test.data0000640000175000017500000000021311677022160015377 0ustar montjoiemontjoietest=0 test1=1 test2 = 2 test3 =3 test4= 4 test5= 5 test6 =6 test7 = 7 test8 = 8 test9 9 test10 = 10;commentaire test11 = 11#commentaire yasat/tests/test.test0000750000175000017500000001233512462717563015472 0ustar montjoiemontjoie#!/bin/bash ################################################################################ # # # Copyright (C) 2008-2015 LABBE Corentin # # YASAT is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # YASAT is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with YASAT. If not, see . # # ################################################################################ export PLUGINS_REP="./tests" DEBUG=0 QUIET=0 HIDESR=0 ERROR_OUTPUT_FILE="`echo ~/.yasat/yasat.err`" YASAT_ROOT=. REPORT_OUTPUT="`echo ~/.yasat/yasat.report`" COL_WIDTH="`tput cols`" PRINT_LEVEL=0 ADVICELANG='EN' TEMPYASATDIR=. COMPLIANCE_OUTPUT="$TEMPYASATDIR/compliance" . ./common . ./osdetection mkdir -p ~/.yasat/ cat plugins/yasat_global.advice | grep $ADVICELANG > ${YASAT_ROOT}/yasat.advices cp plugins/yasat_global.advice $PLUGINS_REP/ FindValueOfEqual $PLUGINS_REP/test.data test echo "test $RESULTAT" if [ "$RESULTAT" != '0' ] then exit 1 fi FindValueOfEqual $PLUGINS_REP/test.data test1 echo "test1 $RESULTAT" if [ "$RESULTAT" != '1' ] then exit 1 fi FindValueOfEqual $PLUGINS_REP/test.data test2 echo "test2 $RESULTAT" if [ "$RESULTAT" != '2' ] then exit 1 fi FindValueOfEqual $PLUGINS_REP/test.data test3 echo "test3 $RESULTAT" if [ "$RESULTAT" != '3' ] then exit 1 fi FindValueOfEqual $PLUGINS_REP/test.data test4 echo "test4 $RESULTAT" if [ "$RESULTAT" != '4' ] then exit 1 fi FindValueOfEqual $PLUGINS_REP/test.data test5 echo "test5 $RESULTAT" if [ "$RESULTAT" != '5' ] then exit 1 fi FindValueOfEqual $PLUGINS_REP/test.data test6 echo "test6 $RESULTAT" if [ "$RESULTAT" != '6' ] then exit 1 fi FindValueOfEqual $PLUGINS_REP/test.data test7 echo "test7 $RESULTAT" if [ "$RESULTAT" != '7' ] then exit 1 fi FindValueOfEqual $PLUGINS_REP/test.data test8 echo "test8 $RESULTAT" if [ "$RESULTAT" != '8' ] then exit 1 fi FindValueOf $PLUGINS_REP/test.data test9 echo "test9 $RESULTAT" if [ "$RESULTAT" != '9' ] then exit 1 fi FindValueOfEqual $PLUGINS_REP/test.data test10 echo "test10 $RESULTAT" if [ "$RESULTAT" != '10' ] then exit 1 fi FindValueOfEqual $PLUGINS_REP/test.data test11 echo "test11 $RESULTAT" if [ "$RESULTAT" != '11' ] then exit 1 fi echo "Test 1 toto" get_path_from_apache_directives '' echo " $RESULTAT" echo "Test 2 toto/" get_path_from_apache_directives '' echo " $RESULTAT" echo "Test 3 /" get_path_from_apache_directives '' echo " $RESULTAT" echo "Test 4 /i" get_path_from_apache_directives '' echo " $RESULTAT" echo "Got 666 want 640" compare_right 666 640 YES qa_test $? 2 echo "Got 777 want 640" compare_right 777 640 YES qa_test $? 2 echo "Got 400 want 640" compare_right 400 640 YES qa_test $? 0 echo "Got 400 want 640 (strict)" compare_right 400 640 NO qa_test $? 3 which openssl > /dev/null 2> /dev/null if [ $? -eq 0 ];then echo "====== Check a private key ======" if [ ! -e ./tests/test_rsa.pem ];then openssl genrsa -out ./tests/test_rsa.pem 1024 fi if [ -e ./tests/test_rsa.pem ];then check_private_key ./tests/test_rsa.pem 2 else echo "I fail to generate the key" >&2 fi echo "====== Check a private key protected with password ======" if [ ! -e ./tests/test_rsa_password.pem ];then openssl genrsa -des -passout pass:foobar -out ./tests/test_rsa_password.pem 1024 fi if [ -e ./tests/test_rsa_password.pem ];then check_private_key ./tests/test_rsa_password.pem 2 else echo "I fail to generate the key" >&2 fi else echo "openssl not available, skipping test" fi need_ret() { if [ "$1" != "$2" ];then echo "Return code $1 is different than $2" exit 1 fi } echo "== Check Display without arguments ==" Display need_ret $? 1 echo "== Check Display with empty result ==" Display --result need_ret $? 1 echo "== Check Display with empty text ==" Display --result test --text need_ret $? 1 echo "== Check Display with empty comp ==" Display --result test --text toto --comp need_ret $? 1 echo "== Check Display with partial comp ==" Display --result test --text toto --comp toto need_ret $? 1 echo "== Check Display with empty advice ==" Display --advice need_ret $? 1 echo "== Check Check_tool_presence with no args --" Check_tool_presence need_ret $? 1 echo "== Check Check_tool_presence with no args --" Check_tool_presence ls need_ret $? 0 for test_sslprotocol in "ALL -SSLv2 -SSLv3" 'ALL' 'SSLv2' 'SSLv3' 'TLSv1 -SSLv2' do echo "== Check SSLProtocol $test_sslprotocol" check_ssl_protocol_openssl 2 "$test_sslprotocol" need_ret $? 0 done echo "Check compare function" is_equal yes no need_ret $? 1 is_equal yes yes need_ret $? 0 is_equal YES yes -i need_ret $? 0 is_equal 'YES;' yes -i -f ';' need_ret $? 0