elysium-suite / aeacus Goto Github PK
View Code? Open in Web Editor NEW๐ Vulnerability remediation scoring system
License: GNU General Public License v2.0
๐ Vulnerability remediation scoring system
License: GNU General Public License v2.0
In misc/dev/CSSClient You do not have a shebang at the top, which causes the service to fail to start.
With the new aeacus binary, although the scoring works before release, when I use sudo ./aeacus --verbose release, all of the scoring doesn't work at all.
Hello, Can anyone tell me why or how i am getting this error message (its scoring feedback)? I am using Aeacus 2.0.3
panic: runtime error: slice bounds out of range [-3:]
goroutine 1 [running]:
main.runCheck({{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, ...})
/home/mob/GolandProjects/aeacus/checks.go:106 +0x7b3
main.checkPass(...)
/home/mob/GolandProjects/aeacus/score.go:270
main.scoreCheck({{0xc00004e630, 0x8c}, 0x3, {0x0, 0x0, 0x0}, {0xc0002d38c0, 0x2, 0x2}, {0x0, ...}})
/home/mob/GolandProjects/aeacus/score.go:217 +0x545
main.scoreChecks()
/home/mob/GolandProjects/aeacus/score.go:194 +0x13d
main.scoreImage()
/home/mob/GolandProjects/aeacus/score.go:115 +0x9f
main.main.func3(0xc000076000?)
/home/mob/GolandProjects/aeacus/aeacus.go:72 +0x25
github.com/urfave/cli/v2.(*Command).Run(0xc000076000, 0xc0000584c0)
/home/mob/go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:173 +0x6ca
github.com/urfave/cli/v2.(*App).RunContext(0xc000072000, {0xc15c18?, 0xc00009a0a0}, {0xc0000c8000, 0x3, 0x4})
/home/mob/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:384 +0xfde
github.com/urfave/cli/v2.(*App).Run(...)
/home/mob/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:253
main.main()
/home/mob/GolandProjects/aeacus/aeacus.go:163 +0xd3f
I was looking at the list of commands for scoring and I was unsure of how best to score whether smart screen is turned on. I think it is possible to score through the registry but I think that requires editing and creating keys beforehand. Smart screen if enabled or disabled through the windows settings menu does not make, change or create the keys in my image. I know that these settings can be changed through group policy and that would be my preferred way to teach it and score it. Im just not sure what the best way to do this is. - Thanks for your time
Line 126 in faa157c
When a service is stopped systemctl is-active
prints out inactive
which still contains the word active
causing the scoring engine to believe the service is still running
Allow for ReadMe.conf to be also spelled as readme.conf or README.conf or whatever you please
(I'll add this feature in I just needed a reminder)
okay so for one reason or another PasswordChanged
on Windows will not parse the time anymore... I added debug lines and that's clearly the problem but that is all I know right now.
All .desktop
files have an absolute path to Firefox, which can vary based on how it was installed (via Snap, etc.) We should instead just replace this with firefox
or something else if a better solution exists.
Capitalize ALL functions to export them
I do not know what distros this check works on, but I know for a fact that it does not work on Debian 10. Personally, I feel this check should either be removed; however, the check could be massively reworked to look for the APT::Periodic::Update-Package-Lists( |)"1";
in many places, instead of just the one file.
Since 2018 Gnome 3 has prevented desktop icons. https://gitlab.gnome.org/GNOME/nautilus/-/issues/158#problems-with-the-current-implementation
Is there a way to include a workaround with aeacus?
When using the ProgramVersion function on Ubuntu 20.04, I never get points even when the version is correct. It seems like a CommandOutput() error, but I'm not really sure.
We are in dire need of testing for most functions, specifically crypto and check stuff. Any contributions towards testing will be greatly appreciated.
When using PermissionIs type on Windows, the check passes, but when scoring, it says that the type does not exist.
[FAIL] Check type does not exist: PermissionIs (reflect: call of reflect.Value.Call on zero Value)
config file:
[[check.pass]]
type = 'PermissionIsNot'
path = 'C:\test'
name = 'Everyone'
value = "Write"
While working with various SecurityPolicy
functions, I noticed that MaximumPasswordAge
and MinimumPasswordAge
are set up weird.
If my check is set to "90", a value of "42" will work for MaximumPasswordAge
. This would not be an acceptable Maximum Password Age in the real world. A value of "91", however, would not work for MaximumPasswordAge
, even though that would be an acceptable Maximum Password Age in the real world.
Since I didn't make this check, I don't want to change stuff without input, but what would be the best way to go about making this check better?
Instead of creating new functions, structs should all implement a Score() method. This way, they can be grouped into an interface to remove that switch-case for each check type. In order to achieve this automatically while deserializing, we can use a custom unmarshal method that looks like something I wrote for another project, it looks like this:
func (w *WidgetBase) UnmarshalText(text []byte) error {
var widgetType struct {
Type string
}
if err := toml.Unmarshal(text, &widgetType); err != nil {
return err
}
fn, ok := WidgetTypes[widgetType.Type]
if !ok {
return errors.New("Invalid widget type: " + widgetType.Type)
}
widgetStruct := fn()
if err := toml.Unmarshal(text, &widgetStruct); err != nil {
return err
}
w.Widget = widgetStruct
return nil
}
Where WidgetTypes
is a map from strings to functions that return pointers to initialized structs. This forces toml.Unmarshal
to deserialize into that struct. The only drawback of this is that as soon as this is returned from the unmarshaler, it becomes the interface type, stripping it of its identifiable fields. Not sure how to address this; open to ideas.
Hello, I wrote some (opinionated) VSCode snippets to make writing Aeacus configuration slightly easier:
https://gist.github.com/safinsingh/835a2ec96bf272dac908e7cbbf55e281
Would this be better placed in a separate resources repository or should we look into adding this to the main aeacus repository?
The TeamID prompt isn't writing to /opt/aeacus/TeamID.txt
correctly
We need to be able to score one finding using multiple sources. To be able to do this a more advanced logic than just Pass/Pass Override/Fail is necessary.
For example, to be able to score PAM configs there could be a file that exists in the directory that isn't parsed, so directory contains isn't sufficient, but password management could be handled by several different files. So you'd need to test if a file exists and the file contains a certain string three or four times in a single scored point.
So for 3 different files in the pam directory you'd need (A & B) or (C & D) or (D & E) would be sufficient for scoring points.
For users without any password, how would you check if one was applied for Windows?
I tried using PasswordChanged
with arg2=' '
and that didn't work for me, are there any other ways to do this?
Attach correct imports and prefixes to each file.
Will we be using .
imports? They're not recommended by go-lint
. Pinging @sourque for input.
There's a couple productivity tools we could add like goreleaser
and golangci-lint
. We should also dockerize our local CI testing to make it available to people who don't have go
installed (as in just wrap golangci-lint
, goreleaser
, build, testing, etc in a Dockerfile
). This way, we can allow others to simulate our CI without having to actually install the tooling for an open-source contribution.
Checking for the INVOCATION_ID
env var stops systemd from running phocus
on Ubuntu 16
Following your directions, I tried to compile the latest version myself. I installed go
and garble
using the command go get mvdan.cc/garble
.
When running make win
, I got this error:
'make' is not recognized as an internal or external command, operable program or batch file.
What did I do wrong?
If I wanted to check to see if a person installed a newer version, of lets say notepad++, and use this image in the future. How can I score based off of a version + ? for example: the image has version 7.1, the newest version is 7.9 and lets say I always want it to score versions 7.9 and up, so I don't have to change it to the currently up-to-date version before I give someone else the image?
After setting up Active Directory on a Windows Server 2019 instance it was found that the UserRights check would not work. Namely the checks on SeRemoteShutdownPrivilege and SeEnableDelegationPrivilege. My speculation is that group policy management is altered when changing to active directory. Here's the lines in the scoring.conf:
[[check]]
message = "Authenticated Users may not remotely shutdown the system"
points = 2
[[check.pass]]
type='UserRightsNot'
arg1='everyone'
arg2='SeEnableDelegationPrivilege'
[[check]]
message = "Everyone may not enable computer and user accounts to be trusted for delegation"
points = 2
[[check.pass]]
type='UserRightsNot'
arg1='everyone'
arg2='SeEnableDelegationPrivilege'
We need to separate the current master module into subpackages as our current cmd
directory is cluttered at the moment. We'll need to split into a couple separate modules; scoring
, crypto
, checks
, etc. This'll be much easier to maintain in the long run. The only issue we're having with this right now is that we end up recursively importing these modules due to the current cluttered design. A rewrite would force us to think with the module mindset from the beginning. Also, on a side note, the current toml
package we're using is really outdated (compatible with the spec at v0.4.0). We should consider switching to https://github.com/pelletier/go-toml. Another thing I'm still iffy about is the split between phocus
and aeacus
with build tagging; this would be a lot easier if we had a common library that they could both draw functions from (ideally this would be in a separate repository). Then, we'd just set up a directory structure in the aeacus
repo like so:
~
+-- cmd // command line parsing/execution
+-- aeacus
+-- aeacus.go
+-- aeacus_test.go
+-- phocus
+-- phocus.go
+-- phocus_test.go
+-- pkg // only if ABSOLUTELY necessary, helper functions for aeacus/phocus
+-- aeacus
+-- aeacus.go
+-- aeacus_test.go
+-- phocus
+-- phocus.go
+-- phocus_test.go
This results in a way more idiomatic and maintainable structure, preserving our current root executors.
Aeacus Version="v1.8.3"
Linux Kernel="5.11.0-38-Generic"
Ubuntu Version="Ubuntu 20.04.3 LTS"
I was just poking around with the engine and trying to run ./aeacus configure return:
[Warn] This is not implement on linux
I have a valid scoring.conf and a valid TeamID
Determine (and uncapitalize) all internal functions
I dont see an option for User must change password at next logon on the Windows User Properties page Is this a viable option? Also for User cannot change password?
Thanks for your time,
How would I go about a check to see if Remote Desktop Sharing is on/off?
This is a Windows question as much as it is a aeacus question, I realize this.
Would it be possible to check for a change when the on/off switch is turned, or do I just have to score based on the services for RDP being disabled?
It's okay if it's the latter, however, the former would be much preferred.
Doing DirContainsRegex in a directory may take a long time to execute if there are large binaries within. Consider checking file size before attempting the regex OR checking if the file is not a binary
[FAIL] Error decoding TOML: toml: line 190 (last key "check.passoverride.path"): invalid escape in string '\P'
Finalize and clean up modules specifications (version, tagging, etc)
As of #138, the ReadMe.conf file can have the names {readme,ReadMe,README}.conf
. This causes an issue during release because aeacus currently assumes that the file is named ReadMe.conf
(see: https://github.com/elysium-suite/aeacus/blob/master/release_linux.go#L65).
I am just now finding this program and I have noticed it does not work on Windows 10 x64. Is there anyway to fix this or is there nothing i can do. I would also like to help with this project even though I have little coding knowledge, especially on making the gui version
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.