Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /usr/bin/perl -w
- # EDW
- # Quick little script to rattle through a sshd_config file and make recommendations
- if ($^O eq "MSWin32") { print "Windows....really....use *nix\n"; exit; }
- $file = "/etc/ssh/sshd_config";
- $line="\="x50;
- if ($#ARGV != 0) {
- print "No paramater file supplied......"; sleep (2);
- print "using ",$file,"\n"; sleep (1); sleep (4);
- $ARGV[0] = $file;
- }
- open (SSHD, "$ARGV[0]") || die ("Couldnt open $ARGV[0]\n"); @sshd=<SSHD>;
- system ("clear");
- print "\nAnalysis of $ARGV[0] starting.....\n\n";
- sleep(1); #keep the suspense going....
- print "$line\nThe Following Issues Have Been Identified:\n$line\n";
- $mode = (stat($ARGV[0]))[2];
- if ($mode != 33188) {
- printf "[-] Permissions for $ARGV[0] are %04o\n\t - they should be 0644\n", $mode & 07777;
- }
- $n = 0;
- foreach (@sshd) {
- # next if $_ =~ /^#.*/;
- $n++;
- print "[+] ($n) Banner Not Configured\n" if $_ =~ /^#Banner*/i;
- $int = substr $_, -8; chomp ($int);
- print "[+] ($n) Tunnelled Clear Text Passwords Allowed\n" if $_ =~ /PasswordAuthentication yes/i;
- print "[+] ($n) Log Level set to default - consider VERBOSE\n" if $_ =~ /LogLevel INFO/i;
- print "[+] ($n) Default ssh Port Number (22) Found\n" if $_ =~ /Port 22/i;
- # if ($_ =~ /Protocol 1?/i) { print "[+] ($n) Protocol 1 Found\n";}
- print "[+] ($n) Root Login Possible\n" if $_ =~ /PermitRootLogin yes/i;
- print "[+] ($n) Strict Modes Set To No\n" if $_ =~ /StrictModes no/i;
- print "[+] ($n) Empty Passwords Enabled\n" if $_ =~ /PermitEmptyPasswords yes/i;
- print "[+] ($n) Public Key Authentication Not Enabled\n" if $_ =~ /PubkeyAuthentication no/i;
- print "[+] ($n) X11 Forwarding Enabled\n" if $_ =~ /X11Forwarding yes/i;
- print "[+] ($n) Message Of The Day Not Enabled\n" if $_ =~ /PrintMotd no/i;
- print "[+] ($n) Last Log-In Not Printed To Console\n" if $_ =~ /PrintLastLog no/i;
- print "[+] ($n) UseLogin Allowed\n" if $_ =~ /UseLogin yes/i;
- print "[+] ($n) Host Based Authentication Enabled\n" if $_ =~ /HostBasedAuthentication yes/i;
- print "[+] ($n) Rhosts Are Not Ignored\n" if $_ =~ /IgnoreRhosts no/i;
- print "[+] ($n) TCPKeepAlive Not Defined\n" if $_ =~ /TCPKeepAlive no/i;
- print "[+] ($n) Login Grace Time Set To Default Value (120 Seconds)\n" if $_ =~ /LoginGraceTime 120/i;
- print "[+] ($n) Listener Bound To Default Value $int\n" if $_ =~ /ListenAddress 0.0.0.0/i;
- print "[+] ($n) Using PAM\n" if $_ =~ /UsePAM yes/i;
- if ($_ =~ m/^AcceptEnv*/i) { print "[-] ($n) Accept Environmental Variable: \n"; print "\t- $_"; }
- }
- print"$line\nAdvanced Checks\n$line\n";
- @list = ("AllowUsers","MaxAuthTries","AddressFamily","ClientAliveInterval","ClientAliveCountMax","UsePrivilegeSeparation");
- foreach $item (@list) {
- @AU=grep(/$item/i, @sshd);
- if ($#AU eq -1) {
- print "[+] No $item Defined\n";
- } else {
- print "[-] $item Defined:\n\t- @AU";
- }}
- chomp ($d = `date +%H:%M:%S`);
- print "$line\nFinished at $d - Diolch SLM a CAB!\n$line\n";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement