Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /usr/bin/perl -w
- # EDW
- # Quick little script to rattle through a sudoers file and make recommendations
- if ($^O eq "MSWin32") { print "Windows....really....use *nix\n"; exit; }
- $file = "/etc/sudoers";
- $line="\="x50;
- if ($#ARGV != 0) {
- print "No paramater file supplied......"; sleep (2);
- print "using ",$file,"\n"; sleep (5);
- $ARGV[0] = $file;
- }
- open (SUDO, "$ARGV[0]") || die ("Couldnt open $ARGV[0]\n"); @sudo=<SUDO>;
- system ("clear");
- print "\nAnalysis of $ARGV[0] starting.....\n\n";
- sleep(1); #keep the suspense going....
- print "$line\nThe Following Issues Have Been Identified:\n$line\n";
- $n = 0;
- foreach (@sudo) {
- chomp();
- $n++;
- next if /^#/;
- print "[+] ($n) Roots Settings - $_\n" if $_ =~ /root/i;
- print "[+] ($n) Use of NOPASSWD - $_ \n" if $_ =~ /NOPASSWD/i;
- print "[+] ($n) USER_ALIAS Defined - $_ \n" if $_ =~ /USER_ALIAS/i;
- print "[+] ($n) Cmnd_Alias Defined - $_ \n" if $_ =~ /Cmnd_Alias/i;
- print "[+] ($n) System Groups Defined - $_ \n" if $_ =~ /^\%/i;
- }
- print"$line\nAdvanced Checks (Common/Security Defaults)\n$line\n";
- @list = ("passprompt","badpass_message","passwd_tries","pssswd_timeout","timestamp_timeout","syslog","logfile","lecture","insults","mail_always","root_sudo");
- foreach $item (@list) {
- @AU=grep(/$item/i, @sudo);
- if ($#AU eq -1) {
- print "[+] No $item Defined\n";
- } else {
- print "[-] $item Defined:\n\t- @AU";
- }}
- chomp ($d = `date +%H:%M:%S`);
- print "$line\nFinished at $d - Diolch SLM!\n$line\n";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement