secure

1. //Secure home pc & and server
2. //This script is about getting everything secure.
3.  
4. //dbust loading dir.Store it in dbuslist.
5. dbustlist = []
6. getFiles = function(x)
7.     files = x.get_files;
8.     if files.len > 0 then
9.         for i in range(0,files.len -1)
10.             globals.dbustlist.push(files);
11.         end for
12.     end if
13.     return;
14. end function
15.  
16. dirBust = function(x)
17.     folders = x.get_folders
18.     if folders.len > 0 then
19.         for i in range(0,folders.len -1)
20.             globals.dbustlist.push(folders[i]);
21.             getFiles(folders[i]);
22.             dirBust(folders[i]);
23.         end for
24.     else
25.         getFiles(x);
26.     end if
27.     return;
28. end function
29.  
30. //Secure chmod everyfile found.
31. secureFiles = function(x)
32.     usershash = get_shell.host_computer.File("/etc/passwd").get_content.split(char(10));
33.     users = [];
34.     for i in range(0,usershash.len -1)
35.         if usershash[i] != "" then
36.             users.push(usershash[i].split(char(58))[0]);
37.         end if
38.     end for
39.  
40.     isValid = false
41.     for i in range(0,users.len -1)
42.         if x.owner == users[i] then
43.             isValid = true;
44.         end if
45.     end for
46.  
47.     if isValid == true then
48.         if x.owner == "root" then
49.             // [user]r-x [guest]--x [other]---
50.             // Those file are owned by the system and mostly are system files.
51.             // Minimal access to it users can execute root owned like /bin/program.
52.             // Users cannot read or write any owned system files.
53.             x.chmod("u+rx");
54.             x.chmod("u-w");
55.             x.chmod("g-rw");
56.             x.chmod("g+x");
57.         else
58.             // [user]rwx [guest]--x [other]---
59.             // Users have full rights on their content.Therefore a user cannot have access to
60.             // its parent in term of r or w.As a child he can only execute what parent provided him
61.             // or its own content.
62.             x.chmod("u+wrx");
63.             x.chmod("g-rw");
64.             x.chmod("g+x");
65.         end if
66.     else
67.         //Those files have no actual owner that belongs to the server users /etc/passwd.
68.         //But they still registered.Those files are considered malicious.They are blocked.
69.         //As no user are owning thoses files, then no one have right on it.Root have right but dont own him.
70.         //Users may have no right but dont own him.
71.         x.chmod("u-wrx");
72.         x.chmod("g-wrx");
73.     end if
74.     x.chmod("o-wrx");
75. end function
76.  
77. dirBust(get_shell.host_computer.File("/"));
78. //Here i have to manually chmod / never forget to chmod
79. //this folder.In my disclosure, i could download many server
80. //with only guest permission and scripting shell exploit.
81. get_shell.host_computer.File("/").chmod("u-wrx");
82. get_shell.host_computer.File("/").chmod("g-wrx");
83. get_shell.host_computer.File("/").chmod("o-wrx");
84. for i in range(0,dbustlist.len -1)
85.     if typeof(dbustlist[i]) == "file" then
86.         secureFiles(dbustlist[i]);
87.     end if
88. end for
89.  
90. //Note:Run the script as root as its an admistration script.If not its scope will be limited to its user level.