id: enable-ssh-privilege-separation

info:
  name: Enable Privilege Separation in SSH
  author: pussycat0x
  severity: unknown
  description: |
    Privilege separation in SSH enhances security by running the SSH daemon with minimal privileges, reducing the risk of privilege escalation. It limits the impact of vulnerabilities, preventing full system compromise if SSH is exploited.
  remediation: |
    Set UsePrivilegeSeparation yes in /etc/ssh/sshd_config to enhance security and restart the SSH service.
  reference:
    - https://vishalraj82.medium.com/hardening-openssh-security-37f5d634015f
    - https://www.stigviewer.com/stig/red_hat_enterprise_linux_9/2023-09-13/finding/V-258010
  metadata:
    verified: true
  tags: audit,config,ssh,auth

javascript:
  - pre-condition: |
      isPortOpen(Host,Port);
    code: |
      var m = require("nuclei/ssh");
      var c = m.SSHClient();
      c.Connect(Host,Port,User,Pass);
      const sshConfig = c.Run('cat /etc/ssh/sshd_config')
      sshConfig
      let result = "";
      if (!sshConfig.includes('UsePrivilegeSeparation yes')) {
      result += "Enable Privilege Separation in SSH";
      }
      else{
      exit();
      }
      result

    args:
      Host: "{{Host}}"
      Port: "22"
      User: "{{usernames}}"
      Pass: "{{passwords}}"

    matchers:
      - type: dsl
        dsl:
          - "success == true"

    extractors:
      - type: dsl
        dsl:
          - response
# digest: 4a0a00473045022100f47ff8b921616e92693abe8151aa3b00f4744344aa3358e2badf6fd6c8944c170220065572cb418354904aa61203a171bda7123166b149077937d24c312078b196e5:922c64590222798bb761d5b6d8e72950