mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-09 04:03:16 +08:00
54 lines
1.5 KiB
YAML
54 lines
1.5 KiB
YAML
id: tcpwrapper-access
|
|
|
|
info:
|
|
name: TCP Wrapper Access Control Check
|
|
author: songyaeji
|
|
severity: low
|
|
description: |
|
|
Checked if IP and port restrictions were properly applied using TCP Wrapper (/etc/hosts.allow and /etc/hosts.deny). Reported systems as vulnerable if unrestricted remote access (e.g. Telnet, RSH, SSH) was possible.
|
|
reference:
|
|
- https://isms.kisa.or.kr
|
|
tags: linux,audit,kisa,compliance
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
-sh
|
|
- bash
|
|
source: |
|
|
echo "[*] Checking /etc/hosts.deny (default deny policy)"
|
|
if grep -Eq "^[[:space:]]*ALL:[[:space:]]*ALL" /etc/hosts.deny; then
|
|
echo "[SAFE] /etc/hosts.deny has ALL:ALL policy"
|
|
else
|
|
echo "[VULNERABLE] /etc/hosts.deny is missing ALL:ALL (default deny)"
|
|
fi
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
echo "[*] Checking sshd allow policy in /etc/hosts.allow"
|
|
if grep -Eq "^[[:space:]]*sshd" /etc/hosts.allow; then
|
|
if grep -Eq "^[[:space:]]*sshd:[[:space:]]*ALL" /etc/hosts.allow; then
|
|
echo "[VULNERABLE] sshd allows ALL hosts (too permissive)"
|
|
else
|
|
echo "[SAFE] sshd-specific allow policy found with restrictions"
|
|
fi
|
|
else
|
|
echo "[VULNERABLE] No sshd-specific allow policy found"
|
|
fi
|
|
|
|
matchers:
|
|
- type: word
|
|
name: hosts.deny
|
|
part: code_1_response
|
|
words:
|
|
- "[VULNERABLE]"
|
|
|
|
- type: word
|
|
name: sshd
|
|
part: code_2_response
|
|
words:
|
|
- "[VULNERABLE]"
|