mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
40 lines
1.1 KiB
YAML
40 lines
1.1 KiB
YAML
id: syslog-rsyslog-permission
|
|
|
|
info:
|
|
name: /etc/syslog and /etc/rsyslog.conf Permission Check
|
|
author: songyaeji
|
|
severity: high
|
|
description: |
|
|
The /etc/syslog.conf or /etc/rsyslog.conf file was not owned by root or had insecure permissions,allowing attackers to manipulate logging settings to evade detection.
|
|
reference:
|
|
- https://isms.kisa.or.kr
|
|
tags: linux,local,kisa,audit,compliance
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
stat -c "%U %G %a" /etc/rsyslog.conf 2>/dev/null || echo "not-found"
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
stat -c "%U %G %a" /etc/syslog.conf 2>/dev/null || echo "not-found"
|
|
|
|
matchers:
|
|
- type: regex
|
|
name: rsyslog
|
|
part: code_1_response
|
|
regex:
|
|
- '^root\s+root\s+(600|644)$'
|
|
|
|
- type: regex
|
|
name: syslog
|
|
part: code_2_response
|
|
regex:
|
|
- '^root\s+root\s+(600|644)$'
|
|
# digest: 4a0a00473045022057e616f66cdbb8c514a74c8b3d63748e4a400838e6e53d26b9dc1ff5f86796b2022100a6f9ca4535510294af9c6aef347cb8376c4ab27653abe22dae3bb0ad93d89d9a:922c64590222798bb761d5b6d8e72950 |