mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
27 lines
980 B
YAML
27 lines
980 B
YAML
id: insecure-sudo-timestamp
|
|
|
|
info:
|
|
name: macOS Excessive Sudo Timestamp Timeout
|
|
author: geeknik
|
|
severity: medium
|
|
description: |
|
|
Checks if the sudo timestamp timeout is configured to an excessively long duration (100+ minutes).
|
|
impact: |
|
|
A long sudo timestamp can allow a user to execute commands with root privileges for an extended period of time without re-entering their password.
|
|
remediation: |
|
|
Set the sudo timestamp to a reasonable value to reduce the risk of unauthorized access.
|
|
tags: macos,audit,local,security,sudo
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
grep -E "^Defaults.*timestamp_timeout=" /etc/sudoers
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "timestamp_timeout=([1-9][0-9]{2,})"
|
|
# digest: 4a0a00473045022056c70c9e83ca5b06dfd2d6f37d3fac472448c1684e5513de20f012e1c6d79207022100fa6c9d279661d23106d9c0c878ae249adb35cd312d45c18c3f9a6f098d8bf186:922c64590222798bb761d5b6d8e72950 |