mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-10 04:33:31 +08:00
35 lines
962 B
YAML
35 lines
962 B
YAML
id: writable-xinetdconf
|
|
|
|
info:
|
|
name: /etc/(x)inetd.conf Permission Check
|
|
author: songyaeji
|
|
severity: high
|
|
description: >
|
|
The /etc/xinetd.conf or /etc/inetd.conf file was writable by non-root users, allowing them to register malicious services that executed with root privileges. This check verified that the file was owned by root and had secure permissions.
|
|
reference:
|
|
- https://isms.kisa.or.kr/main/csap/notice/
|
|
tags: linux,code,audit,compliance,local
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
- bash
|
|
source: |
|
|
stat -c "%U %G %a" /etc/xinetd.conf 2>/dev/null || echo "not-found"
|
|
|
|
- engine:
|
|
- bash
|
|
source: |
|
|
stat -c "%U %G %a" /etc/inetd.conf 2>/dev/null || echo "not-found"
|
|
|
|
matchers:
|
|
- type: regex
|
|
part: code_1_response
|
|
regex:
|
|
- '^root\s+root\s+(600|640|644)$'
|
|
|
|
- type: regex
|
|
part: code_2_response
|
|
regex:
|
|
- '^root\s+root\s+(600|640|644)$' |