mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-03 01:03:34 +08:00
51 lines
1.6 KiB
YAML
51 lines
1.6 KiB
YAML
id: enable-ssh-privilege-separation
|
|
|
|
info:
|
|
name: Enable Privilege Separation in SSH
|
|
author: pussycat0x
|
|
severity: unknown
|
|
description: |
|
|
Privilege separation in SSH enhances security by running the SSH daemon with minimal privileges, reducing the risk of privilege escalation. It limits the impact of vulnerabilities, preventing full system compromise if SSH is exploited.
|
|
remediation: |
|
|
Set UsePrivilegeSeparation yes in /etc/ssh/sshd_config to enhance security and restart the SSH service.
|
|
reference:
|
|
- https://vishalraj82.medium.com/hardening-openssh-security-37f5d634015f
|
|
- https://www.stigviewer.com/stig/red_hat_enterprise_linux_9/2023-09-13/finding/V-258010
|
|
metadata:
|
|
verified: true
|
|
tags: audit,config,ssh,auth
|
|
|
|
javascript:
|
|
- pre-condition: |
|
|
isPortOpen(Host,Port);
|
|
code: |
|
|
var m = require("nuclei/ssh");
|
|
var c = m.SSHClient();
|
|
c.Connect(Host,Port,User,Pass);
|
|
const sshConfig = c.Run('cat /etc/ssh/sshd_config')
|
|
sshConfig
|
|
let result = "";
|
|
if (!sshConfig.includes('UsePrivilegeSeparation yes')) {
|
|
result += "Enable Privilege Separation in SSH";
|
|
}
|
|
else{
|
|
exit();
|
|
}
|
|
result
|
|
|
|
args:
|
|
Host: "{{Host}}"
|
|
Port: "22"
|
|
User: "{{usernames}}"
|
|
Pass: "{{passwords}}"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "success == true"
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- response
|
|
# digest: 4a0a00473045022100f47ff8b921616e92693abe8151aa3b00f4744344aa3358e2badf6fd6c8944c170220065572cb418354904aa61203a171bda7123166b149077937d24c312078b196e5:922c64590222798bb761d5b6d8e72950 |