Module: Msf::Post::Linux::Kernel
- Includes:
- Common
- Defined in:
- lib/msf/core/post/linux/kernel.rb
Instance Method Summary collapse
-
#aslr_enabled? ⇒ Boolean
Returns true if Address Space Layout Randomization (ASLR) is enabled.
-
#cpu_flags ⇒ Array
Returns a list of CPU flags.
-
#dmesg_restrict? ⇒ Boolean
Returns true if dmesg restriction is enabled.
-
#exec_shield_enabled? ⇒ Boolean
Returns true if Exec-Shield is enabled.
-
#grsec_installed? ⇒ Boolean
Returns true if grsecurity is installed.
-
#kaiser_enabled? ⇒ Boolean
Returns true if Kernel Address Isolation (KAISER) is enabled.
-
#kernel_config ⇒ Array
Returns the kernel boot config.
-
#kernel_hardware ⇒ String
Returns the kernel hardware.
-
#kernel_modules ⇒ Array
Returns the kernel modules.
-
#kernel_name ⇒ String
Returns the kernel name.
-
#kernel_release ⇒ String
Returns the kernel release.
-
#kernel_version ⇒ String
Returns the kernel version.
-
#kpti_enabled? ⇒ Boolean
Returns true if Kernel Page-Table Isolation (KPTI) is enabled, false if not.
-
#kptr_restrict? ⇒ Boolean
Returns true if kernel pointer restriction is enabled.
-
#lkrg_installed? ⇒ Boolean
Returns true if Linux Kernel Runtime Guard (LKRG) kernel module is installed.
-
#mmap_min_addr ⇒ Integer
Returns mmap minimum address.
-
#pax_installed? ⇒ Boolean
Returns true if PaX is installed.
-
#selinux_enforcing? ⇒ Boolean
Returns true if SELinux is in enforcing mode.
-
#selinux_installed? ⇒ Boolean
Returns true if SELinux is installed.
-
#smap_enabled? ⇒ Boolean
Returns true if kernel and hardware supports Supervisor Mode Access Prevention (SMAP), false if not.
-
#smep_enabled? ⇒ Boolean
Returns true if kernel and hardware supports Supervisor Mode Execution Protection (SMEP), false if not.
-
#uname(opts = '-a') ⇒ String
Returns uname output.
-
#unprivileged_bpf_disabled? ⇒ Boolean
Returns true if unprivileged bpf is disabled.
-
#userns_enabled? ⇒ Boolean
Returns true if user namespaces are enabled, false if not.
-
#yama_enabled? ⇒ Boolean
Returns true if Yama is enabled.
-
#yama_installed? ⇒ Boolean
Returns true if Yama is installed.
Methods included from Common
#clear_screen, #cmd_exec, #cmd_exec_get_pid, #command_exists?, #get_env, #get_envs, #has_pid?, #peer, #report_virtualization, #rhost, #rport
Instance Method Details
#aslr_enabled? ⇒ Boolean
Returns true if Address Space Layout Randomization (ASLR) is enabled
166 167 168 169 170 171 |
# File 'lib/msf/core/post/linux/kernel.rb', line 166 def aslr_enabled? aslr = cmd_exec('cat /proc/sys/kernel/randomize_va_space').to_s.strip (aslr.eql?('1') || aslr.eql?('2')) rescue raise 'Could not determine ASLR status' end |
#cpu_flags ⇒ Array
Returns a list of CPU flags
94 95 96 97 98 99 100 101 102 |
# File 'lib/msf/core/post/linux/kernel.rb', line 94 def cpu_flags cpuinfo = cmd_exec('cat /proc/cpuinfo').to_s return unless cpuinfo.include? 'flags' cpuinfo.scan(/^flags\s*:(.*)$/).flatten.join(' ').split(/\s/).map(&:strip).reject(&:empty?).uniq rescue raise'Could not retrieve CPU flags' end |
#dmesg_restrict? ⇒ Boolean
Returns true if dmesg restriction is enabled
212 213 214 215 216 |
# File 'lib/msf/core/post/linux/kernel.rb', line 212 def dmesg_restrict? cmd_exec('cat /proc/sys/kernel/dmesg_restrict').to_s.strip.eql? '1' rescue raise 'Could not determine kernel.dmesg_restrict status' end |
#exec_shield_enabled? ⇒ Boolean
Returns true if Exec-Shield is enabled
178 179 180 181 182 183 |
# File 'lib/msf/core/post/linux/kernel.rb', line 178 def exec_shield_enabled? exec_shield = cmd_exec('cat /proc/sys/kernel/exec-shield').to_s.strip (exec_shield.eql?('1') || exec_shield.eql?('2')) rescue raise 'Could not determine exec-shield status' end |
#grsec_installed? ⇒ Boolean
Returns true if grsecurity is installed
243 244 245 246 247 |
# File 'lib/msf/core/post/linux/kernel.rb', line 243 def grsec_installed? cmd_exec('test -c /dev/grsec && echo true').to_s.strip.include? 'true' rescue raise 'Could not determine grsecurity status' end |
#kaiser_enabled? ⇒ Boolean
Returns true if Kernel Address Isolation (KAISER) is enabled
131 132 133 134 135 |
# File 'lib/msf/core/post/linux/kernel.rb', line 131 def kaiser_enabled? cpu_flags.include? 'kaiser' rescue raise 'Could not determine KAISER status' end |
#kernel_config ⇒ Array
Returns the kernel boot config
62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
# File 'lib/msf/core/post/linux/kernel.rb', line 62 def kernel_config return unless cmd_exec('test -r /boot/config-`uname -r` && echo true').include? 'true' output = cmd_exec("cat /boot/config-`uname -r`").to_s.strip return if output.empty? config = output.split("\n").map(&:strip).reject(&:empty?).reject {|i| i.start_with? '#'} return if config.empty? config rescue raise 'Could not retrieve kernel config' end |
#kernel_hardware ⇒ String
Returns the kernel hardware
53 54 55 |
# File 'lib/msf/core/post/linux/kernel.rb', line 53 def kernel_hardware uname('-m') end |
#kernel_modules ⇒ Array
Returns the kernel modules
83 84 85 86 87 |
# File 'lib/msf/core/post/linux/kernel.rb', line 83 def kernel_modules cmd_exec('cat /proc/modules').to_s.scan(/^[^ ]+/) rescue raise 'Could not determine kernel modules' end |
#kernel_name ⇒ String
Returns the kernel name
44 45 46 |
# File 'lib/msf/core/post/linux/kernel.rb', line 44 def kernel_name uname('-s') end |
#kernel_release ⇒ String
Returns the kernel release
26 27 28 |
# File 'lib/msf/core/post/linux/kernel.rb', line 26 def kernel_release uname('-r') end |
#kernel_version ⇒ String
Returns the kernel version
35 36 37 |
# File 'lib/msf/core/post/linux/kernel.rb', line 35 def kernel_version uname('-v') end |
#kpti_enabled? ⇒ Boolean
Returns true if Kernel Page-Table Isolation (KPTI) is enabled, false if not.
142 143 144 145 146 |
# File 'lib/msf/core/post/linux/kernel.rb', line 142 def kpti_enabled? cpu_flags.include? 'pti' rescue raise 'Could not determine KPTI status' end |
#kptr_restrict? ⇒ Boolean
Returns true if kernel pointer restriction is enabled
201 202 203 204 205 |
# File 'lib/msf/core/post/linux/kernel.rb', line 201 def kptr_restrict? cmd_exec('cat /proc/sys/kernel/kptr_restrict').to_s.strip.eql? '1' rescue raise 'Could not determine kernel.kptr_restrict status' end |
#lkrg_installed? ⇒ Boolean
Returns true if Linux Kernel Runtime Guard (LKRG) kernel module is installed
234 235 236 237 238 |
# File 'lib/msf/core/post/linux/kernel.rb', line 234 def lkrg_installed? cmd_exec('test -d /proc/sys/lkrg && echo true').to_s.strip.include? 'true' rescue raise 'Could not determine LKRG status' end |
#mmap_min_addr ⇒ Integer
Returns mmap minimum address
223 224 225 226 227 228 229 |
# File 'lib/msf/core/post/linux/kernel.rb', line 223 def mmap_min_addr mmap_min_addr = cmd_exec('cat /proc/sys/vm/mmap_min_addr').to_s.strip return 0 unless mmap_min_addr =~ /\A\d+\z/ mmap_min_addr rescue raise 'Could not determine system mmap_min_addr' end |
#pax_installed? ⇒ Boolean
Returns true if PaX is installed
252 253 254 255 256 |
# File 'lib/msf/core/post/linux/kernel.rb', line 252 def pax_installed? cmd_exec('/bin/grep -q "PaX:" /proc/self/status && echo true').to_s.strip.include? 'true' rescue raise 'Could not determine PaX status' end |
#selinux_enforcing? ⇒ Boolean
Returns true if SELinux is in enforcing mode
274 275 276 277 278 279 280 281 282 283 284 |
# File 'lib/msf/core/post/linux/kernel.rb', line 274 def selinux_enforcing? return false unless selinux_installed? sestatus = cmd_exec('/usr/sbin/sestatus').to_s.strip raise unless sestatus.include?('SELinux') return true if sestatus =~ /Current mode:\s*enforcing/ false rescue raise 'Could not determine SELinux status' end |
#selinux_installed? ⇒ Boolean
Returns true if SELinux is installed
263 264 265 266 267 |
# File 'lib/msf/core/post/linux/kernel.rb', line 263 def selinux_installed? cmd_exec('id').to_s.include? 'context=' rescue raise 'Could not determine SELinux status' end |
#smap_enabled? ⇒ Boolean
Returns true if kernel and hardware supports Supervisor Mode Access Prevention (SMAP), false if not.
109 110 111 112 113 |
# File 'lib/msf/core/post/linux/kernel.rb', line 109 def smap_enabled? cpu_flags.include? 'smap' rescue raise 'Could not determine SMAP status' end |
#smep_enabled? ⇒ Boolean
Returns true if kernel and hardware supports Supervisor Mode Execution Protection (SMEP), false if not.
120 121 122 123 124 |
# File 'lib/msf/core/post/linux/kernel.rb', line 120 def smep_enabled? cpu_flags.include? 'smep' rescue raise 'Could not determine SMEP status' end |
#uname(opts = '-a') ⇒ String
Returns uname output
15 16 17 18 19 |
# File 'lib/msf/core/post/linux/kernel.rb', line 15 def uname(opts='-a') cmd_exec("uname #{opts}").to_s.strip rescue raise "Failed to run uname #{opts}" end |
#unprivileged_bpf_disabled? ⇒ Boolean
Returns true if unprivileged bpf is disabled
190 191 192 193 194 |
# File 'lib/msf/core/post/linux/kernel.rb', line 190 def unprivileged_bpf_disabled? cmd_exec('cat /proc/sys/kernel/unprivileged_bpf_disabled').to_s.strip.eql? '1' rescue raise 'Could not determine kernel.unprivileged_bpf_disabled status' end |
#userns_enabled? ⇒ Boolean
Returns true if user namespaces are enabled, false if not.
153 154 155 156 157 158 159 |
# File 'lib/msf/core/post/linux/kernel.rb', line 153 def userns_enabled? return false if cmd_exec('cat /proc/sys/user/max_user_namespaces').to_s.strip.eql? '0' return false if cmd_exec('cat /proc/sys/kernel/unprivileged_userns_clone').to_s.strip.eql? '0' true rescue raise 'Could not determine userns status' end |
#yama_enabled? ⇒ Boolean
Returns true if Yama is enabled
304 305 306 307 308 309 |
# File 'lib/msf/core/post/linux/kernel.rb', line 304 def yama_enabled? return false unless yama_installed? !cmd_exec('cat /proc/sys/kernel/yama/ptrace_scope').to_s.strip.eql? '0' rescue raise 'Could not determine Yama status' end |
#yama_installed? ⇒ Boolean
Returns true if Yama is installed
291 292 293 294 295 296 297 |
# File 'lib/msf/core/post/linux/kernel.rb', line 291 def yama_installed? ptrace_scope = cmd_exec('cat /proc/sys/kernel/yama/ptrace_scope').to_s.strip return true if ptrace_scope =~ /\A\d\z/ false rescue raise 'Could not determine Yama status' end |