Seguridad

Sacado de cristobal.wiki, presentado sin garantia y con mucho <3.
Ir a la navegaciónIr a la búsqueda

Lo siguiente es un reporte de seguridad (Y de fallos de seguridad) del proyecto generados con Perro Guardian. Un programa creado por Usuario:JP (Codigo cerrado, no lo voy a compartir) 

perroguardian-ia4-micro-security-advisor llamado con opciones "--solo-carpeta Proyecto-Squid-Proxy-COPIA/ --arbol"




# A los buenos dias
# 23-12-25; 22:11
# Ejecutando como usuario me (me@DEBIAN)
# Dockerd 4 docker-mini-scan (ClamAV nano*4)

NAV /

IGN: LICENSE
IGN: README.md
IGN-R: .git/

{1}: todo.sh
- Missing checks for folder and proper script validations

{2}: pordefecto.sh
- Hardcoded variables
- Posible arbitrary code/program injection near ending: versionphp=$(ls php7)

{5}: main.sh
- Not checking proper files are there; just checking for directory
MINOR - Arbitrary setfont seems irrelevant
- Posible injection in exported/sourced variables
- User is dropped into a "shell" that could lead to escapes (editar block)
MINOR - Prompt for changing files "read -p '¿Quier..." does not check for lowercase 'S'

{7}: root.sh
MINOR - Useless variable checking
MINOR - Weird behavior: Fail condition never called or never set to be called (?)
- Posible injection in exported/sourced variables
- Posible injection in setting up variables for later copying of files
MINOR - Out of place ACL check
MINOR - $interfaz variable makes no sense in this context (near source aux/ngin...)
MINOR - Not sourcing (?) scripts near the end

NAV /piclienteradius/

{0}: main.sh
- Everything looks good :D

NAV /piclienteradius/aux/

{0}: generar_hostapd.sh
- Everything looks good :D

NAV /cosas/

{!}: Directory appears to be of little relevance - Skipping files

NAV /extras/

{1}: ajustar.sh
- Possible injection using sed

{0}: cambiar_contra_router.sh
- Everything looks good :D

{1}: copias.sh
- Weird use of ssh keying.

{1}: testsubshell.sh
- Possible injection in nested shell

NAV /extras/todoantiguo/

{!}: Directory appears to be of little relevance - Skipping files

NAV /aux/

{!}: Skipping files "nginx.sh" "generar_nginx.sh". Non-executable or executable bit masked

{! + 1}: Multiple repeated offenses in the following files: crear_cuentas_sql.sh generar_cert.sh iptables.sh
- Use of hardcoded variables, rest of these files are fine. (Minor non-validation in generar_cert.sh ignored)

{1}: mail.sh
- This file simply doesn't work

{1}: gen_acl.sh
- No proper exit

{1}: generar_dhcp.sh
- --append is hardcoded at argv4

{0}: instalar.sh personalizacion.sh pers2.sh radius.sh rootssh.sh generar_red.sh generar_squid.sh
- Everything looks good :D (Minor security concern in rootssh.sh — Using root password for SSH is generally discouraged, assigned minor due to prompting the user for this risky change)




[==========[100%]==========] GUAU!
Limpiando todo...
Limpiando docker...
Desbloqueando...
00:36:41 real, usuario.
Se han producido (0) errores.
Obtenido de «https://wiki.05012003.xyz/index.php?title=Seguridad&oldid=214»