This is a rewrite of CSEL in Python. The engine was simplified from a GUI interface to a simple config file. PySEL was written in order to help cyberpatriot coaches and other teams create their own practice linux images.
- Clone the repository
- Change directory into repository
- Edit the PySEL.conf file to score your flaws
- Add execute permission on install script
- Run the install script
git clone https://github.com/FWSquatch/pysel
chmod +x install.sh
./install.sh
The PySEL.conf file only has a set amount of issues for ease of understanding we will reference issues as events. In order to score an event changed enabled to yes. Customize the category assigned to each flaw by changing the value of tag. If you want to change the point value of an event then change the pointValue. To deduct points make make the pointValue a negative value. Finally to customize the message on the score report change the value of msg. You may use the string %PARAMETER% to make pysel insert the parameter into your message.
An example event looks like:
[01-GoodUsers:Required_Users]
enabled = yes
tag = User Management
pointValue = -10.0
parameters = user1 fred
description = Users that are required on the system
msg = Required user %PARAMETER% has been deleted!
Each event will start with a title, the title consists of 2 parts: [FlawID:Event]
The FlawID is a unique identifier for that instance of the flaw you are wanting to score.
The Event correlates to a specific function that scores the event.
The parameters of each event are passed to the function that gets called. If an event supports multiple parameters each parameters must be seperated by a space. Not all events supports multiple parameters.
List of events that support multiple parameters:
Check_forensicsRemove_usersAdd_usersRequired_usersAdd_to_sudoRemove_from_sudoAdd_to_groupRemove_from_groupCheck_user_passwordCheck_password_policyCheck_account_lockoutSecure_login_defsRequired_packagesPackage_updatedProhibited_packagesSecure_sshRequired_servicesProhibited_servicesUpdate_settingsKernel_hardenPerm_no_longer_equalPerm_now equal_toBad_file
Any of these events may be called more than once as long as you use unique FlawID's each time. For example, you may have two separate forensics events with unique messages:
[01-Forensics1:Check_forensics]
enabled = yes
tag = Forensics
pointValue = 10
parameters = forensics1.txt:ssh
description = Ex: forensic9.txt:green (Check forensic9.txt for ANSWER: green)
msg = Forensic question 1 correct
[02-Forensics2:Check_forensics]
enabled = yes
tag = Forensics
pointValue = 10
parameters = forensics2.txt:oyeah
description = Ex: forensic9.txt:green (Check forensic9.txt for ANSWER: green)
msg = Forensic question 2 correct
or you can put them into one FlawID that checks both:
[01-Forensics:Check_forensics]
enabled = yes
tag = Forensics
pointValue = 10
parameters = forensics1.txt:example forensics2.txt:anotherone
description = Ex: forensic9.txt:green (Check forensic9.txt for ANSWER: green)
msg = Forensic question %PARAMETER% is correct
If you are wanting to add a custom event you will need to follow some guidelines.
- All event checks are stored in the
Event_checksfolder. - In order to score points the event should return
True - The event must only return
TrueorFalse. - By default the return value should be
False. - Functions in
Utils.pyare avilable and can be imported by addingfrom .Utils import Utils
An example custom event should look similar to this:
Filename: Check_hostname.py
from .Utils import Utils
## The hostname is passed from the parameters
def Check_hostname(hostname):
if Utils.run_command('cat /etc/hostname') == hostname:
return True
else:
return False
After all of that is done you can add your custom event to the PySEL.conf file.
[99-MyCustomFlaw:Check_hostname]
enabled = yes
tag = Custom Vulnerability
pointValue = 5
parameters = cyberpatriot
description = Make sure the hostname is set to "Cyberpatriot"
msg = Hostname has been changed to %PARAMETER%