Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'authorized_keys' implant should check perms on the .ssh dir (and maybe chmod them) #260

Open
DanaEpp opened this issue Jun 29, 2022 · 0 comments
Open

'authorized_keys' implant should check perms on the .ssh dir (and maybe chmod them) #260

DanaEpp opened this issue Jun 29, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@DanaEpp
Copy link

DanaEpp commented Jun 29, 2022

Feature description

When using the implant module for authorized_keys, checks should be made during install to ensure the .ssh directory has 700 perms so login can occur. Some distros have 777 perms on the .ssh dir which prevents the authorized_key from working after the implant.

One step better would be to adjust the perms of the .ssh directory accordingly. Although this does have the artifact of possibly triggering an alert, it at least ensures they can use the implant. If the change was recorded in a tamper fact, then on uninstall the perms could be set back to its original state.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DanaEpp