Add tmux and screen sessions. Resolves #50

[rjsu26]

Added level 0 testing for tmux and screen

[diego-treitos]

Hello, thank you for your PR but I am afraid it is far from ready.

Let me go through some points.

1. IDs over 500 are used for level 2 tests
2. IDs are numbered in steps of 10 just in case we need to add some in the middle. That way we do not need to change the other ones.

I know this information should be written somewhere and that is something that I have to do.

Now, regarding the PR:

1. TODOs do not belong in code. In my opinion it is a bad practice. We can use the issue tracker to add tasks.
2. Regarding the tmux tests:

• sof535 Should be sof040 and it should be level 2
• sof540 Should be sof110
• sof541 Should be sof120 and the test should be more consistent. I suggest find /tmp -type s -regex '/tmp/tmux-[0-9]+/.+' -exec ls -l {} +
• sof542 Is redundant. The previous test already checks for other tmux sessions.
• It would be good to add a level 0 test with ID sof130 that checks for writeable tmux sockets not belonging to current user: find /tmp -writable -type s -regex '/tmp/tmux-[0-9]+/.+' ! -user $lse_user -exec ls -l {} +

3. Regarding the screen tests, something mostly similar:

• sof550 should be level 2
• sof555 should be sof140
• sof560 should be sof150 but the test is actually wrong. It is testing for current user sessions. It should be womething like: find /run/screen -type s -regex '/run/screen/S-.+/.+' ! -user $lse_user -exec ls -l {} +
• There should be a test that checks for writeable screen sockets, with level 0 and ID sof160: find /run/screen -writable -type s -regex '/run/screen/S-.+/.+' ! -user $lse_user -exec ls -l {} +

[rjsu26]

Thanks for the comments @diego-treitos . I will make the changes and push them.

[rjsu26]

One small confusion, as u are asking to make the sof535 as sof040 and level 2. Since all level 2 tests are above 500, it will be a contradiction now!?

[diego-treitos]

One small confusion, as u are asking to make the sof535 as sof040 and level 2. Since all level 2 tests are above 500, it will be a contradiction now!?

You are absolutely right. It shouldn't be sof040 but the sof540 (I think). In any case try to leave 10 numbers between the IDs and use 5xx for the level 2 tests.

[rjsu26]

cool! Also, is there any rule for IDs of level 1 tests?

[rjsu26]

2. Regarding the tmux tests:

• sof535 Should be sof040 and it should be level 2

1. Regarding the screen tests, something mostly similar:

• sof550 should be level 2

Both the suggested level 2 tests are only checking whether they are installed or not. Won't it be more reasonable to keep these 2 tests as level 0/1 and the socket tests as level 1/2 ?

[diego-treitos]

Level 0 shows very important results. Results that it is probable to lead to a privilege escalation. Showing the version of software is not a level 0.

Level 1 shows information that can be important or help to gather information for a privilege escalation. Just knowing the version of software is not that helpful.

Level 2 is meant to gather all information about the system that could be used for a privilege escalation or help you contextualize the system to know more about it and find a good approach for a privilege escalation. I think that knowing the version of software belongs here and actually all the tests that show software versions are level 2 if you check the code.

[rjsu26]

I got ur point now. Making sense this way..

[diego-treitos]

I am merging this but I will apply some changes later. The PR itself is quite inconsistent:

• Some tests have comments some not
• Some comments are not properly indented
• Some tests use single quotes other double
• Some tests description start with capital others don't
• Some tests description are questions others not

[diego-treitos]

Also, next time please test the tests. There were several that were not working.

Thank you

[rjsu26]

I am merging this but I will apply some changes later. The PR itself is quite inconsistent:

* Some tests have comments some not

* Some comments are not properly indented

* Some tests use single quotes other double

* Some tests description start with capital others don't

* Some tests description are questions others not

Thanks for telling the mistakes. I will make another commit+PR to correct them.

[rjsu26]

Also, next time please test the tests. There were several that were not working.

Can you please tell me which ones? I actually ran then before pushing.

[diego-treitos]

sof120 and sof150. You can check the commits: https://github.com/diego-treitos/linux-smart-enumeration/commits/master