Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad info in --kernel on CentOS #88

Closed
nettrino opened this issue Jan 3, 2019 · 1 comment
Closed

Bad info in --kernel on CentOS #88

nettrino opened this issue Jan 3, 2019 · 1 comment

Comments

@nettrino
Copy link

nettrino commented Jan 3, 2019

Issue

Running checksec with --kernel on CentOS pollutes the output with errors for missing files:

 sudo src/ossec/scripts/checksec.sh/checksec --kernel
* Kernel protection information:

  Description - List the status of kernel protection mechanisms. Rather than
  inspect kernel mechanisms that may aid in the prevention of exploitation of
  userspace processes, this option lists the status of kernel configuration
  options that harden the kernel itself against attack.

  Kernel config:
/boot/config-2.6.32-754.9.1.el6.x86_64

  Warning: The config on disk may not represent running kernel config!

  Vanilla Kernel ASLR:                    Full
  Protected symlinks:                     Disabled
  Protected hardlinks:                    Disabled
  Ipv4 reverse path filtering:            Enabled
  Ipv6 reverse path filtering:            Disabled
  Kernel heap randomization:              Enabled
  GCC stack protector support:            Enabled
  Enforce read-only kernel data:          Enabled
  Enforce read-only module data:          Disabled
  Exec Shield:                            Disabled

  Restrict /dev/kmem access:              Enabled

* X86 only:            

* SELinux:                                Enforcing
  Checkreqprot:                         cat: /sys/fs/selinux/checkreqprot: No such file or directory
  Disabled
  Deny Unknown:                         cat: /sys/fs/selinux/deny_unknown: No such file or directory
  Disabled

* grsecurity / PaX:                       No GRKERNSEC

  The grsecurity / PaX patchset is available here:
    http://grsecurity.net/

Likewise, the respective JSON is broken:

{ "kernel": { "KernelConfig":"/boot/config-2.6.32-754.9.1.el6.x86_64","randomize_va_space":"full","protect_symlinks":"no","protect_hardlinks":"no","ipv4_rpath":"yes","ipv6_rpath":"no","kernel_heap_randomization":"yes","gcc_stack_protector":"yes","ro_kernel_data":"yes","ro_module_data":"no","restrict_dev_kmem_access":"yes",},"selinux":{ "enabled":"yes", "mode":"enforcing"cat: /sys/fs/selinux/checkreqprot: No such file or direc
tory                                                                                                                                                                                                                                                                                                                                                                                                                                         , "checkreqprot":"no"cat: /sys/fs/selinux/deny_unknown: No such file or directory
, "deny_unknown":"no" },"grsecurity": { "grsecurity_config":"no" } }

Debug Report

***** Checksec debug *****
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Linux xxx 2.6.32-754.9.1.el6.x86_64 #1 SMP Thu Dec 6 08:02:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
checksec version: 1.11.0 -- 2018122701
OS=CentOS release 6.10 (Final)
VER=2.6.32-754.9.1.el6.x86_64
-rwxr-xr-x. 1 root root 48568 Jun 19  2018 /bin/cat
/bin/cat: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
lrwxrwxrwx. 1 root root 4 Dec 10 19:10 /bin/awk -> gawk
-rwxr-xr-x. 1 root root 382752 Nov 10  2015 /bin/gawk
/bin/gawk: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 19376 Jun  1  2018 /sbin/sysctl
/sbin/sysctl: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 27776 Jun 19  2018 /bin/uname
/bin/uname: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 38048 Jun 19  2018 /bin/mktemp
/bin/mktemp: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 548184 Mar 22  2017 /usr/bin/openssl
/usr/bin/openssl: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 167840 Mar 22  2017 /bin/grep
/bin/grep: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 50984 Jun 19  2018 /usr/bin/stat
/usr/bin/stat: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 19784 May 10  2016 /usr/bin/file
/usr/bin/file: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 239000 Mar  1  2016 /bin/find
/bin/find: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 36136 Jun 19  2018 /usr/bin/head
/usr/bin/head: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 89504 Jun  1  2018 /bin/ps
/bin/ps: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 40056 Jun 19  2018 /bin/readlink
/bin/readlink: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 26264 Jun 19  2018 /bin/basename
/bin/basename: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 32720 Jun 19  2018 /usr/bin/id
/usr/bin/id: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 25528 Sep 23  2011 /usr/bin/which
/usr/bin/which: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 366848 Mar 21  2017 /usr/bin/wget
/usr/bin/wget: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 134504 Apr  3  2017 /usr/bin/curl
/usr/bin/curl: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 303440 Jun 19  2018 /usr/bin/readelf
/usr/bin/readelf: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
-rwxr-xr-x. 1 root root 178616 May 10  2016 /usr/bin/eu-readelf
/usr/bin/eu-readelf: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped

Command run to produce the error

Running checksec --kernel in Centos6 should suffice.

OS version and Kernel version

centos6 2.6.32-754.9.1.el6.x86_64 #1 SMP Thu Dec 6 08:02:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Debug output

Same as --kerel output.
@slimm609
Copy link
Owner

json is fixed in the upcoming release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@slimm609 @nettrino